Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Did you enable logging?

1729766063065.png
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
DId you try to install this module via the PowerShell CmdLine (PowerShell 7.4+ must be used):

Code:
 (irm 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security.ps1')+'P'|iex
 
  • Like
Reactions: sypqys

sypqys

Level 5
Apr 18, 2022
230
Did you uninstall H_C via Tools >> Uninstall H_C?
is not installed, I have made an clean install without H_C. Only I use FirewallHardening and ConfigureDefender (independently of H_C.).

I did a reset instead exactly... but in program i have H_C but not installed, when I click it beg to suppress the shortcut...

So how I check if SRP or H_C rules are active ? I guess that not because of I have made an hard reset... of the system.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
is not installed, I have made an clean install without H_C. Only I use FirewallHardening and ConfigureDefender (independently of H_C.).

If you did so, then there is no H_C restrictions.


No idea. Maybe this module does not work on your Windows version. Do you use any application that can block/restrict execution in some folders?
 
Last edited:

sypqys

Level 5
Apr 18, 2022
230
If you did so, then there is no H_C restrictions.



No idea. Maybe this module does not work on your Windows version. Do you use any application that can block/restrict execution in some folders?
apparently not. Perhaps anti-ransomware protection of Windows Defender.

ApplicationFrameHost_n6wqZGZSEz.png
 

Attachments

  • explorer_3g89qPa61E.png
    explorer_3g89qPa61E.png
    17.9 KB · Views: 27

sypqys

Level 5
Apr 18, 2022
230
If you did so, then there is no H_C restrictions.



No idea. Maybe this module does not work on your Windows version. Do you use any application that can block/restrict execution in some folders?
Thanks I think is that the problem...

I will try after correct this (put on whitelist or allow this process into antiransomware protection)...
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Did you manually add pwsh.exe to the anti-ransomware protection block list? Are there any blocked events in the Microsoft Defender protection history related to blocking pwsh.exe? Those events should also be visible in the CondfigureDefender Log.

Edit.
I think that PowerShell (pwsh.exe) used one of your protected folders when installing the Harden Windows Security Module. The modifications in that folder were blocked because pwsh.exe was not on the allowlist of Ransomware Protection. That is why PowerShell alerted that it did not have sufficient privileges to install the module.
 
Last edited:

sypqys

Level 5
Apr 18, 2022
230
Do you have any idea why certain points are grayed out?
Is it applied or not in this case?
firefox_xRDAGD1f7o.png

Here it conflicts with ConfigureDefender... If I configure ConfigureDefender differently, what happens? (here)
firefox_O9bPglDzRT.png




Thank you!
 
  • Like
Reactions: Andy Ful

Marana

Level 1
Verified
Jan 21, 2018
48
I have a question that is closely related to H_C, although I'm not currently running H_C (but instead a home made SRP tool) in the PC where I came across to a new situation recently. I hope it's still ok to ask my question here, since the question is SRP specific, and I think that most people using SRP nowadays do use H_C (as I also use in some other PCs), so I think that the question can easily be answered here.

I have run SRP for years in all of my Windows computers in default deny mode, enforcement for all files (including dlls). Several years ago I have included a "jscript*.dll" entry in my Disallow list, since I have had no need for Javascript.

Recently I installed an USB connected HP printer to one of our workstations and noticed that to be able to print I had to create a custom allow policy for C:\Windows\System32\jscript.dll, which is now required by the printer. It took a while to find out since to my surprise no Event Log entries were generated. Luckily Process Monitor revealed the guilty dll which blocked printing.

I have not been actively following the threat developments for various Windows components, so I'm somewhat unsure what are nowadays the risks for allowing the access to jscript.dll for standard user accounts (I mean from technical point of view, e.g. if there are known unpatched vulnerabilities in jscript.dll that I failed to find, or what kind of scenarios an adversary could probably try to exploit in late October 2024 by using jscript.dll, etc...).

I'd be grateful if someone knowledgeable could shed some light on this.

I did try to use Google and MS copilot to answer the question, but after some trials I came to the conclusion that I'd rather prefer some real intelligence than plain AI stories here... :)

Windows 10 Pro 22H2.
 
  • Like
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top