Hard_Configurator - Windows Hardening Configurator

[simmerskool]

@Andy Ful -- question without going into details at this point, assume a user ran H_C from admin acct several months ago, also assume some time later same user in sua forgot he ran H_C and installed SWH as run as admin, then assume user recently logged into admin acct to install a new security app, and opened H_C and saw that it appeared that H_C had hardened the system, so before installing new security app, user used H_C tools | restore windows default, rebooted, then installed new app. all running well after this new installation. then user logged in sua and realized he had run SWH in the past.
Question: when in admin acct and re-setting H_C to windows default, would that have also reset to windows default and actions that SWH would have previously done?? Assume all assumptions are true, duh... (longer story how this happened but not really relevant imo )

 

[Andy Ful]

@Andy Ful -- question without going into details at this point, assume a user ran H_C from admin acct several months ago, also assume some time later same user in sua forgot he ran H_C and installed SWH as run as admin, then assume user recently logged into admin acct to install a new security app, and opened H_C and saw that it appeared that H_C had hardened the system, so before installing new security app, user used H_C tools | restore windows default, rebooted, then installed new app. all running well after this new installation.

After that both SWH and H_C are uninstalled.

then user logged in sua and realized he had run SWH in the past.
Question: when in admin acct and re-setting H_C to windows default, would that have also reset to windows default and actions that SWH would have previously done??

Yes.

 

[simmerskool]

After that both SWH and H_C are uninstalled.


Yes.

Excellent, great tools but not FOOLproof, duh...

 

[South Park]

ALERT: When I visited hard-configurator[.]com just now in Firefox 113, the site tried to install a fake search add-on from get[.]thesafersearch[.]com, which I dutifully added to my grayware blocklist.

 

[ErzCrz]

ALERT: When I visited hard-configurator[.]com just now in Firefox 113, the site tried to install a fake search add-on from get[.]thesafersearch[.]com, which I dutifully added to my grayware blocklist.

Blocked by my uBlock Origin in Firefox and Tracker Blocked in Edge.

Spoiler: uBO blocks

Anyway, we know that site hasn't been updated or active/managed for some time now but worth advising the owner.

 

[oldschool]

ALERT: When I visited hard-configurator[.]com just now in Firefox 113, the site tried to install a fake search add-on from get[.]thesafersearch[.]com, which I dutifully added to my grayware blocklist.

Yes, I get different redirects with each visit. Rely only on GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS and this thread for reliability and safety.

 

[oldschool]

@South Park @ErzCrz That page is also blocked by

 

[South Park]

@oldschool @ErzCrz I use uBO with all the default filterlists, but nothing stopped that weird add-on site from loading on my side.

 

[Gandalf_The_Grey]

@oldschool @ErzCrz I use uBO with all the default filterlists, but nothing stopped that weird add-on site from loading on my side.

Do you have "uBlock filters – Badware risks" enabled?
Blocks it for me.

 

[ForgottenSeer 97327]

NextDNS with OISD.nl does block redirect when visiting hardconfigurator.com, web extensions are not the best mechanism to block bad URL's

Seems somebody has his website hacked or could not resist a good offer

 

[upnorth]

The old Hard_Configurator website: is now discontinued and not supported by the author.

GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS

GUI to Manage Software Restriction Policies and harden Windows Home OS - AndyFul/Hard_Configurator

github.com

VirusTotal

VirusTotal

www.virustotal.com

But correct, it does re-direct. Did not notice any automated malicious installs, but 100% for sure random spam/scam. Recommended to submit to your AV vendor. With the latest stable Firefox, it automatic blocks the https url. That's a good sign. Btw, @Andy Ful can hopefully answer best about his previous site.

Thanks for the confirmation posts.

 

[harlan4096]

I get this when I try to visit hxxps:// hard-configurator . com

 

[Andy Ful]

This domain was bought by @askalan (previous MT member) several years ago to support the Hard_Configurator project. But it expired about one year ago, and now someone else is trying to reuse it for malicious purposes.
Thanks for reporting this issue. About a year ago, I added the info that this domain is discontinued and not supported by me. But, it is time to add the info that this domain is reused by malicious actors.

 

[gonza]

Sadly, is a common practice: there are people who buy domains and then try to sell them to make a profit.

In this case is Nanci Nette, and it seems that she is known to do this. This is a Reddit from 7 years ago:

And here are some domain dispute cases against her: Nanci Nette: Domain Name Dispute Cases Filled Against Nanci Nette | DNDisputes.com

You can open a dispute and since you also have a tool/software with that name, you will probably win.

Btw, hardconfigurator.com is available:

 

[oldschool]

In this case is Nanci Nette, and it seems that she is known to do this.

What a bad fake name that is. Nanci Nette.

 

[Andy Ful]

I contacted with DNDisputes via their contact web page:

The domain hard-configurator.com is currently used in malvertising when someone wants to get information about the Hard_Configurator application developed by me.

The dev. website of Hard_Configurator:

Hard_Configurator/README.md at master · AndyFul/Hard_Configurator

GUI to Manage Software Restriction Policies and harden Windows Home OS - Hard_Configurator/README.md at master · AndyFul/Hard_Configurator

github.com

Can you do something to prevent abusing this domain?

I am waiting for the response.

 

[Andy Ful]

Unfortunately, the hard-configurator.com domain is still present on Softpedia as a homepage. I must contact them to correct it.

 

[South Park]

NextDNS with OISD.nl does block redirect when visiting hardconfigurator.com, web extensions are not the best mechanism to block bad URL's

View attachment 275591

Seems somebody has his website hacked or could not resist a good offer

I have both the uBO Badware filters and AdGuard DNS (which I think uses OISD), so I'm really surprised that I got served a malvertising page. I even checked to make sure I hadn't set anything in Trusted Sites.

 

[Andy Ful]

Google shows this domain as the second most popular one when searching for Hard_Configurator:

*******************************************************************************************************************
*******************************************************************************************************************

Bing is more resistant to such tricks and the abused domain hard-configurator.com can be seen as the 20 entry on the search list.

 

[wat0114]

uBO blocked it when I attempted to navigate to the malvertising page...



EDIT

even if I attempt to proceed to the page, it doesn't connect because I block remote port http (80) ipv4 with the firewall.