Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

I cannot recommend any protection (including H_C) without the installed popular AV.
The exception could be a scenario when you do not install new applications and use H_C in the lockdown mode on SUA (no RunBySmartscreen). But, such a setup is user-unfriendly.
The known (older) methods of disabling Microsoft Defender do not work. The only method is installing another AV.

 

[pxxb1]

I cannot recommend any protection (including H_C) without the installed popular AV.
The exception could be a scenario when you do not install new applications and use H_C in the lockdown mode on SUA (no RunBySmartscreen). But, such a setup is user-unfriendly.
The known (older) methods of disabling Microsoft Defender do not work. The only method is installing another AV.

Not only, Andy.
Defender Control by Sordum can accomplish a disabling.

 

[Andy Ful]

Not only, Andy.
Defender Control by Sordum can accomplish a disabling.

It cannot do it permanently, but only for some time (usually until the Windows restart).
Here is also an important note from the developer:

Microsoft does not want Defender to be turned off completely. Therefore, when defender is turned off, windows update or windows component is trying to repair Defender and as a result Defender may become corrupt. Of course a malicious program may also corrupt Defender completely. (If there is no different security software in windows, when Defender is turned off)
Microsoft is constantly taking new measures because it does not want Defender to be turned off. There is a possibility that Windows Defender may be corrupted among these measures. Therefore We will no longer update this program
Sordum.org Team

I use sometimes Defender Control to clean the corrupted Defender's Protection History.

 

[pxxb1]

It cannot do it permanently, but only for some time (usually until the Windows restart).
Here is also an important note from the developer:


I use sometimes Defender Control to clean the corrupted Defender's Protection History.

I remember that info and situation from the past, but as far as i know they continued the development later on. Looking at their site now, i can not find the info you posted.

I use it without problems on a pc.

 

[Andy Ful]

Looking at their site now, i can not find the info you posted.

Scroll down (the last note).
The last version is almost 2 years old.

 

[skiper]

Thank you very much! It was an option to make the laptop a bit faster.

Windows Defender on MAX has excellent embedded code protection for mail and office documents. Windows Defender on Max uses less CPU than WD on High or High+ and acts as a cloud whitelist for executable's. The weak point of (the very strong cloud whitelist) is that it is a huge and massive whitelist (a smaller whitelist is a more secure whitelist) and it has a very limited (only the ASR part) parent-child process monitor to deal with staged attacks.

If this is true and I use WD on MAX is H_C Recommended Settings still needed or is Windows_10_Basic_Recommended_Settings enough? Is any option in Firewall Hardening required?

 

[pxxb1]

Scroll down (the last note).
The last version is almost 2 years old.

There it was. Sad news.

 

[ForgottenSeer 107474]

Thank you very much! It was an option to make the laptop a bit faster.


If this is true and I use WD on MAX is H_C Recommended Settings still needed or is Windows_10_Basic_Recommended_Settings enough? Is any option in Firewall Hardening required?

I don't know these H_C config's by head. sorry
I use WD on Max with H_C in SWH mode (allowing EXE, TMP and MSI to run) with Sponsors "blocking scriptors" and blocking all Lolbins with firewall hardening. This config runs problem free since end of 2019, but I am not a very risky surfer.

 

[oldschool]

If this is true and I use WD on MAX is H_C Recommended Settings still needed or is Windows_10_Basic_Recommended_Settings enough?

This provides plenty of protection.

Is any option in Firewall Hardening required?

Not necessarily, unless you want to really lock down protection further. Frankly, I use Defender with maximum settings and firewall hardening rules and nothing else. No SWH or H_C here.
You can see here Hard Configurator - may 2019 report and other tests in the Malware Hub.
Hard Configurator Malware Hub Tests

 

[Andy Ful]

If this is true and I use WD on MAX is H_C Recommended Settings still needed or is Windows_10_Basic_Recommended_Settings enough? Is any option in Firewall Hardening required?

There is no good answer to which config is enough for a particular user. The config is always a compromise between your habits, expectations, and security.
How much time do I spend on risky activities?
Do I plan to install new software?
Do I know which file types I open, after downloading them from the internet, flash drives, or from the sources shared with others?
Do I know how to open safely the documents downloaded from the internet, flash drives, or from the sources shared with others?
Am I a scam-prone person?
Am I a happy clicker?
Am I irritated when sometimes there are 1 sec slowdowns?

The person who answers:
close to 0, very rarely, yes, yes, no, no, yes
can simply use Microsoft Defender or another AV on default settings.

 

[skiper]

I don't know these H_C config's by head. sorry
I use WD on Max with H_C in SWH mode (allowing EXE, TMP and MSI to run) with Sponsors "blocking scriptors" and blocking all Lolbins with firewall hardening. This config runs problem free since end of 2019, but I am not a very risky surfer.

I installed H_C because I thought default-deny without WD might be a solution, Andy Ful said better not.
I uninstalled H_C and opened SWH but I don't know where to go and what to change to get to your configuration.

Frankly, I use Defender with maximum settings and firewall hardening rules and nothing else. No SWH or H_C here.

By "firewall hardening rules" do you mean only FirewallHardening ADD LOLBins?
I noticed that LOLBins includes everything. Am I wrong? After I put LOLBins and put MS Office or Recommanded H_C it doesn't add anything at the end of the line.

Why Windows 10 Sucks or Everything Wrong with Microsoft Windows

Just another day in Windows user-land: Why Windows 10 sucks or Everything Wrong with Microsoft Windows Use Chromebook. You will be better off.

malwaretips.com

In my search for ideas I found the link above. It got me thinking, because I have Windows 10 Home on my laptop. Seems a bit faster than Pro, but from what Andy Ful wrote it seems like the wrong choice. Is it worth swapping it for Pro?

 

[ForgottenSeer 107474]

There is no good answer to which config is enough for a particular user. The config is always a compromise between your habits, expectations, and security.
How much time do I spend on risky activities?
Do I plan to install new software?
Do I know which file types I open, after downloading them from the internet, flash drives, or from the sources shared with others?
Do I know how to open safely the documents downloaded from the internet, flash drives, or from the sources shared with others?
Am I a scam-prone person?
Am I a happy clicker?
Am I irritated when sometimes there are 1 sec slowdowns?

The person who answers:
close to 0, very rarely, yes, yes, no, no, yes
can simply use Microsoft Defender or another AV on default settings.

Although true, that is a rational answer, but security (and insecuritty) is an emotion. Although I may have installed only two or three new prgrams in the last four years and am not a risky surfer, it feels better using CD on MAX and blocking risky file textension and scriptors execution for standards users and blocking all LilBins going outbound

 

[ForgottenSeer 107474]

@skiper
No I used Hard_Configurator. In the allow by path section, you can allow EXE, TMP and MSI (these are standard options) to put H_C in SWH mode.

 

[skiper]

No I used Hard_Configurator. In the allow by path section, you can allow EXE, TMP and MSI (these are standard options) to put H_C in SWH mode.

SWH Manual: "Generally, SWH applies the Windows_10_Basic_Recommended_Settings"
This profile, WD on Max and FirewallHardening ADD LOLBins, anything else I need to add to have a similar config as yours?

I feel like a little kid who got a new toy.

 

[Andy Ful]

Although true, that is a rational answer, but security (and insecuritty) is an emotion. Although I may have installed only two or three new prgrams in the last four years and am not a risky surfer, it feels better using CD on MAX and blocking risky file textension and scriptors execution for standards users and blocking all LilBins going outbound

Yes, the emotions can matter.

 

[ForgottenSeer 107474]

SWH Manual: "Generally, SWH applies the Windows_10_Basic_Recommended_Settings"
This profile, WD on Max and FirewallHardening ADD LOLBins, anything else I need to add to have a similar config as yours?

I feel like a little kid who got a new toy.

I think your are good to go
You might consider signing up NextDNS for a free account.

 

[oldschool]

In my search for ideas I found the link above. It got me thinking, because I have Windows 10 Home on my laptop. Seems a bit faster than Pro, but from what Andy Ful wrote it seems like the wrong choice. Is it worth swapping it for Pro?

It's a matter of preference, but I prefer Pro as I setup Defender advanced settings via Group Policy. My config is set and forget, no conflicts, etc.

 

[skiper]

I don't know if I've got it right and I want to be sure. If I add Windows_10_Basic_Recommended_Settings and Switch OFF/ON SRP along with Switch OFF/ON Restrictions are set to blue, does the Windows_10_Basic_Recommended_Settings profile completely cancel and I am left with ConfigureDefender and FirewallHardening or am I left with nothing?

Because I want to start like oldschool with just CD MAX and FirewallHardening ADD LOLBins and over time add selectively if needed.

 

[Andy Ful]

I don't know if I've got it right and I want to be sure. If I add Windows_10_Basic_Recommended_Settings and Switch OFF/ON SRP along with Switch OFF/ON Restrictions are set to blue, does the Windows_10_Basic_Recommended_Settings profile completely cancel and I am left with ConfigureDefender and FirewallHardening or am I left with nothing?

Yes and No, depending on what you mean by "completely cancel". The settings are deactivated (except ConfigureDefender and FirewallHardening), but they are remembered and stored in the Registry. Run ConfigureDefender and FirewallHardening to see which settings are currently applied.

 

[skiper]

Yes and No, depending on what you mean by "completely cancel". The settings are deactivated (except ConfigureDefender and FirewallHardening), but they are remembered and stored in the Registry. Run ConfigureDefender and FirewallHardening to see which settings are currently applied.

That's what I'm interested in, if the profile is disabled, if it stays in the registy there is no problem.

I noticed that there are also separate ConfigureDefender and FirewallHardening. But it seems easier via H_C because they are all together and there is also RunBySmartscreen. If you want to be more cautious besides CD MAX and FirewallHardening ADD LOLBins.

Thanks