Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

Hello !

what is this "turn ON advanced SRP logging" ?
if I enable, whats happen ? Windows 11 stay usable easily ?

Thanks

View attachment 279246

You can find the info about TOOLS options in the Hard_Configurator manual:
Hard_Configurator - Manual.pdf ---> TROUBLESHOOTING >> Using TOOLS

The option "Turn ON Advanced SRP logging" is rarely needed. You can keep it turned off - it turns on some additional event logging (uses more resources).

 

[sypqys]

Thank you

 

[Xeno1234]

This tool seems interesting to harden security on my PC. I currently using Kaspersky and wonder if I should switch to using this.

 

[Andy Ful]

This tool seems interesting to harden security on my PC. I currently using Kaspersky and wonder if I should switch to using this.

Yes, it does not depend much on the concrete AV. With Kaspersky, you must skip the ConfigureDefender option which is for Microsoft Defender.
Use recommended settings for some weeks to see how H_C works.

 

[Xeno1234]

Yes, it does not depend much on the concrete AV. With Kaspersky, you must skip the ConfigureDefender option which is for Microsoft Defender.
Use recommended settings for some weeks to see how H_C works.

I also utilize Kaspersky Default Deny, or @harlan4096 configuration. Would there be any benefit alongside that?

 

[Andy Ful]

I also utilize Kaspersky Default Deny, or @harlan4096 configuration. Would there be any benefit alongside that?

I rater thought about Kaspersky free. If you can apply the @harlan4096 settings, then you can skip H_C.
In theory, you could use H_C to block SMB protocols, remote features, scripting engines, and some LOLBins to mitigate the fileless attack vectors started by exploits. But, I do not think that you need such type of security.

 

[Vasudev]

@Andy Ful Any idea why Firewall Hardener blocks network access to .cmd scripts even after making it inactive. The site I'm trying to access is UUP dump to download ARM64 and amd64 builds of Win 10 and 11. I do have Tamper Protection enabled in Win Defender.

 

[Andy Ful]

@Andy Ful Any idea why Firewall Hardener blocks network access to .cmd scripts even after making it inactive.

FirewallHardening does not block Internet access to .cmd scripts. It can block the outbound connections of executables. If the .cmd script runs an executable that is on the BlockList, the connection will be blocked. You must look at the FirewallHardening Log to see what has happened:

 

[Vasudev]

FirewallHardening does not block Internet access to .cmd scripts. It can block the outbound connections of executables. If the .cmd script runs an executable that is on the BlockList, the connection will be blocked. You must look at the FirewallHardening Log to see what has happened:

View attachment 279853

It seems powershell was being blocked. Had to deactivate the rules in System32 and SysWOW64 and a reboot to get it working.

 

[Andy Ful]

It seems powershell was being blocked. Had to deactivate the rules in System32 and SysWOW64 and a reboot to get it working.

What did use the PowerShell for outbound connections? Do you really need such an application?

 

[ForgottenSeer 103564]

If no one has told you lately, thank you for setting the standard of how a Developer should act and treat others. I wish you much luck with your product and those that use it.

 

[Andy Ful]

Thanks.

 

[ForgottenSeer 103564]

Thanks.

Anytime. I have much respect for your ability to be humble, given your level of knowledge and your approach to users at all times. It literally sets a standard all developers should strive for. The fact you do not even charge money to use your product which means all your time is voluntary speaks tremendous volumes as well.

You should be thanked more often.

 

[sypqys]

Hello !

why I have that ?
Any idea ?

edit : if I have made a restoration of my Windows, I will be able to reinstall SRP ?


Thanks

 

[Andy Ful]

Hello !

why I have that ?
Any idea ?
View attachment 280939
edit : if I have made a restoration of my Windows, I will be able to reinstall SRP ?


Thanks

SwitchDefaultDeny is a part of Hard_Configurator. What can you see when running H_C?

 

[sypqys]

SwitchDefaultDeny is a part of Hard_Configurator. What can you see when running H_C?

I have to re enable the SRP.
I have do that, and all is OK.

 

[Xeno1234]

Is there any way for me to disable the .exe default deny in HC? I have it set up through Kaspersky.

 

[Gandalf_The_Grey]

Is there any way for me to disable the .exe default deny in HC? I have it set up through Kaspersky.

You can, please read the manual:
Basic_Recommended_Settings on Windows 8+".

This is a predefined setting profile that allows EXE (TMP) and MSI files globally. The scripts, shortcuts and other files with unsafe extensions are still blocked by default in UserSpace. On the contrary to the Recommended Settings, shortcuts are allowed in the Startup folder. This profile can harden Windows 8+ while maintaining maximum functionality and compatibility. It could be probably called Recommended Settings for cautious users.

 

[Andy Ful]

Is there any way for me to disable the .exe default deny in HC? I have it set up through Kaspersky.

Yes, If you have in mind allowing all EXE files in H_C:

If you want to allow all EXE and MSI files, then additionally use "Allow MSI" option.

You can also load one of predefined profiles:
A predefined settings profile "Windows_10_Avast_Hardened_Mode_Aggressive.hdc" allows EXE files in H_C and keeps other recommended settings.
A predefined settings profile "Windows_10_Basic_Recommended_Settings.hdc" allows EXE + MSI files in H_C and keeps other recommended settings.

 

[skiper]

Hello, I am currently testing Hard_Configurator without Windows Defender. And it will probably stay that way.

Hard_Configurator - January 2019 Report

Disclaimer: Experimental setup for testing the effectiveness of Windows SmartScreen and script restrictions against 0-day malware samples. This test is suitable for users with more knowledge about Windows built-in security features. changed configuration from 7 January 2019: 1. Containment...

malwaretips.com

I saw this method without AV and I would like to try it on a laptop. I didn't see it add anything from Firewall Hardening, it only uses Hard_Configurator Recommended Settings and only Install By SmartScreen (maybe I'll optionally use VirusTotal if it's something more insecure).

For a system without AV is Hard_Configurator Recommended Settings enough? Or maybe something needs to be added from Firewall Hardening? Or maybe just a more Enhanced/Strict Profile?

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
After restarting Windows, you should get WD turned off.

This is how I shut down Windows Defender. Is it enough?