Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,481
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
sypqys
Level 5
- Apr 18, 2022
- 216
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,481
So the issue is unrelated to FirewallHardening. If it was then the package could not be downloaded (but it could).
The issue is related to insufficient privileges. PowerShell thinks that the module does not have Administrator rights.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,481
sypqys
Level 5
- Apr 18, 2022
- 216
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,481
Did you uninstall H_C via Tools >> Uninstall H_C?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,481
sypqys
Level 5
- Apr 18, 2022
- 216
sypqys
Level 5
- Apr 18, 2022
- 216
is not installed, I have made an clean install without H_C. Only I use FirewallHardening and ConfigureDefender (independently of H_C.).
I did a reset instead exactly... but in program i have H_C but not installed, when I click it beg to suppress the shortcut...
So how I check if SRP or H_C rules are active ? I guess that not because of I have made an hard reset... of the system.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,481
If you did so, then there is no H_C restrictions.
No idea. Maybe this module does not work on your Windows version. Do you use any application that can block/restrict execution in some folders?
Last edited:
sypqys
Level 5
- Apr 18, 2022
- 216
Attachments
sypqys
Level 5
- Apr 18, 2022
- 216
Thanks I think is that the problem...
I will try after correct this (put on whitelist or allow this process into antiransomware protection)...
sypqys
Level 5
- Apr 18, 2022
- 216
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,481
sypqys
Level 5
- Apr 18, 2022
- 216
It was the antiransomware protection that was blocking Powershell (see screenshot).
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,481
Edit.
I think that PowerShell (pwsh.exe) used one of your protected folders when installing the Harden Windows Security Module. The modifications in that folder were blocked because pwsh.exe was not on the allowlist of Ransomware Protection. That is why PowerShell alerted that it did not have sufficient privileges to install the module.
Last edited:
- Jan 21, 2018
- 48
I have a question that is closely related to H_C, although I'm not currently running H_C (but instead a home made SRP tool) in the PC where I came across to a new situation recently. I hope it's still ok to ask my question here, since the question is SRP specific, and I think that most people using SRP nowadays do use H_C (as I also use in some other PCs), so I think that the question can easily be answered here.
I have run SRP for years in all of my Windows computers in default deny mode, enforcement for all files (including dlls). Several years ago I have included a "jscript*.dll" entry in my Disallow list, since I have had no need for Javascript.
Recently I installed an USB connected HP printer to one of our workstations and noticed that to be able to print I had to create a custom allow policy for C:\Windows\System32\jscript.dll, which is now required by the printer. It took a while to find out since to my surprise no Event Log entries were generated. Luckily Process Monitor revealed the guilty dll which blocked printing.
I have not been actively following the threat developments for various Windows components, so I'm somewhat unsure what are nowadays the risks for allowing the access to jscript.dll for standard user accounts (I mean from technical point of view, e.g. if there are known unpatched vulnerabilities in jscript.dll that I failed to find, or what kind of scenarios an adversary could probably try to exploit in late October 2024 by using jscript.dll, etc...).
I'd be grateful if someone knowledgeable could shed some light on this.
I did try to use Google and MS copilot to answer the question, but after some trials I came to the conclusion that I'd rather prefer some real intelligence than plain AI stories here...
Windows 10 Pro 22H2.
I have run SRP for years in all of my Windows computers in default deny mode, enforcement for all files (including dlls). Several years ago I have included a "jscript*.dll" entry in my Disallow list, since I have had no need for Javascript.
Recently I installed an USB connected HP printer to one of our workstations and noticed that to be able to print I had to create a custom allow policy for C:\Windows\System32\jscript.dll, which is now required by the printer. It took a while to find out since to my surprise no Event Log entries were generated. Luckily Process Monitor revealed the guilty dll which blocked printing.
I have not been actively following the threat developments for various Windows components, so I'm somewhat unsure what are nowadays the risks for allowing the access to jscript.dll for standard user accounts (I mean from technical point of view, e.g. if there are known unpatched vulnerabilities in jscript.dll that I failed to find, or what kind of scenarios an adversary could probably try to exploit in late October 2024 by using jscript.dll, etc...).
I'd be grateful if someone knowledgeable could shed some light on this.
I did try to use Google and MS copilot to answer the question, but after some trials I came to the conclusion that I'd rather prefer some real intelligence than plain AI stories here...
Windows 10 Pro 22H2.
Similar threads
-
- Sticky
