Hard_Configurator - Windows Hardening Configurator

5

509322

shmu26 said:
"Sponsors" is roughly the same as "vulnerable processes", a concept you might be familiar with from other security softs.
It's things like powershell, wscript, mshta, cmd, etc.
Click to expand...

By "sponsors" (sponsorów) I think @Andy Ful means "interpreters" (Polish literal translation is tłumacze) and\or the hosting processes. For example, PowerShell is an interpreter that "sponsors" or hosts .ps1 files and hh.exe "sponsors" or hosts .chm files.
 
  • Like
Reactions: AtlBo, vtqhtr413, oldschool and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
When I introduced <Block Sponsors> feature, I had in mind interpreters and commandline administrative tools, which could be used to bypass default-deny SRP, because of whitelisting the Windows folder.
 
  • Like
Reactions: AtlBo, vtqhtr413, silversurfer and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
oldschool said:
@Andy Ful can you please expand/explain in more detail as it relates to Blocked Sponsors? I see in the manual it suggests using this setting when on an unsecured network. :notworthy::)

Edit: OK, I see the discussion continues in Post #433 and on re: MS Office 2007, which explains more. I can see well enough that I need not enable a feature like Blocked Sponsors unless in unsecure environment.
Click to expand...
The <Block Sponsors> feature was intended to use in the unsecured environment or when you suspect that something could be exploited. Blocking the sponsors by Hard_Configurator settings should not break down Windows Updates, but a few programs from the blacklist can be required sometimes to configure something after updates. Also, Windows Updates can have bugs which are not visible on non-restricted systems, but can spoil something on the highly restricted one. I am not a big fan of blocking many sponsors, except maybe interpreters.
The recommended setup and safe habits should focus on preventing exploits & malware by not-executing them in the first place. If so, then blocking many sponsors are not needed.
 
  • Like
Reactions: ForgottenSeer 85179, AtlBo, vtqhtr413 and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
oldschool said:
@Andy Ful - I assume that with default/deny setup in H_C protects Windows Firewall since it is in the protected Program Files. Is this correct?
Click to expand...
'Program Files' folder is protected by Windows default ACL permissions and UAC settings. What do you mean by saying that Windows Firewall is in 'Program Files'?
Windows Firewall is protected on Windows OS by default.
Hard_Configurator default-deny settings can apply the second level protection via restricting the possibilities to abuse Windows processes and firewall settings.
 
  • Like
Reactions: vtqhtr413, AtlBo, Jack and 3 others
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,106
Andy Ful said:
'Program Files' folder is protected by Windows default ACL permissions and UAC settings. What do you mean by saying that Windows Firewall is in 'Program Files'?
Windows Firewall is protected on Windows OS by default.
Hard_Configurator default-deny settings can apply the second level protection via restricting the possibilities to abuse Windows processes and firewall settings.
Click to expand...

I guess I knew that WF was protected in OS by default, but I also know WF can be bypassed. So H_C in default-deny adds a 2nd layer of protection by blocking processes that can be used to bypass WF. My query as worded was insufficient or improperly posed. I was simply trying to clarify/expand my understanding about how WF is protected since my knowledge of Windows processes themselves is limited.
 
  • Like
Reactions: vtqhtr413, AtlBo, Jack and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Andy Ful said:
'
...
What do you mean by saying that Windows Firewall is in 'Program Files'?
...
Click to expand...
I was not sure If you did not just install 3rd party firewall in Program Files.(y)
Personally, I use Public Network profile. The below fragment form www.howtogeek.com shows nicely the difference as compared to the default Private Network profile:

"You can customize how Windows treats Private and Public networks, but here’s how it works by default.

On Private networks, Windows enables network discovery features. Other devices can see your Windows computer on the network, allowing for easy file sharing and other networked features. Windows will also use the Homegroup feature to share files and media between your PCs.

On Public networks–like those in coffee shops–you don’t want your computer to be seen by others, though, or share your files with them. So Windows turns off these discovery features. it won’t appear to other devices on the network and won’t try to discover them. Even if you’ve set up a Homegroup on your PC, it won’t be enabled on a public network.

It’s simple, really. Windows assumes that your private networks–like your home or work networks–are trusted networks full of other devices you may want to connect to. Windows assumes that public networks are full of other people’s devices you don’t want to connect to, so it uses different settings."

The easy way to set the Public Network profile:
Step 1 - click on the Wi-Fi icon in the System Tray
Step 2 - look at the 'Connected' Wi-Fi connection at the top of the list, click 'Properties'
Step 3 - tick Public under the Network Profile section.
How to change Windows 10 network location from Public to Private | TinkerTry IT @ Home
 
  • Like
Reactions: Gerbitz, ForgottenSeer 85179, vtqhtr413 and 7 others
F

ForgottenSeer 72227

Andy Ful said:
The easy way to set the Public Network profile:
Step 1 - click on the Wi-Fi icon in the System Tray
Step 2 - look at the 'Connected' Wi-Fi connection at the top of the list, click 'Properties'
Step 3 - tick Public under the Network Profile section.
Click to expand...

I just want to add a little side note, make sure that UAC is at default when changing this setting. I know it seems stupid, but I was trying to change this setting once, but couldn't find it for the life of me. It wasn't until (by some fluke) that I realized that having UAC on max hides this setting. So if you have UAC set to max, set it back to default, make your change and set UAC back to maximum.
 
  • Like
Reactions: vtqhtr413, AtlBo, tsunami and 9 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Raiden said:
I just want to add a little side note, make sure that UAC is at default when changing this setting. I know it seems stupid, but I was trying to change this setting once, but couldn't find it for the life of me. It wasn't until (by some fluke) that I realized that having UAC on max hides this setting. So if you have UAC set to max, set it back to default, make your change and set UAC back to maximum.
Click to expand...
Thanks for the tip!
 
  • Like
Reactions: vtqhtr413, AtlBo, ForgottenSeer 72227 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
@Raiden is right. The settings magically disappear when UAC is set to max.:emoji_ok_hand:
Using PowerShell on Windows 10 to set the Public Network profile:
Set-NetConnectionProfile -NetworkCategory Public
and for restoring Private:
Set-NetConnectionProfile -NetworkCategory Private
 
  • Like
Reactions: ForgottenSeer 85179, vtqhtr413, AtlBo and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
shmu26 said:
If you turn off network discovery, isn't it the same thing? On my desktop, I have private network, but no network discovery.
Click to expand...
There are some other differences on Windows 8.1 and prior versions, like disabled HomeGroup in Public Network and different Firewall abilities (some rules could not work in Public Network profile).
In the new Windows 10 versions, there is no HomeGroup feature anymore, but still, there are some differences in the Firewall (Remote Desktop rules will not work by default in Public Network profile).
 
Last edited:
  • Like
Reactions: vtqhtr413, AtlBo, shmu26 and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
I made a quick test. When on Publick Network profile, I ran the below command In CMD:
WinRM quickconfig
The WinRM service was started successfully but I got the message that WinRM exception rule in the firewall could not work because of Public Network profile.
When I did the same on Private Network profile, I got the additional message that the LocalAccountTokenFilterPolicy has to be configured. When I pressed Yes, then WinRM exception rule in the firewall was successfully enabled.

Edit.
The short info about winrm quickconfig command:
***************************************************************************************************
Quick Default Configuration

You can enable the WS-Management protocol on the local computer and set up the default configuration for remote management with the following command: Winrm quickconfig.

The winrm quickconfig command (or the abbreviated version winrm qc) performs the following operations:
  • Starts the WinRM service, and sets the service startup type to auto-start.
  • Configures a listener for the ports that send and receive WS-Management protocol messages using either HTTP or HTTPS on any IP address.
  • Defines ICF exceptions for the WinRM service, and opens the ports for HTTP and HTTPS.
Note The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, winrm quickconfig should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.
*******************************************************************************************************
Installation and Configuration for Windows Remote Management
 
Last edited:
  • Like
Reactions: ForgottenSeer 85179, vtqhtr413, AtlBo and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
shmu26 said:
If you turn off network discovery, isn't it the same thing? On my desktop, I have private network, but no network discovery.
Click to expand...
When using Hard_Configurator with <Block Remote Access> = ON, the Remote Desktop + Remote Assistance + Remote Shell + Remote Registry are disabled. So, if the network discovery is disabled, then the difference between Public and Private Network profiles may be indeed negligible.
 
Last edited:
  • Like
Reactions: vtqhtr413, AtlBo, shmu26 and 2 others
In2an3_PpG

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
@Andy Ful, Any reason why "Run as SmartScreen" would be grayed out? I tried looking to see if this was discussed prior but could not find anything. This is on 64 bit Windows 7 Home.

1535637209209.png
 
  • Like
Reactions: vtqhtr413, AtlBo, Andy Ful and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
On Windows 7, the SmartScreen works only as the Internet Explorer feature. In Windows 8+, it works also as the Windows Explorer feature for files marked with 'Mark Of the Web' (MOTW). Hard_Configurator configures an option in the right-click Explorer context menu ("Run As SmartScreen" or "Run By SmartScreen") which can add the MOTW just before the file is executed. So, it forces SmartScreen check also for files which initially were not marked with MOTW.
 
Last edited:
  • Like
Reactions: AtlBo, harlan4096, Sunshine-boy and 3 others

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
254
Views
17,052
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
21,956
Hard_Configurator Tools
South Park
South Park
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
468
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top