- Apr 5, 2021
- 621
duckduckgo puts the malicious link 5th on search results typing hard_configurator, Google puts it 3rd. At least Andy's link is first
It is a possibility, during the COVID-19 pandemic between 2020/2021 I lost many friends, there were several, there were some friends who were healthy people, young people between 20 and 30 years old, it was shocking. I lost 4 aunts at once in 2020 and my only grandmother at the age of 98 in just 3 months. After these incidents I was even more sensitive to so many people who died around me and I knew these people some since my childhood, it was shocking, it was surreal, there are no words to describe it, I never imagined that young people, who contracted the new coronavirus, would die, the business was serious, I confess that, as people were dying, I was even paranoid when I was going to leave the house, a certain fear came into me, I thought I would be the next victim if I contracted this virus. I had no problems with COVID-19, but I always respected this new coronavirus, because, I knew that if I contracted COVID-19, and became chronic, it could even lead to death.I never suspected that the website about H_C would gain enough popularity, to be abused in this way. When @askalan decided to create this website, we talked about such a possibility. He is a trustworthy person and I do not know why he disappeared suddenly from MT. I lost contact with him during the COVID-19 period (it would be sad if he was a victim of COVID).
Andy you can't buy this domain or it's not for sale?Please post here, If someone knows what can be done to prevent abusing this domain. It was "Expired" for several months (the paid subscription expired). Currently, it is legally taken by the firm that promotes ADs.
This domain can be used only via the paid subscription, so the actual owner paid for it. For now, It is not for sale.Andy you can't buy this domain or it's not for sale?
I used Hard Configurator and chose the Recommended settings. I also enabled CD High Protection with Block Executables and Firewall Hardening with Recommended HC. Do you have any suggestions? Should I use Recommended HC for Firewall Hardening with HC?
Can recommended HC settings and firewall hardening affect Windows updates, program installs/updates, and connections?
Would it affect the level of comfort?
You are probably not his aunt.No comprende dat video.
I submitted the false positive to Bitdefender. They probably flagged this link due to NirSoft tool FullEventLogView. NirSoft tools are recognized by Bitdefender Enterprise products as HackTools.Bitdefender trafficlight has recognized https://github.com/AndyFul/Hard_Configurator/raw/master/Hard_Configurator_setup_6.1.1.1.exe as malicious
From my experience testing it, it does not completely prevent malware from running Powershell, as I have found it to be running with high CPU usage when launching malware (though I am unsure if Powershell is actually doing anything, as you can't see what happens when the scripts are executed.), despite selecting powershell.exe in sponsors and enabling prevent Powershell script execution, though it does prevent ps1 files from being executed on the disk.Has anyone actually tested if hard configurator (SRP) disturbs chain execution of fileless malware (scripts) from delivering final payload.
Wireshark would be your best friend. Packet capture and analysis as the fileless malware establishes persistence via a back door.From my experience testing it, it does not completely prevent malware from running Powershell, as I have found it to be running with high CPU usage when launching malware (though I am unsure if Powershell is actually doing anything, as you can't see what happens when the scripts are executed.), despite selecting powershell.exe in sponsors and enabling prevent Powershell script execution, though it does prevent ps1 files from being executed on the disk.
I did many times. SRP has been tested for many years by many people. The scripts are blocked, so they cannot deliver anything.Has anyone actually tested if hard configurator (SRP) disturbs chain execution of fileless malware (scripts) from delivering final payload.
A very fair and correct question.Has anyone actually tested if hard configurator (SRP) disturbs chain execution of fileless malware (scripts) from delivering final payload.
Are those test script files 100% empty = dummy rounds?I did many times. SRP has been tested for many years by many people. The scripts are blocked, so they cannot deliver anything.
You can easily test it:
If you ask if SRP can block all possible fileless attack vectors, then the answer is negative. But, almost all vectors can be covered on SUA with the H_C MAX settings.
- Create any *.txt file on the desktop and rename its extension txt ---> bat (Explorer must be tweaked to show file extensions).
- Try to execute this file with a mouse click.
- Try to execute it from the CMD console (do not use Administrator CMD).
- Look into the H_C log of blocked events (the blocks will be visible in the log).
- Repeat points 1-4 for other script extensions (CMD, JS, JSE, VBS, VBE, WSF, WSH, PS1).
When using the Recommended_Settings, one has to also use ConfigureDefender, FirewallHardening, and DocumentsAntiExploit.
Are those test script files 100% empty = dummy rounds?
Another question. Have you seen or heard any updates on your previous domain that went malicious? That I can and will test soon enough.