Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

Try to run on Win 7 x64 in VM, but got this pop-up:
View attachment 126387

Bug corrected. Ready to download on GitHub - new executables are in the zipped archive corrected_bugs.zip . This error is revelant to Windows 7 and Windows Vista.

 

[Andy Ful]

I think that two improvements should be added to the new Hard_Configurator build:

1. SRP blacklisted, writable subfolders of C:\Windows.
For example for Windows 7:
c:\windows\debug\WIA
c:\windows\Registration\CRMLog
c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
c:\windows\System32\com\dmp
c:\windows\System32\FxsTmp
c:\windows\System32\spool\drivers\color
c:\windows\System32\spool\PRINTERS
c:\windows\System32\Tasks
c:\windows\SysWOW64\FxsTmp
c:\windows\SysWOW64\Tasks
c:\windows\SysWOW64\com\dmp
c:\windows\Tasks
c:\windows\Temp
c:\windows\tracing
2. Option for whitelisting files/folders by path.

I hesitated about point 2., because of the possible drive by loophole. But if the user uses the Web browser with Sandbox (like Edge or Chrome), then this option can be a good compromise between usability and security.
Personally, I would avoid programs that should be whitelisting by path in the User Space. There are many other applications to choose that works well without it.

 

[Av Gurus]

Also one thing i notice in Win 7 (btw I don't use Win 7 but for user that do use).
Run as Admin is removed, how can they run app with admin right?
In Win 10 there is Run by Smartscan, but in Win 7 can't be.

 

[Andy Ful]

Thanks. This is for restricting inexperienced users from installing new programs and using some system tools - for example 'Command Prompt (Administrator)'. It depends on the experienced user, which level of restrictions should be applied.
But I must rethink that option, because probably the same thing may be achieved, simply by creating Standard User Account for the inexperienced user.

 

[Andy Ful]

Hiding 'Run As Administrator' from Explorer context menu (Windows 7 and prior versions), can be convenient, when the inexperienced user (child) runs the programs installed in the System Space, that need elevation. But, his/her knowledge is insufficient to install new programs or run some system tools with Administrative Rights.
In Windows 8+ this can also be done, by hiding 'Run As Administrator' and turning 'OFF' the 'Run As Smartscreen' option.

 

[Andy Ful]

I made an error with the file submission, so I have to submit it again. Now, Hard_Configurator executables are recognized as clean.
Submission History Details

 

[Av Gurus]

So this link in first post is ok for download?

 

[Andy Ful]

So this link in first post is ok for download?

Yes, it is. Also, the new version is nearly finished, and will be submitted to GitHub in the next week.

 

[Av Gurus]

What is new/better?

 

[Andy Ful]

1. SRP blacklisted, writable subfolders of C:\Windows (hardcoded).
2. Option for whitelisting files/folders by path.

 

[Av Gurus]

Any news about final v2.0?

 

[LightWave]

I'm new... greetings =]

HELP! - (nice tool), but I've made an error, hopefully not fatal (please!) as all my data is still on the drive - I didn't make a retore point before using this... :S stupid.

I clicked on "TURN ON All Restrictions" :-( - realizing my mistake I tried to run the tool again, but nothing will run now.

My laptop screen soon went dark, so have rebooted only to be presented with a blue screen of death.

"Your pc ran into a problem and needs to restart" - "were just collecting some error info then we will restart for you".
Stop code: Critical Process died.

Then another blue screen appears and reports:

Your Pc couldn't start properly.
A required device isn't connected or can't be accessed.
- Error code: 0xc0000225

Press Enter to try again.
Press F8 for start-up Settings
Press Esc for UEFI Fireware settings


Pressing F8 and selecting any of the safe mode options does not work, screen goes dark.
I really would appreciate any wizards help to get me out of this fix - cheers.
:-( (lesson learned)

Win 10 Home 32 bit
Asus X205TA

 

[Andy Ful]

I'm new... greetings =]

HELP! - (nice tool), but I've made an error, hopefully not fatal (please!) as all my data is still on the drive - I didn't make a retore point before using this... :S stupid.

I clicked on "TURN ON All Restrictions" :-( - realizing my mistake I tried to run the tool again, but nothing will run now.

My laptop screen soon went dark, so have rebooted only to be presented with a blue screen of death.

"Your pc ran into a problem and needs to restart" - "were just collecting some error info then we will restart for you".
Stop code: Critical Process died.

Then another blue screen appears and reports:

Your Pc couldn't start properly.
A required device isn't connected or can't be accessed.
- Error code: 0xc0000225

Press Enter to try again.
Press F8 for start-up Settings
Press Esc for UEFI Fireware settings


Pressing F8 and selecting any of the safe mode options does not work, screen goes dark.
I really would appreciate any wizards help to get me out of this fix - cheers.
:-( (lesson learned)

Win 10 Home 32 bit
Asus X205TA

It is very strange. The error "A required device isn't connected or can't be accessed." points to some device problems. Please unplug all external devices (pendrives, USB disks, Memory Cards, printer, etc.), and restart computer.

 

[Andy Ful]

Any news about final v2.0?

The new version is ready, but I am still struggling with the manual and help files.
I think that the help info will be understandable for everyone except native English speakers.

 

[LightWave]

It is very strange. The error "A required device isn't connected or can't be accessed." points to some device problems. Please unplug all external devices (pendrives, USB disks, Memory Cards, printer, etc.), and restart computer.

Hi thanks for your reply.
Nope, there is no device problems it all been working fine right upto this point.

I was looking at this... Secure Windows - Software restriction Policies to Windows Home

...so I installed Startup Sentinel first then saw your reply for the "GUI to configure SRP in Windows Home", option (but forgot to make a system retore point first before I used it) ... i ended up clicking on "TURN ON All Restrictions".. and at that point, it all went sideways.

Many thanks indeed or any help.

 

[Andy Ful]

Hi thanks for your reply.
Nope, there is no device problems it all been working fine right upto this point.

I was looking at this... Secure Windows - Software restriction Policies to Windows Home

...so I installed Startup Sentinel first then saw your reply for the "GUI to configure SRP in Windows Home", option (but forgot to make a system retore point first before I used it) ... i ended up clicking on "TURN ON All Restrictions".. and at that point, it all went sideways.

Many thanks indeed or any help.

Have you tried to unplug external devices? One of Hard_Configurator options blocks execution from external devices.

 

[LightWave]

Yep there are no external devices, usb, sd cards etc.

 

[Andy Ful]

I think that something is blocking a driver from loading. Have you got some earlier restore points?

 

[LightWave]

I dont think sytem restore was even switched on.... I'm not being given any option to access it when pressing F8.

...the safe mode options are not working.. :-(

...haven't tried these ones yet though.

7. Disable driver signature enforcement.

8. Disable early launch anti-malware protection.


...should I try "Disable driver signature enforcement"?

would a usb recovery tool work do you think?

cheers.

 

[Andy Ful]

I dont think sytem restore was even switched on.... I'm not being given any option to access it when pressing F8.

...the safe mode options are not working.. :-(

...haven't tried these ones yet though.

7. Disable driver signature enforcement.

8. Disable early launch anti-malware protection.


...should I try "Disable driver signature enforcement"?

would a usb recovery tool work do you think?

cheers.

Yes, you can try first: Disable driver signature enforcement.