Hard_Configurator - Windows Hardening Configurator

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,890
Marana said:
...
I have not been actively following the threat developments for various Windows components, so I'm somewhat unsure what are nowadays the risks for allowing the access to jscript.dll for standard user accounts (I mean from technical point of view, e.g. if there are known unpatched vulnerabilities in jscript.dll that I failed to find, or what kind of scenarios an adversary could probably try to exploit in late October 2024 by using jscript.dll, etc...).
Click to expand...

Allowing jscript.dll is acceptable on updated machines because SRP independently blocks JScript files if the SRP default security level is set to Disallowed. Of course, caution is required when whitelisting the JScript files in UserSpace. In your case, the printer probably uses the JScript file for something, so that particular file should be whitelisted (by hash or path), too.
You can still block jscript9*.dll to prevent JavaScript exploits related to Internet Explorer (some IE compatibility is still included in other web browsers).
 
  • Like
  • Hundred Points
Reactions: simmerskool, Gandalf_The_Grey and oldschool
dronefox1166

dronefox1166

Level 6
Apr 18, 2022
277
if I set my computer to “Fort Firewall”, the ConfigureDefender and FirewallHardening rules will no longer be active (as I'll be disabling the Windows firewall)?

Can I set them one by one with this firewall?

Thanks
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,890
sypqys said:
if I set my computer to “Fort Firewall”, the ConfigureDefender and FirewallHardening rules will no longer be active (as I'll be disabling the Windows firewall)?

Can I set them one by one with this firewall?

Thanks
Click to expand...
Hi,
I am not sure if your post is related to H_C. :unsure:
 
  • +Reputation
  • Like
Reactions: simmerskool and dronefox1166
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,890
sypqys said:
if I set my computer to “Fort Firewall”, the ConfigureDefender and FirewallHardening rules will no longer be active (as I'll be disabling the Windows firewall)?
Click to expand...
All my applications (including H_C, Configuredefender, and FirewallHardening) should work well with Fort Firewall (it does not disable Windows Firewall).
 
  • +Reputation
  • Like
Reactions: simmerskool and dronefox1166
aldist

aldist

Level 2
Jul 22, 2020
63
Windows 10 21H2. H_C blocks opening of rtf files (WordPad). If I turn off the protection in SDD, the files are opened. How to solve the problem? How do I determine which rule is blocking?
 
  • Like
Reactions: simmerskool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,890
aldist said:
Windows 10 21H2. H_C blocks opening of rtf files (WordPad). If I turn off the protection in SDD, the files are opened. How to solve the problem? How do I determine which rule is blocking?
Click to expand...
What is SDD?
 
  • Like
Reactions: simmerskool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,890
aldist said:
Thanks, it worked. Removed RTF from Designated File Types.
Click to expand...
This is one of two solutions. It requires remembering that RTF files can be dangerous and knowing which file types you open.
The second solution is when you intentionally use RTF files rarely and from trusted sources. You do not remove the RTF extension from Designated File Types, but run the file Editor and use File >> Open to find and open the RTF file. The RTF files will still be blocked when opening them by clicking the icon on the desktop or from Explorer.
 
  • Like
  • +Reputation
Reactions: simmerskool, oldschool, aldist and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,890
Last edited:
  • Like
  • +Reputation
Reactions: Fel Grossi, micasayyo, badboy and 9 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,890
I asked ChatGPT and DeepSeek: "What is Hard_Configurator"?

ChatGPT (without account)
Hard_Configurator is a term that typically refers to a software tool or application used to configure or customize hardware settings, components, or systems. It's often used in contexts like embedded systems, custom PC builds, or hardware setups where users need to adjust certain parameters like performance, functionality, or compatibility.

It could also refer to specialized software used in hardware development or design, where you configure things like CPUs, memory, peripheral devices, or network interfaces based on specific requirements.

However, without more context, it's a bit difficult to say precisely what Hard_Configurator is, as the term could be used in different areas or industries. If you're referring to a specific product or software, let me know, and I can help clarify!

ChatGPT (with free account)
Hard_Configurator is an advanced tool designed for home administrators to enhance the security of Windows systems, particularly for inexperienced users. It provides a graphical user interface (GUI) to manage Software Restriction Policies (SRP) and harden Windows Home editions, starting from Windows Vista.

The program leverages Windows' built-in security features to establish a default-deny setup, which includes:

  • Enabling SRP: Restricts the execution of unauthorized software.
  • Forcing SmartScreen: Enhances application reputation services to prevent the execution of untrusted applications.
  • Applying various hardening settings: Restricts vulnerable features within Windows.
These configurations aim to provide real-time protection by reconfiguring Windows settings, without the need for continuous background processes.

Hard_Configurator modifies the Windows Registry to implement several security measures, such as:

  • Blocking execution of scripts managed by Windows Script Host.
  • Disabling PowerShell script execution.
  • Restricting shortcut execution to specific folders.
  • Protecting writable subfolders in the Windows directory.
  • Enabling advanced Windows Defender settings, including Potentially Unwanted Application (PUA) protection and Attack Surface Reduction (ASR) rules.
It's important to note that Hard_Configurator is intended for advanced users. Misconfiguration can lead to system instability or reduced functionality. Therefore, it's recommended to thoroughly read the help information and understand the available options before applying any settings.

Additionally, Hard_Configurator is not recommended to be used alongside other hardening tools like WindowsHybridHardening and SimpleWindowsHardening, as they share several settings, which can lead to misconfigurations. Moreover, Windows built-in SRP is incompatible with AppLocker; any active AppLocker rule introduced via Group Policy Object (GPO) or Mobile Device Management (MDM) WMI Bridge turns off SRP. Hard_Configurator checks for active AppLocker rules and alerts about the issue.
github.com

Hard_Configurator/README.md at master · AndyFul/Hard_Configurator

GUI to Manage Software Restriction Policies and harden Windows Home OS - AndyFul/Hard_Configurator
github.com github.com

For a visual demonstration and further understanding of Hard_Configurator, you might find the following video helpful:


DeepSeek
Hard_Configurator is a free, open-source graphical user interface (GUI) tool designed to enhance the security of Windows operating systems, particularly for home users. It leverages Windows' built-in security features, such as Software Restriction Policies (SRP) and SmartScreen, to create a more secure computing environment. Below is a detailed overview of its features, functionality, and use cases:

---

Key Features of Hard_Configurator
1. Software Restriction Policies (SRP) Management:
- Enables SRP in Windows Home editions, which are typically unavailable in these versions .
- Allows users to adjust SRP security levels, enforcement options, and designated file types .
- Blocks potentially harmful executables (LOLBins) and restricts script execution (e.g., PowerShell, Windows Script Host) .

2. Whitelisting and File Protection:
- Whitelists files by path or hash to exclude them from SRP restrictions .
- Protects writable subfolders in the `C:\Windows` directory and restricts shortcut execution to specific folders .

3. Integration with Windows Defender:
- Enhances Windows Defender by enabling advanced settings like PUA (Potentially Unwanted Applications) protection, ASR (Attack Surface Reduction) rules, and Network Protection.
- Forces SmartScreen checks for files without the "Mark of the Web" attribute, ensuring additional security for files from removable drives or container formats.

4. System Hardening:
- Disables vulnerable features such as Remote Desktop, Remote Registry, and 16-bit application execution .
- Secures PowerShell by enabling Constrained Language Mode and blocks script execution to mitigate fileless malware risks .

5. Customizable Profiles and Backup:
- Allows users to save custom security settings as profiles and restore them as needed .
- Includes predefined profiles for different Windows versions (e.g., Windows 7, 8, 10, and 11) .

6. User-Friendly Interface:
- Simplifies complex security configurations through an intuitive GUI, making it accessible even for non-technical users .
- Provides options to create system restore points and restore Windows defaults, ensuring safety during configuration changes .

---

Use Cases
- Home Users: Ideal for securing computers used by inexperienced users, such as children or "happy clickers," by restricting unauthorized software execution and enhancing built-in security features .
- System Administrators: Useful for standardizing security configurations across multiple devices, especially in environments where advanced tools like Group Policy Objects (GPO) are unavailable .
- Enhanced Security for Windows Home Editions: Bridges the gap between Windows Home and Pro/Enterprise editions by enabling enterprise-level security features like SRP .

---

Compatibility and Updates
- Supports Windows Vista and later versions, including Windows 11 .
- Regularly updated to address new security threats and compatibility issues with the latest Windows versions .

---

Limitations and Considerations
- Conflicts with Other Tools: May conflict with applications that use SRP (e.g., CryptoPrevent, SBGuard) or Group Policy settings. Users are advised to remove conflicting configurations before using Hard_Configurator .
- AppLocker Incompatibility: SRP does not work alongside AppLocker, which is used by Microsoft Family Safety and some enterprise environments .
- Advanced User Tool: While user-friendly, it requires some technical knowledge to avoid over-restricting the system and causing usability issues .

---

Conclusion
Hard_Configurator is a powerful tool for enhancing Windows security by leveraging built-in features like SRP and SmartScreen. It is particularly valuable for home users and administrators seeking to harden systems against malware and unauthorized software execution. However, users should carefully configure settings to avoid conflicts and ensure compatibility with their system environment.

For more details, you can visit the official [GitHub repository]
https://github.com/AndyFul/Hard_Configurator
or refer to community discussions on platforms like [MalwareTips]
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/
 
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: Fel Grossi, Azure, Gandalf_The_Grey and 5 others
Jonny Quest

Jonny Quest

Level 24
Verified
Top Poster
Well-known
Mar 2, 2023
1,338
Andy Ful said:
I asked ChatGPT and DeepSeek: "What is Hard_Configurator"?

ChatGPT (without account)
Hard_Configurator is a term that typically refers to a software tool or application used to configure or customize hardware settings, components, or systems. It's often used in contexts like embedded systems, custom PC builds, or hardware setups where users need to adjust certain parameters like performance, functionality, or compatibility.

It could also refer to specialized software used in hardware development or design, where you configure things like CPUs, memory, peripheral devices, or network interfaces based on specific requirements.

However, without more context, it's a bit difficult to say precisely what Hard_Configurator is, as the term could be used in different areas or industries. If you're referring to a specific product or software, let me know, and I can help clarify!

ChatGPT (with free account)
Hard_Configurator is an advanced tool designed for home administrators to enhance the security of Windows systems, particularly for inexperienced users. It provides a graphical user interface (GUI) to manage Software Restriction Policies (SRP) and harden Windows Home editions, starting from Windows Vista.

The program leverages Windows' built-in security features to establish a default-deny setup, which includes:

  • Enabling SRP: Restricts the execution of unauthorized software.
  • Forcing SmartScreen: Enhances application reputation services to prevent the execution of untrusted applications.
  • Applying various hardening settings: Restricts vulnerable features within Windows.
These configurations aim to provide real-time protection by reconfiguring Windows settings, without the need for continuous background processes.

Hard_Configurator modifies the Windows Registry to implement several security measures, such as:

  • Blocking execution of scripts managed by Windows Script Host.
  • Disabling PowerShell script execution.
  • Restricting shortcut execution to specific folders.
  • Protecting writable subfolders in the Windows directory.
  • Enabling advanced Windows Defender settings, including Potentially Unwanted Application (PUA) protection and Attack Surface Reduction (ASR) rules.
It's important to note that Hard_Configurator is intended for advanced users. Misconfiguration can lead to system instability or reduced functionality. Therefore, it's recommended to thoroughly read the help information and understand the available options before applying any settings.

Additionally, Hard_Configurator is not recommended to be used alongside other hardening tools like WindowsHybridHardening and SimpleWindowsHardening, as they share several settings, which can lead to misconfigurations. Moreover, Windows built-in SRP is incompatible with AppLocker; any active AppLocker rule introduced via Group Policy Object (GPO) or Mobile Device Management (MDM) WMI Bridge turns off SRP. Hard_Configurator checks for active AppLocker rules and alerts about the issue.
github.com

Hard_Configurator/README.md at master · AndyFul/Hard_Configurator

GUI to Manage Software Restriction Policies and harden Windows Home OS - AndyFul/Hard_Configurator
github.com github.com

For a visual demonstration and further understanding of Hard_Configurator, you might find the following video helpful:


DeepSeek
**Hard_Configurator** is a free, open-source graphical user interface (GUI) tool designed to enhance the security of Windows operating systems, particularly for home users. It leverages Windows' built-in security features, such as **Software Restriction Policies (SRP)** and **SmartScreen**, to create a more secure computing environment. Below is a detailed overview of its features, functionality, and use cases:

---

### **Key Features of Hard_Configurator**
1. **Software Restriction Policies (SRP) Management**:
- Enables SRP in Windows Home editions, which are typically unavailable in these versions .
- Allows users to adjust SRP security levels, enforcement options, and designated file types .
- Blocks potentially harmful executables (LOLBins) and restricts script execution (e.g., PowerShell, Windows Script Host) .

2. **Whitelisting and File Protection**:
- Whitelists files by path or hash to exclude them from SRP restrictions .
- Protects writable subfolders in the `C:\Windows` directory and restricts shortcut execution to specific folders .

3. **Integration with Windows Defender**:
- Enhances Windows Defender by enabling advanced settings like **PUA (Potentially Unwanted Applications) protection**, **ASR (Attack Surface Reduction) rules**, and **Network Protection** .
- Forces SmartScreen checks for files without the "Mark of the Web" attribute, ensuring additional security for files from removable drives or container formats .

4. **System Hardening**:
- Disables vulnerable features such as Remote Desktop, Remote Registry, and 16-bit application execution .
- Secures PowerShell by enabling **Constrained Language Mode** and blocks script execution to mitigate fileless malware risks .

5. **Customizable Profiles and Backup**:
- Allows users to save custom security settings as profiles and restore them as needed .
- Includes predefined profiles for different Windows versions (e.g., Windows 7, 8, 10, and 11) .

6. **User-Friendly Interface**:
- Simplifies complex security configurations through an intuitive GUI, making it accessible even for non-technical users .
- Provides options to create system restore points and restore Windows defaults, ensuring safety during configuration changes .

---

### **Use Cases**
- **Home Users**: Ideal for securing computers used by inexperienced users, such as children or "happy clickers," by restricting unauthorized software execution and enhancing built-in security features .
- **System Administrators**: Useful for standardizing security configurations across multiple devices, especially in environments where advanced tools like Group Policy Objects (GPO) are unavailable .
- **Enhanced Security for Windows Home Editions**: Bridges the gap between Windows Home and Pro/Enterprise editions by enabling enterprise-level security features like SRP .

---

### **Compatibility and Updates**
- Supports Windows Vista and later versions, including Windows 11 .
- Regularly updated to address new security threats and compatibility issues with the latest Windows versions .

---

### **Limitations and Considerations**
- **Conflicts with Other Tools**: May conflict with applications that use SRP (e.g., CryptoPrevent, SBGuard) or Group Policy settings. Users are advised to remove conflicting configurations before using Hard_Configurator .
- **AppLocker Incompatibility**: SRP does not work alongside AppLocker, which is used by Microsoft Family Safety and some enterprise environments .
- **Advanced User Tool**: While user-friendly, it requires some technical knowledge to avoid over-restricting the system and causing usability issues .

---

### **Conclusion**
Hard_Configurator is a powerful tool for enhancing Windows security by leveraging built-in features like SRP and SmartScreen. It is particularly valuable for home users and administrators seeking to harden systems against malware and unauthorized software execution. However, users should carefully configure settings to avoid conflicts and ensure compatibility with their system environment .

For more details, you can visit the official [GitHub repository](https://github.com/AndyFul/Hard_Configurator) or refer to community discussions on platforms like [MalwareTips](https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/).
Click to expand...

I didn't realize there was that much of a difference regarding the information of ChatGPT with and without an account.
DeepSeek, is very succinct just straight down the line of facts.
 
  • Like
Reactions: oldschool and Andy Ful
badboy

badboy

Level 2
Jan 20, 2025
58
Andy Ful said:
Hard_Configurator 7.0.0.1 stable version (the same as the latest beta 3).

This version can be installed over the previous versions from the Hard_Configurator GUI via the < Update > button.
The differences compared to ver. 7.0.0.0:
  • Added two new ASR rules to ConfigureDefender.
  • Some corrections in the help files and H_C manual.
Click to expand...
Hi Andy. Thanks for the great software. :) I'm studying it now, but some questions and suggestions.

1. I really wish that when you select one of the security options, it was clearly marked (with a check mark or a different color), because when you select a security option and after a while go to the settings, you do not understand which one you activated earlier or which option is currently active). You have to click on the desired option again to be sure.

2. The purpose of the additional icon on the Switch Default Deny desktop is not entirely clear. Is it resetting the default antivirus settings or just blocking any activity at all, and does the home user need it?

3. What settings should be made to ensure that the protection is at the level of DefenderUI Pro or better? Do I need to install ALL of your embeds and how do I configure them?

4. Perhaps in the future you will make a single application with all the functions together, so that we don't have to download or install all the utilities separately? Maybe I'm mistaken and Hard_Configurator is the only one that contains all the separate ones?
 

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
37,703
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
403
Views
55,972
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,626
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top