Hard_Configurator - Windows Hardening Configurator

skiper

Level 1
Apr 6, 2021
16
Sorry for the offtopic but I have one last question that keeps me awake at night. :) I'm thinking that maybe by mistake he left it out.

I use Defender with maximum settings and firewall hardening rules and nothing else. No SWH or H_C here.

Just CD MAX+FirewallHardening with LOLBins and no Run By SmartScreen?
 

skiper

Level 1
Apr 6, 2021
16
If I understand correctly, Sponsors=LOLBins?

I'm thinking of @oldschool configuration.If Sponsors=LOLBins, FirewallHardening ADD LOLBins can be obtained in this way too?

1. Press <Load Profile> and choose All_OFF.hdc
2. Press <(Re)Install SRP>
3. Press <Block Sponsors> <Select All>
4. Apply changes.

There are 178 in total.

Is one better than the other? It is better to block LOLBins from FirewallHardening or Sponsors this way. LOLBins contain the same number?
 

skiper

Level 1
Apr 6, 2021
16
Do the lists have similar content the only difference is how they prevent an attack?

I really wanted to ask you, in your setup do you also run Run By SmartScreen?
 
  • Like
Reactions: simmerskool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
Is one better than the other? It is better to block LOLBins from FirewallHardening or Sponsors this way. LOLBins contain the same number?

Blocking all LOLBins via <Block Sponsors> can be kinda risky for most users. I do not recommend it, as a set-and-forget setup.
I block all LOLBins on one of my wife's computers, but she uses it only for web browsing, watching films, and listening to music.
Blocking outbound connections via FirewallHardening is much less invasive.
 

skiper

Level 1
Apr 6, 2021
16
Well the idea wasn't to be paranoid about blocking everything. :)
I was thinking of something else.

I saw that the Enhanced profiles add 22 Sponsors. But with LOLBins added, do the 22 Sponsors make sense? Or a profile without Enhanced and just with LOLBins? I was thinking maybe they overlap...

I also have a question, does the Recommended Settings of this Default-Deny setup work "like a wall"? If you watch what the SmartScreen warns and don't use the Default Deny Switch to turn it off, you can get infected ? The only weakness may be the SmartScreen if it is tricked?

I mean for example without using Install By SmartScreen, if I have a folder full of all sorts of "viruses" and I pick them up one by one, can anything get past the Default-Deny setup? Are they blocked with the message "This app has been blocked by your system administator"?

Because I'm not good at it and in my head it looks that way. Click click click click and nothing happens :)
 

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,527
also have a question, does the Recommended Settings of this Default-Deny setup work "like a wall"? If you watch what the SmartScreen warns and don't use the Default Deny Switch to turn it off, you can get infected ?
Why don't you start a PC configuration thread and you can get feedback there? As to your question, the recommended settings are plenty secure, but don't go downloading malware files.
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
617
I just went back to H_C from WHHL on Windows 11 21H2 Pro, recently imaged btw, because I like the extra configurability of H_C. I have "High" setting for CF, Disallowed/Skip DLL's for SRP, and Block Sponsors-> Enhanced but not Script interpretors (16 checked) enabled. I might start adding more Sponsors to block, as my Windows needs are simple browsing, some Office like Excel and Word, and a little email. That's about it. Logs can be checked if something doesn't work as expected, so modifications to the Sponsors list can be made if it caused the breakage, and of course SRP and CF rules can be modified as well.

@skiper

you could easily start with Recommended settings as oldschool suggests, then if you like, add additional protections in a piecemeal fashion if you want to enhance security, even if it's not needed.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
I mean for example without using Install By SmartScreen, if I have a folder full of all sorts of "viruses" and I pick them up one by one, can anything get past the Default-Deny setup? Are they blocked with the message "This app has been blocked by your system administator"?

Almost all will be blocked, except files that cannot be blocked (like documents, media files, etc.). The unblocked files will be opened by legal applications, but some of those files can be exploits. If you use MS Office and Adobe Reader, then almost all exploits can be prevented by Defender with ConfigureDefender High, Interactive, or Max settings.

When you use other applications for opening documents, you should restrict them (especially macros and scripts). If not then you can block some popular LOLBins + CMD and PowerShell console.

It is still possible, but very improbable that something else can hurt your system.
Even if you lock completely your system with all known security applications, there will be always some (minimal) probability of infection.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
There can be probably some difference in the computer security when getting out of bed on the right side.
It is good to realize that adding more and more security makes a similar difference.:)(y)
 
A

Azazel

Is it possible to block powershell scripts by SRP and not globally by Reg Tweak.
Or scripts are capable to easily bypassing SRP?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
Is it possible to block powershell scripts by SRP and not globally by Reg Tweak.
Or scripts are capable to easily bypassing SRP?

Yes, they can be restricted only by SRP (without blocking all scripts). SRP in H_C restricts PowerShell scripts and PowerShell CmdLines by applying ConstrainedLanguage Mode.
 

sypqys

Level 4
Apr 18, 2022
176
hello !

I really like this free tool. All the work done by the developer... thank you for this software.

I understand that settings make Windows difficult to access, but with whitelisting, I find it fine.

how to set Hard_Configurator to make Windows secure and not unusable or difficult to use?
What to check?

Hard_Configurator(x64)_mZxZKVzrbM.png
Hard_Configurator(x64)_uRCZhuhzv7.png
explorer_kkOLsVh7on.png


it is OK like this ?
 
Last edited:
  • Like
Reactions: kylprq and Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
hello !

I really like this free tool. All the work done by the developer... thank you for this software.

I understand that settings make Windows difficult to access, but with whitelisting, I find it fine.

how to set Hard_Configurator to make Windows secure and not unusable or difficult to use?
What to check?

View attachment 282410View attachment 282411View attachment 282412

it is OK like this ?

It would be better to set < Block Remote Access> = ON and use FirewallHardening to restrict outbound connections of popular LOLBins (H_C Recommended).
You can also set <Forced SmartScreen> = "Standard User" and use "Run By SmartScreen" from the Explorer context menu as an on-demand file reputation scanner.
In such settings, the EXE and MSI files are protected mostly by AV (not blocked by H_C).
 

sypqys

Level 4
Apr 18, 2022
176
Hello !

I want to play some tracks with my Echo Dot 5 (Alexa) by bluetooth and it doesn't work.
I have add some changes on my H_C.

If I switch off "Switch Default Deny" and the problem occur, it is not H_C ?

AirDroid_qHfm7a16sD.png


Hard_Configurator(x64)_BkzfxsQQgG.png
 
  • Like
Reactions: Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top