Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

There is no need, unless your job is editor...

Ha, ha . So editors who use Office 2007 (unsupported by Microsoft) have to wait until I finish WDDS (Windows Default-Deny Security) which will block active content (macros, OLE, ActiveX, and DDE) in MS Office or use SysHardener. Even without this, Hard_Configurator default-deny settings apply a pretty good protection against malicious documents (including fileless PowerShell attacks). I analyzed many malicious samples, and so far, all of them could be stopped by default-deny setup. That is because all samples used JS or VBS scripts, or PowerShell with advanced functions, or payloads from the Userspace. I do not think that attackers will change soon their attack techniques, which are so successful against most targets.
Editors who use MS Office 2010+ on Windows 10 FCU have already a decent protection when using Hard_Configurator + Windows Defender ASR.
It is worth to remember that without default-deny setup, the users are still vulnerable, even when all active content in Office documents is blocked. This follows from the ability to control MS Office executables programmatically by external programs. That can be used to defeat the anti-ransomware protection.
Of course, there are many solutions to the Office documents problem (anti-exe, sandboxing, etc.). NVT OSArmor and VoodooShield have very good modules that can protect against malicious documents in MS Office. Also, ReHips are sandboxing by default MS Office executables, and there is also Comodo Firewall with activated sandbox, Excubits drivers, etc.
I like very much two applications: AppGuard (paid) and Sandboxie (paid), which can also apply a decent protection.

 

[Deleted member 178]

I like very much two applications: AppGuard (paid) and Sandboxie (paid), which can also apply a decent protection.

+1.
I use both of them in 2 of my systems, lighter and 1000 times more secure than any AV/suite out-there.

 

[shmu26]

The release notes for the latest Win10 cumulative update say that the following bug was fixed:
"Software Restriction Policy Caused Microsoft to stop working"
Any idea what that's all about?

 

[shmu26]

until I finish WDDS (Windows Default-Deny Security)

What about an optional system tray icon, like you have with Excubits memprotect and FIDES?

 

[Andy Ful]

The release notes for the latest Win10 cumulative update say that the following bug was fixed:
"Software Restriction Policy Caused Microsoft to stop working"
Any idea what that's all about?

They thought about SRP all the time and forgot doing anything else.

 

[Andy Ful]

What about an optional system tray icon, like you have with Excubits memprotect and FIDES?

Hard_Configurator was intended to configure computers of inexperienced users or lock the computers of children. So it should be invisible to them. You can use SwitchDefaultDeny tool to quickly turn ON/OFF default-deny protection. If the protection is OFF, then SwitchDefaultDeny starts with Windows to remember you that you are vulnerable.

 

[Andy Ful]

Thanks @shmu26 I did not know it, and this is a good news.
The issue with SRP was as follows:
"Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy".
That was related to Enforcement setting when SRP blocked DLLs in the Userspace. It was a bug because in fact SRP, did not block any DLL in Edge, and Edge crashed anyway, probably due to its protection mechanism colliding with SRP DLL filtering.

 

[shmu26]

Thanks @Shmu I did not know it, and this is a good news.
The issue with SRP was as follows:
"Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy".
That was related to Enforcement setting when SRP blocked DLLs in the Userspace. It was a bug because in fact SRP, did not block any DLL in Edge, and Edge crashed anyway, probably due to its protection mechanism colliding with SRP DLL filtering.

Thanks.
Edge is a very touchy creature. Just look at it, and it stops working.

 

[Deleted member 65228]

Thanks.
Edge is a very touchy creature. Just look at it, and it stops working.

+100000

I used it daily in past month and it broke every one of them.

 

[Andy Ful]

+100000

I used it daily in past month and it broke every one of them.

Ha, ha. That is because you are an injective person (whatever it means).

 

[Andy Ful]

I have Edge on 5 computers and it never crashed, except the issue mentioned by @shmu26. But, I am a lucky man, because it crashed even for Microsoft guys.
That can be related to the installed software. I do not use any third party security soft, because generally, Windows 10 hates third-party security.

 

[Evjl's Rain]

the worst thing about edge is it degrades the disk like hell
incredibly slow and high disk usage on HDD. Can't notice on SSD
no such thing happens with chrome and firefox

putting cache on ram reduces disk usage a bit but still

 

[Andy Ful]

Edge is like a chameleon. When I read comments on MalwareTips forum and other forums, some people I trust, report the concrete issues. When I look for those issues on my computer, then usually I cannot find them. That probably indicates that my computers' setup is rare among the users (all computers have SSD).

 

[Deleted member 65228]

I promise you, I haven't touched Microsoft Edge in terms of modification on my Host environment which I've been using for browsing MalwareTips for awhile. I'd normally use a Virtual Machine even for browsing the forum, but I wanted to test Microsoft Edge outside of the environment.

I've been using it bare-bones with absolutely no changes to the default settings exclusively for browsing MalwareTips and I've ran into several bugs which do not appear to be related to the forum.

When I'm typing a message about the length of this post, the currently selected position will randomly jump to another position. Therefore, if I start typing "Andy Ful", it might type it within a sentence above instead of where I'm trying to type it. This is more frequent when I try to change something I've already written in the post box.

It's just unusable for me, I've never had such issues with Google Chrome, Firefox, or even Internet Explorer. There's neither no third-party interception, it's literally just bare-bones Microsoft Edge.

 

[Andy Ful]

I believe you. For example on my computer, I had issues with Comodo Firewall, Avast free, and Kaspersky free. So, it seems that some people have to find your own way to live with Windows 10.

 

[ForgottenSeer 69673]

I promise you, I haven't touched Microsoft Edge in terms of modification on my Host environment which I've been using for browsing MalwareTips for awhile. I'd normally use a Virtual Machine even for browsing the forum, but I wanted to test Microsoft Edge outside of the environment.

I've been using it bare-bones with absolutely no changes to the default settings exclusively for browsing MalwareTips and I've ran into several bugs which do not appear to be related to the forum.

When I'm typing a message about the length of this post, the currently selected position will randomly jump to another position. Therefore, if I start typing "Andy Ful", it might type it within a sentence above instead of where I'm trying to type it. This is more frequent when I try to change something I've already written in the post box.

It's just unusable for me, I've never had such issues with Google Chrome, Firefox, or even Internet Explorer. There's neither no third-party interception, it's literally just bare-bones Microsoft Edge.

I have been using Edge along time and never seen this. On this forum I use the midnight 2018.

 

[ForgottenSeer 69673]

Andy I see you also use Appguard. I assume you are not seeing any conflicts with your program?

 

[shmu26]

I am going to guess that Andy tests Appguard, but actually uses native SRP.

 

[ForgottenSeer 69673]

I am going to guess that Andy tests Appguard, but actually uses native SRP.

From post # 441

"I like very much two applications: AppGuard (paid) and Sandboxie (paid), which can also apply a decent protection."

That is why I asked since both his tool and Appguard do similar things.

 

[Andy Ful]

Andy I see you also use Appguard. I assume you are not seeing any conflicts with your program?

@shmu26 is right. I am a beta tester of AppGuard and I like the way it uses SRP with light sandboxing (guarded applications). This is a very efficient way to protect users in Windows. I test AppGuard in the VirtualBox, and use Hard_Configurator in the real system.
Sandboxie (paid) is great when one wants to isolate/restrict a vulnerable application. The custom sandbox can be highly restrictive, so for example, any other application cannot run, the Internet access is disabled, the application cannot read from folders but can write to them or can read but cannot write to them, etc.