Hard_Configurator - Windows Hardening Configurator

[yitworths]

And Kaspersky with K2019 is using the integrated Microsoft W10 AMSI tecnology to detect/block scripts

Kaspersky also using Microsoft's PPL technology for self-defense, at least in windows 10.

 

[harlan4096]

Yes! but both technologies are there and any 3rd party security provider may use them

 

[shmu26]

SmartScreen is a very good reputation service (maybe the best available). So, if the file is not malicious and many people choose to install it, then it will be allowed (even when includes adware like in VirusTotal example).

The file was not actually malicious, as far as I can tell, it was one of those "safe" cracks. Not even any adware. Only software piracy.

 

[Andy Ful]

The file was not actually malicious, as far as I can tell, it was one of those "safe" cracks. Not even any adware. Only software piracy.

Babylon Toolbar browser extension is treated as adware by many vendors. The toolbar, in fact, is not installed due to extension restrictions in modern browsers.
Remove Babylon Toolbar (Removal Instructions)

 

[shmu26]

Babylon Toolbar browser extension is treated as adware by many vendors. The toolbar, in fact, is not installed due to extension restrictions in modern browsers.
Remove Babylon Toolbar (Removal Instructions)

This file was not the terrible toolbar, it was the desktop translation software. But it does try to install a browser extension, to provide one-click translations on web pages..

 

[Andy Ful]

It seems that 'forced SmartScreen' feature applied in Hard_Configurator via "Run As SmartScreen" is actually present on Windows 10 (Enterprise ed.) in Windows Defender Application Control. That was my main idea when creating Hard_Configurator. That idea could be accomplished only partially in Windows Home, for applications ran by the user. In Application Control it is the full cloud reputation service (like Avast Aggressive Hardened Mode), so even the dropped/executed payloads are reputation-checked.

 

[Sunshine-boy]

I think App control is only an anti-EXE.

 

[shmu26]

It seems that 'forced SmartScreen' feature applied in Hard_Configurator via "Run As SmartScreen" is actually present on Windows 10 (Enterprise ed.) in Windows Defender Application Control. That was my main idea when creating Hard_Configurator. That idea could be accomplished only partially in Windows Home, for applications ran by the user. In Application Control it is the full cloud reputation service (like Avast Aggressive Hardened Mode), so even the dropped/executed payloads are reputation-checked.

If all spawned processes will be checked by reputation service, won't that make program updates almost impossible? They will always have new files.

 

[Andy Ful]

I think App control is only an anti-EXE.

It is not.
You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them.
.
In addition, you can work from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them.
.
Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules (Windows 10)

 

[Andy Ful]

If all spawned processes will be checked by reputation service, won't that make program updates almost impossible? They will always have new files.

That is why Application Control uses also whitelisting.

 

[AlanOstaszewski]

The file was not actually malicious, as far as I can tell, it was one of those "safe" cracks. Not even any adware. Only software piracy.

Sorry to defend SmartScreen now, but if the crack was clean, there's nothing to worry about and I would even consider that a feature. And if many people want to get this "software", which Kaspersky classifies as "not a virus", then it is also ok here that SmartScreen does not block it.

Remember, it is called "Smart"Screen and not "IBlockACrackBecauseItIsACrack". Smart means not marking everything as a virus, and here this filter has my full respect. It's my favorite software in Windows and I think it's great that @Andy Ful has programmed a backend for configuring it! Thank you!

 

[Andy Ful]

@askalan,
I think that @shmu26 was also positively surprised by SmartScreen.

 

[shmu26]

Right, I agree that it was fair for Smartscreen to allow it. It's not supposed to be your Mother or your local law enforcement agency.

 

[Sunshine-boy]

It is not

anyway, I'm sure that any hips or Kaspersky App control is better than this.

 

[Andy Ful]

anyway, I'm sure that any hips or Kaspersky App control is better than this.

I would kindly disagree with you, but I am sure we will not quarrel about this.
Anyway, as you know, I think that SRP is more usable for home users. But for Enterprises, Application Control is better because the people have to use vulnerable applications/services/protocols and there are much more network vulnerabilities. Hard_Configurator settings are designed to prevent the malware infections by forcing the user to execute only safe files and restricting file execution. This can also mitigate many exploits running as standard user (drive-by attacks, PowerShell fileless attacks, etc.). Application Control has additionally to fight even when something was exploited to run the malware with administrative rights.

 

[Andy Ful]

It is clear that WD Application Control + WD Application Guard is the Microsoft answer to similar solutions in AV suites (Kaspersky, etc.). For example, WD Application Guard can be set to execute only well-known and safe applications like in Kaspersky Trusted Applications mode.
Personally, I can see some similarities with the idea of AppGuard:

1. restrict execution of scripts, applications, modules
2. guard the vulnerable applications

WD Application Guard uses Microsoft Hyper-V virtualization technology, so it is actually the stronger solution available on Windows. Also, the native WDAC + WDAG implementation in the OS kernel is most stable and robust.

 

[shmu26]

WD Application Guard uses Microsoft Hyper-V virtualization technology,

So VMWare won't run, right? That's a problem for a lot of businesses.

 

[Andy Ful]

So VMWare won't run, right? That's a problem for a lot of businesses.

Also when Credential Guard is enabled. Both WD Credential Guard and WD Application Guard use Hyper-V hypervisor. As far I know, this can be the limitation of Intel VT-x and AMD-V technology (only one hypervisor can be run at a time), so VMware or VirtualBox hypervisor cannot be run as the second hypervisor.
https://support.microsoft.com/en-us...ns-do-not-work-together-with-hyper-v-device-g

 

[Deleted Member 3a5v73x]

Anyway, as you know, I think that SRP is more usable for home users.

I really appreciate your work mate @Andy Ful , but how is SRP more usable? Why nobody talks about more important factor, that most home users are "click happy" and don't pay attention to any security alerts and if some comes up or "in their face" like Smartscreen alert, they just click yes to get it faster out of their way without reading any information what its for. If family have no one to ask computer help, they have to call someone tech like. And most people 50+ who didn't born with tablets and pc's in their hands, will not do manual way seeking for problem help in Google or MalwareTips example. I can set SRP for my other 5+ family windows systems, but if I wasn't there for them, default-deny would NOT be the best security solution. SRP is best for Business/corp oriented systems where employes are not allowed to install additional programms and just use work oriented applications.

 

[shmu26]

I really appreciate your work mate @Andy Ful , but how is SRP more usable? Why nobody talks about more important factor, that most home users are "click happy" and don't pay attention to any security alerts and if some comes up or "in their face" like Smartscreen alert, they just click yes to get it faster out of their way without reading any information what its for. If family have no one to ask computer help, they have to call someone tech like. And most people 50+ who didn't born with tablets and pc's in their hands, will not do manual way seeking for problem help in Google or MalwareTips example. I can set SRP for my other 5+ family windows systems, but if I wasn't there for them, default-deny would NOT be the best security solution. SRP is best for Business/corp oriented systems where employes are not allowed to install additional programms and just use work oriented applications.

I think Andy meant that SRP is more friendly to home users than WD Application Guard is.

But to address your point more directly, let's say you put SRP on on a novice's computer. He won't even know how to get around it. It takes a certain amount of skill to discover that a right click will give you options to run a file with admin rights. And even if you do that, once you get that smartscreen block, you need to be pretty smart to figure out how to click past it. My Mom would never figure it out, and I don't think my Dad would either, even though he is pretty clever, he is a university professor.
You can also configure smartscreen so that you can't click past it, if you want a more locked down config.