Hard_Configurator - Windows Hardening Configurator

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,480
shmu26 said:
Why on SUA, only VBAOFF? Just curious.
Click to expand...
There are some technical problems with applying HKCU keys from Hard_Configurator, because it is really never running on SUA, but always on Admin account. I solved this problem in version 4.0.0.1.
I chose to push the version 4.0.0.0 with somewhat unfinished <Document Anti-Exploit> feature, because on Windows 10 the VBAOFF + WD ASR + default-deny SRP give the user very strong protection. It is strong, even without VBAOFF feature, but VBA interpreter is so dangerous that some sophisticated malware in the wild could bypass WD ASR + SRP default-deny.
 
  • Like
Reactions: Sunshine-boy, oldschool, harlan4096 and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
There are some technical problems with applying HKCU keys from Hard_Configurator, because it is really never running on SUA, but always on Admin account.
Click to expand...
So if I want those registry tweaks on a SUA, I can change the account to Admin, run HC, and then change it back to SUA?
By the way, I don't know how you even found all those registry entries to tweak. That is mind-boggling.
 
  • Like
Reactions: Andy Ful and oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,480
shmu26 said:
So if I want those registry tweaks on a SUA, I can change the account to Admin, run HC, and then change it back to SUA?
By the way, I don't know how you even found all those registry entries to tweak. That is mind-boggling.
Click to expand...
In the version 4.0.0.0 the tweaks will be always for the Admin account (HKCU Hive) and for all accounts (HKLM Hive) - never mind if H_C is started from SUA or Admin.
I have much time for researching.:giggle:
 
  • Like
Reactions: Gandalf_The_Grey, In2an3_PpG, harlan4096 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,480
LDogg said:
@Andy Ful do you have the download link for this at all?

~LDogg
Click to expand...
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
 
  • Like
Reactions: Gandalf_The_Grey, silversurfer, Weebarra and 3 others
LDogg

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Andy Ful said:
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
Click to expand...
Very much appreciated. When running what settings would you recommend for me to use?

~LDogg
 
  • Like
Reactions: Gandalf_The_Grey, Weebarra, shmu26 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,480
LDogg said:
Very much appreciated. When running what settings would you recommend for me to use?

~LDogg
Click to expand...
Please, start with the recommended settings (<Recommended SRP > + <Recommended Restrictions>).
If you will have any questions, then post here, I will help you. Every option has the help file with some instructions.(y)
 
  • Like
Reactions: Gandalf_The_Grey, Weebarra, harlan4096 and 2 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
Andy Ful said:
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
Click to expand...

Thanks @Andy Ful! I installed over the top of the last version without any issues. (y)
 
  • Like
Reactions: Gandalf_The_Grey, Weebarra, Andy Ful and 3 others
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Andy Ful said:
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
Click to expand...

Andy,
This morning Windows Defender update version 1.277.605.0 is tagging your corrected installer, when downloaded with Edge as Trojan:Win32Spursint.F!cl. See attached. NOTE: 1.277.631.0, latest version doing the same.
 

Attachments

  • Annotation.png
    Annotation.png
    31.7 KB · Views: 294
Last edited:
  • Like
Reactions: Gandalf_The_Grey, vtqhtr413, oldschool and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,480
Reldel1 said:
Andy,
This morning Windows Defender update version 1.277.605.0 is tagging your corrected installer, when downloaded with Edge as Trojan:Win32Spursint.F!cl. See attached. NOTE: 1.277.631.0, latest version doing the same.
Click to expand...
Interesting. I check the submission for the corrected version - stiIl pending.
I tried a minute ago to download and install the corrected version without issues with updated Defender signatures: 1.277.631.0
Very strange. Could someone test it, too.?
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey, vtqhtr413, oldschool and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,480
@Reldel1,
Could you please check if the detection can be related to your local dynamic signatures, by running the below commandline from c:\Program Files\Windows Defender folder:
MpCmdRun.exe -removedefinitions -dynamicsignatures
and downloading the file again?
 
  • Like
Reactions: vtqhtr413, oldschool and harlan4096
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,480
I checked all submissions (Emsisoft, Microsoft, Symantec). The Emsisoft analyst Elise van Dorp is unbeatable, but Symantec is also good - both managed to whitelist the corrected Hard_Configurator executables in some hours.(y):giggle:
 
  • Like
Reactions: Gandalf_The_Grey, vtqhtr413, oldschool and 2 others
In2an3_PpG

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
The Corrected version of HardConfigurator was also blocked when downloading via Edge using definitions 1.277.592.0 from yesterday morning. Simple enough though I just allowed the download and made an exclusion in defender for the .exe.
 
  • Like
Reactions: vtqhtr413, oldschool and Andy Ful
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Andy Ful said:
@Reldel1,
Could you please check if the detection can be related to your local dynamic signatures, by running the below commandline from c:\Program Files\Windows Defender folder:
MpCmdRun.exe -removedefinitions -dynamicsignatures
and downloading the file again?
Click to expand...
Yes, that was the problem, after running commandline I can now download without issue. Your the man,
 
  • Like
Reactions: vtqhtr413, oldschool, Andy Ful and 1 other person

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,414
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,081
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top