- Apr 24, 2016
- 7,233
@Andy Ful Are you planning to release an update for Simple Windows Hardening?
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Yes, probably in May or June.
- Apr 24, 2016
- 7,233
May I suggest the 27th of May, it would be great birthday present
- Nov 15, 2017
- 1,083
I am testing the beta and works very well with SAC activated, the only thing I noticed are many restart orders after adding to the white list. But everything works as it should. Thank you so much. All the best.
- Apr 24, 2016
- 7,233
@Andy Ful Every time you open Hard_Configurator (beta 6.1.1.1) and don't change a thing (looking at the logs for example) and press close Hard_Configurator ask you to restart the computer to apply the new configuration.
But there is no new configuration, so this message shouldn't be shown.
EDIT: Same issue with the switch default deny tool.
But there is no new configuration, so this message shouldn't be shown.
EDIT: Same issue with the switch default deny tool.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
I know. It is one of two minor bugs I noticed so far. The second is "Wdded" instead of "Added" in the "What is new" info.
I will push a second beta at the end of April.
- Nov 15, 2017
- 1,083
After several of these messages and something about the SRP giving the option to continue and reconfigure everything again, I decided to uninstall it.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
You had executed H_C with -p switch (not recommended), so it started blocking processes with admin rights. Next, you tried to start H_C without -p switch, so H_C showed the alert with 3 choices: <RESTART WINDOWS>, <CHANGE and EXIT>, <EXIT>.
If you want to run H_C when blocking admin processes then H_C must be run with -p switch (one can edit the CmdLines in the H_C and SwitchDefeaultDeny shortcuts).
If you want to stop H_C from blocking admin processes, you must choose <RESTART WINDOWS> from the alert (it is noted as a recommended action because blocking admin processes can produce some issues - this setting must be used with caution and only by very experienced users ).
The details are in the manual in the section ENFORCEMENT FOR "ALL USERS" (experimental feature).
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
After some investigations, I found out why SRP is turned off after creating the Child Account via Microsoft Family Safety.
This issue was discovered several years ago, but no one (as far as I know) could explain it.
The reason is simple. After creating the Child Account, some AppLocker Policies are added. But, these policies are not introduced via GPO, because AppLocker GPO could not work on Windows Home and Pro until the year 2022.
Microsoft Family Safety uses AppLocker via MDM WMI Bridge, which is possible with Windows 7+ on all Windows editions (including Windows Home and Pro).
Unfortunately, after removing the Child Account the AppLocker Policy files are not removed (unpleasant bug)! So, in the case of Family Safety, the issue will persist, until the policy files are manually removed.
The current beta version of H_C can detect the issue and show the alert about AppLocker Policies. Furthermore, the SRP restrictions from the left panel are deactivated (but not removed from the Registry):
After removing the AppLocker Policies, the H_C left panel is activated again.
In fact, this issue is similar to the SRP issue on Windows 11 ver. 22H2. In both cases, it is caused by some AppLocker rules invisible via GPO.
Conclusion.
The SRP issues related to Windows 11 and Family Safety are not entirely new and are not related to the new security features implemented in Windows 11. The roots of these issues are related to AppLocker, and the full functionality of SRP can be easily recovered.
This issue was discovered several years ago, but no one (as far as I know) could explain it.
The reason is simple. After creating the Child Account, some AppLocker Policies are added. But, these policies are not introduced via GPO, because AppLocker GPO could not work on Windows Home and Pro until the year 2022.
Microsoft Family Safety uses AppLocker via MDM WMI Bridge, which is possible with Windows 7+ on all Windows editions (including Windows Home and Pro).
Unfortunately, after removing the Child Account the AppLocker Policy files are not removed (unpleasant bug)! So, in the case of Family Safety, the issue will persist, until the policy files are manually removed.
The current beta version of H_C can detect the issue and show the alert about AppLocker Policies. Furthermore, the SRP restrictions from the left panel are deactivated (but not removed from the Registry):
After removing the AppLocker Policies, the H_C left panel is activated again.
In fact, this issue is similar to the SRP issue on Windows 11 ver. 22H2. In both cases, it is caused by some AppLocker rules invisible via GPO.
Conclusion.
The SRP issues related to Windows 11 and Family Safety are not entirely new and are not related to the new security features implemented in Windows 11. The roots of these issues are related to AppLocker, and the full functionality of SRP can be easily recovered.
I seem to be facing a problem, whenever I double click any file in appdata's sub-directories, its somehow bypassing the SRP, without having to right click and bypass smartscreen. despite the fact this is not only at default settings, but ive also never whitelisted those directories. It's both for Local and Roaming, but not for LocalLow. I have never experienced something like this with H_C before, I only noticed it when Java wasn't blocked, as it used to be, when trying to run Minecraft, as it's located in Appdata Local's subdirectories. I have reinstalled H_C, and reverted to Recommended settings, and I still the same result.
Last edited by a moderator:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
In the Recommended Settings on Windows 8+, the folders AppData and ProgramData allow the execution of *.exe and *.msi files (other file types are blocked) except for some temporary locations used by archiving applications and email clients. The reasons/pros/cons are explained in the H_C manual (look into the section RECOMMENDED SETTINGS). This is how Recommended Settings work from ver. 5.0.0.1.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Hard_Configurator ver. 6.1.1.1 (beta 2) - support for Windows 22H2.
https://github.com/AndyFul/Hard_Configurator/raw/master/Hard_Configurator_Beta2_6.1.1.1.exe
It can be installed over the previous versions. Please read the information included in the Quick Configuration info displayed during the installation. No important differences from the previous beta except for some corrected bugs.
What is new (as compared to the stable version 6.0.1.1):
https://github.com/AndyFul/Hard_Configurator/raw/master/Hard_Configurator_Beta2_6.1.1.1.exe
It can be installed over the previous versions. Please read the information included in the Quick Configuration info displayed during the installation. No important differences from the previous beta except for some corrected bugs.
What is new (as compared to the stable version 6.0.1.1):
| 1. Added support for Windows 11 ver. 22H2 | |
| 2. Added new setting profiles: | |
| Windows_11_SAC_ON_Recommended_Settings.hdc | |
| Windows_11_SAC_ON_NoSRP.hdc | |
| 3. Added certoc.exe, cipher.exe, pnputil.exe, and scp.exe to the list of blocked sponsors. | |
| 4. Added the ONE extension (OneNote document). | |
| 5. Removed the OFF2 option in the DocumentsAntiExploit tool. Now, ON2 settings include also all ON1 settings. | |
| ON2 settings require resetting (ON2 --> OFF --> ON2) after the current update. | |
| 6. Updated H_C manual (info about possible issues related to the activated AppLocker). | |
| 7. Corrected some minor bugs. |
Last edited:
Thats the thing, I never experienced this before. I have been using the 6.0.1.1 before, and it always blocked files in the appdata folder(s) unless you whitelist appdata.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
When you install the update over the older H_C version, the old settings are not changed (with some rare exceptions). The Recommended Settings are automatically installed when:
- H_C is installed the first time.
- H_C was uninstalled and installed again.
- The user removed the H_C settings via <Tools><Restore Windows Defaults> and then runs H_C again.
- The user pressed the button <Recommended Settings>.
Please read the info from the H_C manual and choose the setting profile which is best for you.
Last edited:
Thank you, the strict settings was what I were looking for.
- Apr 16, 2017
- 2,576
well I dunno, I tried some keyloggers in more remote past, and they seemed unusable to me. Maybe some are better now-a-daysIt is not bad advice ...
but unnecessary here.
hopefully current AVs and H_C or SWH help with anti-keylogging??
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
H_C (SWH) is a preventive setup. So, it can prevent the installation/execution of the keylogger.well I dunno, I tried some keyloggers in more remote past, and they seemed unusable to me. Maybe some are better now-a-days
The H_C is not intended to fight the keylogger already running in memory. Of course, some of the keylogger's actions can still be mitigated by advanced Defender settings, blocking remote features, and by FirewallHardening but one cannot count it as a comprehensive anti-keylogging.
- Feb 7, 2023
- 2,349
I think what @Harputlu meant there on that thread (judging by their previous posts in regards to CheckPoint/ZoneAlarm as well) is one of these keystroke encryption methods that’s been in G Data, ZoneAlarm, Kaspersky and potentially other products for quite some time.
They aim to mitigate the damage if keylogger infection is successful but the objective of Hard_Configurator is to prevent any infection by disabling the point of entry.
Keylogging mitigation (or other mitigations such as anti ransomware that auto-copies files in repository and restores them post-infection) are not necessary.
So it is not relevant to this thread in any way.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Hard_Configurator ver. 6.1.1.1 (beta 3)
Some additional checks have been added, to avoid potential problems with misconfigured AppLocker.
Some additional checks have been added, to avoid potential problems with misconfigured AppLocker.
- Aug 19, 2019
- 1,157
Nice one, look forward to testing it. I had a anomaly with Thunderbird downloading messages taking longer that without H_C installed but still investigating as to whether it's a H_C, FirewallHardening or ConfigureDefender related thing.
Anyway, looking forward to trying out the new beta
Similar threads
-
- Sticky
