Hard_Configurator - Windows Hardening Configurator

oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
@Andy Ful - I have the "Run As SmartScreen" in right click context menu but neither "RAS" or "Run by SmartScreen" in Explorer context menu. I'm sure there was a post(s) on this issue but I'm unable to find it in the 35 pages of this thread. :emoji_disappointed::rolleyes::unsure:
 
  • Like
Reactions: simmerskool and Andy Ful
Nestor

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
Evjl's Rain said:
sorry but I don't understand what you said about Runbysmartscreen
I use it because I don't want to upload everything to a website and download them 1 by 1 so I right-click and "Run-by-smartscreen" with anything I can, except the extensions you give the warning sign of SS being not supported => ignore because SS by default won't show any warning like that => to simulate a real-world scenario

I don't look at the icon, I look at the extensions. If it has .exe or anything SS supports, I will Run-by-smartscreen

I want to test WD at max settings and smartscreen but not the app Run-by-smartscreen and I also want to test WD without SS because there are so many ways to ignore SS lookup. Sorry for the confusion
I should have clarified it in the test


I think I disagree with that. It's true in theory, I guess
however, during my test with the high settings, WD allowed everything to run -> analyzed and blocked if they were malicious, if not, no notification from the beginning. It worked like a BB but not BB

I noticed some files were running for 10s and then disappeared. At the same time, the CPU usage of WD process was significantly increased -> a sign of it analyzing the files -> then WD showed a noti. with malwares were detected

WD is quite aggressive as it uploaded files even when I was right-clicking the undetected samples
it consumed >100MB of my VPN bandwidth. Once in the past, WD used to consumed all of my 200MB daily limit :( and my VPN was automically disconnected during the test => I must have stopped the test immediately to protect myself
Click to expand...
Evjl's Rain the last pack of malware was pretty strong (8/8) all AV's failed.But the most disappointed results was from WD (max settings) and SHP, the last days in hub.I expected more from this two.
 
  • Like
Reactions: harlan4096 and Andy Ful
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Nestor said:
Evjl's Rain the last pack of malware was pretty strong (8/8) all AV's failed.But the most disappointed results was from WD (max settings) and SHP, the last days in hub.I expected more from this two.
Click to expand...
I, instead, never expect them to perform well because according to my experience, they never give a clean result especially for sophos
Their signatures are so bad that is a reason for infection. If they signatures are better, they would have had better results
also, I was disappointed with WD VPN bandwidth consumption. It consumed 150MB yesterday while bitdefender free only consumed 15MB, sophos 18MB
During the test, WD uploaded everything to the cloud => privacy concern???

I think there are some ways to get a clean result in this test
- avast hardened mode + syshardener/H_C blocking all scripts
- Block all scripts + Run everything .exe with smartscreen
- any anti-exe, comodo firewall (not preferred as they always work)
- Kaspersky's trusted application mode
 
Last edited:
  • Like
Reactions: oldschool, Sunshine-boy, InnoScorpio and 5 others
Nestor

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
Evjl's Rain said:
I, instead, never expect them to perform well because according to my experience, they never give a clean result especially for sophos
Their signatures are so bad that is a reason for infection. If they signatures are better, they would have had better results
also, I was disappointed with WD VPN bandwidth consumption. It consumed 150MB yesterday while bitdefender free only consumed 15MB, sophos 18MB
During the test, WD uploaded everything to the cloud => privacy concern???

I think there are some ways to get a clean result in this test
- avast hardened mode + syshardener/H_C blocking all scripts
- Block all scripts + Run everything .exe with smartscreen
- any anti-exe, comodo firewall (not preferred as they always work)
- Kaspersky's trusted application mode
Click to expand...
With CF,CIS, CS settings or not,or VS with any free AV, i believe will do the job!
 
  • Like
Reactions: oldschool, ZeroDay, simmerskool and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
Nestor said:
With CF,CIS, CS settings or not,or VS with any free AV, i believe will do the job!
Click to expand...
If you are using Trusted Vendor list in Comodo, then any malware signed by the vendor from that list will be allowed. VoodooShield in AutoPilot mode will allow all true 0-day malware.
Using AV with CF/VS is OK, but it has also some cons:
  • a potential problem with system stability,
  • many false positives from CF or VS.
Because of the false positives, most non-advanced users will probably use one or two on-demand scanners for checking the 0-day malware and infect the computer anyway. Nothing is perfect.
 
  • Like
Reactions: Deletedmessiah, ZeroDay, Sunshine-boy and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
oldschool said:
@Andy Ful - I have the "Run As SmartScreen" in right click context menu but neither "RAS" or "Run by SmartScreen" in Explorer context menu. I'm sure there was a post(s) on this issue but I'm unable to find it in the 35 pages of this thread. :emoji_disappointed::rolleyes::unsure:
Click to expand...
You will find nothing about that issue. Some other application changed the default Explorer settings.
 
  • Like
Reactions: simmerskool, silversurfer and oldschool
Nestor

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
Andy Ful said:
If you are using Trusted Vendor list in Comodo, then any malware signed by the vendor from that list will be allowed. VoodooShield in AutoPilot mode will allow all true 0-day malware.
Using AV with CF/VS is OK, but it has also some cons:
  • a potential problem with system stability,
  • many false positives from CF or VS.
Because of the false positives, most non-advanced users will probably use one or two on-demand scanners for checking the 0-day malware and infect the computer anyway. Nothing is perfect.
Click to expand...
Yep, no solution is perfect,the real strength is to eliminate the possibilities to be infected,Today in hub there was a signed malware,maybe CF will not sandbox it,but the case here is if it will catch it through HIPS or FW,i believe it will.
 
  • Like
Reactions: Andy Ful, harlan4096 and oldschool
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Nestor said:
Yep, no solution is perfect,the real strength is to eliminate the possibilities to be infected,Today in hub there was a signed malware,maybe CF will not sandbox it,but the case here is if it will catch it through HIPS or FW,i believe it will.
Click to expand...
If the signer is honored by Comodo, the malware will fly by the protection, and not just the autocontainment protection, but also the HIPS and firewall. All these components honor digital sigs, and granted "trusted" status to the file.

But you can hope that the signed malware is just a dropper -- it usually is-- and the payload is unsigned. However, if that is the case, you don't need Comodo to stop it. SRP will stop it even faster, and in fact, speed is very important if the payload runs after a reboot.
 
  • Like
Reactions: Tiny, ZeroDay, Andy Ful and 6 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
Andy Ful said:
You will find nothing about that issue. Some other application changed the default Explorer settings.
Click to expand...

I do have RunAsSmartscreen in Explorer context menu. I think I had mistakenly toggled it off. But should RunBySmartscreen be there as well? I do not have that.

Andy Ful said:
VoodooShield in AutoPilot mode will allow all true 0-day malware.
Using AV with CF/VS is OK, but it has also some cons:
  • a potential problem with system stability,
  • many false positives from CF or VS.
Because of the false positives, most non-advanced users will probably use one or two on-demand scanners for checking the 0-day malware and infect the computer anyway. Nothing is perfect.
Click to expand...


I had much more trouble understanding CF FPs than VS, so I ditched it. I currently use VS in Always On mode. Being a non-advanced user I don't have issues with it. No FPs except for an occasional familiar file already on the computer, which is not a problem for me.
 
  • Like
Reactions: Andy Ful, Nestor, Schank873 and 3 others
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,072
oldschool said:
I do have RunAsSmartscreen in Explorer context menu. I think I had mistakenly toggled it off. But should RunBySmartscreen be there as well? I do not have that.
Click to expand...

Run By SmartScreen is here in the explorer-context-menu if you had changed the settings via "Recommended Restrictions"
"Recommended Restrictions" => "Run As SmartScreen" = "Standard User"

Run As SmartScreen is in the explorer-context-menu if the settings are default via "Recommended Restrictions"
"Recommended Restrictions" => "Run As SmartScreen" = "Administrator"
 
  • Like
Reactions: simmerskool, Deletedmessiah, ZeroDay and 7 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
silversurfer said:
Run By SmartScreen is here in the explorer-context-menu if you had changed the settings via "Recommended Restrictions"
"Recommended Restrictions" => "Run As SmartScreen" = "Standard User"

Run As SmartScreen is in the explorer-context-menu if the settings are default via "Recommended Restrictions"
"Recommended Restrictions" => "Run As SmartScreen" = "Administrator"
Click to expand...

Edit: I'm using "Recommended SRP" + "Recommended Restrictions" -> Run As Smartscreen = Administrator. I installed H_C from SUA.
No Run By SmartScreen in Explorer
 
Last edited:
  • Like
Reactions: silversurfer, Andy Ful and Nestor
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
oldschool said:
I do have RunAsSmartscreen in Explorer context menu. I think I had mistakenly toggled it off. But should RunBySmartscreen be there as well? I do not have that.
Click to expand...
No. Only one of them should be present in Explorer context menu. 'Run As SmartScreen' is related to default-deny SRP and 'Run By SmartScreen' to default-allow SRP.
Default-allow can be set when <Default Security Level> = Unrestricted.
 
  • Like
Reactions: simmerskool, Sunshine-boy, oldschool and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
oldschool said:
I have now read enough of the Manual that I'm finally understanding it better. Now all set and comfortable with my configuration.

Windows Defender
Hard_Configurator
Tinywall
VoodooShield Pro

Thanks to all for your help!
Click to expand...
It is a very good setup. Personally, I would skip VoodooShield for the better stability, or would keep WD + VoodooShield which is more user-friendly than Hard_Configurator.(y)
 
  • Like
Reactions: simmerskool, oldschool, In2an3_PpG and 3 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
Andy Ful said:
It is a very good setup. Personally, I would skip VoodooShield for the better stability, or would keep WD + VoodooShield which is more user-friendly than Hard_Configurator.(y)
Click to expand...

I have H_C set at your 'set and forget" settings which is OK for me. Also, I do not foresee installing any new software since I have tried enough here on the forum. VS also is no problem for me as my system appears stable and snappy. BTW, I really like Edge - aside from a couple of annoying bugs. I guess one could say I've come over to the Dark side since I am now quite fond of Windows. :LOL:(y)
 
  • Like
Reactions: ForgottenSeer 72227, Andy Ful, shmu26 and 1 other person

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,414
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,090
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top