Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Why on SUA, only VBAOFF? Just curious.
There are some technical problems with applying HKCU keys from Hard_Configurator, because it is really never running on SUA, but always on Admin account. I solved this problem in version 4.0.0.1.
I chose to push the version 4.0.0.0 with somewhat unfinished <Document Anti-Exploit> feature, because on Windows 10 the VBAOFF + WD ASR + default-deny SRP give the user very strong protection. It is strong, even without VBAOFF feature, but VBA interpreter is so dangerous that some sophisticated malware in the wild could bypass WD ASR + SRP default-deny.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
There are some technical problems with applying HKCU keys from Hard_Configurator, because it is really never running on SUA, but always on Admin account.
So if I want those registry tweaks on a SUA, I can change the account to Admin, run HC, and then change it back to SUA?
By the way, I don't know how you even found all those registry entries to tweak. That is mind-boggling.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
So if I want those registry tweaks on a SUA, I can change the account to Admin, run HC, and then change it back to SUA?
By the way, I don't know how you even found all those registry entries to tweak. That is mind-boggling.
In the version 4.0.0.0 the tweaks will be always for the Admin account (HKCU Hive) and for all accounts (HKLM Hive) - never mind if H_C is started from SUA or Admin.
I have much time for researching.:giggle:
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Andy Ful do you have the download link for this at all?

~LDogg
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
Very much appreciated. When running what settings would you recommend for me to use?

~LDogg
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Very much appreciated. When running what settings would you recommend for me to use?

~LDogg
Please, start with the recommended settings (<Recommended SRP > + <Recommended Restrictions>).
If you will have any questions, then post here, I will help you. Every option has the help file with some instructions.(y)
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.

Thanks @Andy Ful! I installed over the top of the last version without any issues. (y)
 

Reldel1

Level 2
Verified
Jun 12, 2017
50
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.

Andy,
This morning Windows Defender update version 1.277.605.0 is tagging your corrected installer, when downloaded with Edge as Trojan:Win32Spursint.F!cl. See attached. NOTE: 1.277.631.0, latest version doing the same.
 

Attachments

  • Annotation.png
    Annotation.png
    31.7 KB · Views: 255
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Andy,
This morning Windows Defender update version 1.277.605.0 is tagging your corrected installer, when downloaded with Edge as Trojan:Win32Spursint.F!cl. See attached. NOTE: 1.277.631.0, latest version doing the same.
Interesting. I check the submission for the corrected version - stiIl pending.
I tried a minute ago to download and install the corrected version without issues with updated Defender signatures: 1.277.631.0
Very strange. Could someone test it, too.?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Reldel1,
Could you please check if the detection can be related to your local dynamic signatures, by running the below commandline from c:\Program Files\Windows Defender folder:
MpCmdRun.exe -removedefinitions -dynamicsignatures
and downloading the file again?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I checked all submissions (Emsisoft, Microsoft, Symantec). The Emsisoft analyst Elise van Dorp is unbeatable, but Symantec is also good - both managed to whitelist the corrected Hard_Configurator executables in some hours.(y):giggle:
 

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
The Corrected version of HardConfigurator was also blocked when downloading via Edge using definitions 1.277.592.0 from yesterday morning. Simple enough though I just allowed the download and made an exclusion in defender for the .exe.
 

Reldel1

Level 2
Verified
Jun 12, 2017
50
@Reldel1,
Could you please check if the detection can be related to your local dynamic signatures, by running the below commandline from c:\Program Files\Windows Defender folder:
MpCmdRun.exe -removedefinitions -dynamicsignatures
and downloading the file again?
Yes, that was the problem, after running commandline I can now download without issue. Your the man,
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top