Hard_Configurator - Windows Hardening Configurator

Reldel1 said:
Yes, that was the problem, after running commandline I can now download without issue. Your the man,
Click to expand...
The local AI makes it all complicated. Those installers are not whitelisted by Microsoft yet, so they are checked by AI (local and in the cloud). If the AI detection is malware, then the dynamic signatures can block the file later, even when the detection was changed meanwhile. The situation looks dynamical, we will see what happen next.
 
  • Like
Reactions: Vasudev, Weebarra, vtqhtr413 and 5 others
In2an3_PpG said:
The Corrected version of HardConfigurator was also blocked when downloading via Edge using definitions 1.277.592.0 from yesterday morning. Simple enough though I just allowed the download and made an exclusion in defender for the .exe.
Click to expand...

This was my experience when downloading yesterday. Edge and Explorer set to "Warn". I already had set the exclusion. Not sure what definition version I had at the time. In any case, no problem here.
 
  • Like
Reactions: Weebarra, vtqhtr413, In2an3_PpG and 1 other person
It seems that Microsoft analyst decided to look at Hard_Configurator settings more thoroughly than before.
After 3 days of analyzing I have got the response:

"Hello Andy,

Thank you for the inquiry about your program. We will investigate and respond as soon as possible. If we need additional information we will contact you at this email address.

Sincerely,
Microsoft Windows Defender Response"

H_C can configure the settings deeply buried in Windows, so who knows what will happen.:emoji_thinking:
 
  • Like
Reactions: Weebarra, Der.Reisende, vtqhtr413 and 7 others
While logged into admin account 1, I enabled doc anti-exploit.
I then logged into admin account 2, opened H_C, and it said doc anti was set to "partial". So I enabled it again, while still logged into admin 2. Then I logged out.
I went back to admin 1, and I converted admin 2 to SUA.
Then I logged into the SUA (formerly admin 2). It said doc anti was set to "partial".
What's going on?
 
  • Like
Reactions: Weebarra and Andy Ful
shmu26 said:
While logged into admin account 1, I enabled doc anti-exploit.
I then logged into admin account 2, opened H_C, and it said doc anti was set to "partial". So I enabled it again, while still logged into admin 2. Then I logged out.
I went back to admin 1, and I converted admin 2 to SUA.
Then I logged into the SUA (formerly admin 2). It said doc anti was set to "partial".
What's going on?
Click to expand...

Changing account type changes some Windows settings at a deep level, e.g. in registry. So that probably explains why H_C will show slightly different variation in the settings.

I also noticed that some settings will revert even when I change them , for example disable fsi and xcacls. This is Windows blocking or reverting the setting and not a H_C failure.
 
  • Like
Reactions: Andy Ful and shmu26
shmu26 said:
While logged into admin account 1, I enabled doc anti-exploit.
I then logged into admin account 2, opened H_C, and it said doc anti was set to "partial". So I enabled it again, while still logged into admin 2. Then I logged out.
I went back to admin 1, and I converted admin 2 to SUA.
Then I logged into the SUA (formerly admin 2). It said doc anti was set to "partial".
What's going on?
Click to expand...
The H_C ver. 4.0.0.0 apply on amin account different settings than on SUA. So, there can be a problem if you convert Admin to SUA. Simply log to every Admin account and enable <Documents Anti-Exploit>.(y):giggle:
 
  • Like
Reactions: Weebarra, shmu26, oldschool and 2 others
@Andy Ful ... as you know Microsoft is making changes to Windows 1809 so it is going to mess with your H_C a little bit.

Not much, but enough for some people to say "Wut ?"

LOL... maybe add Help, technical explanation of SUA versus Admin accounts. There are people here who find that difficult to find infos useful and they appreciate it. Even if you point them to some webpages. However, I think your own personal explanations work a whole lot better... they are much more clear than any Microsoft documentation.

I am waiting for Windows to revert all settings after an update\upgrade (as it does with Exploit Guard modifications).

Not to state the obvious, but Windows suxx.
 
Last edited by a moderator:
  • Like
Reactions: shmu26 and harlan4096
Lockdown said:
@Andy Ful ... as you know Microsoft is making changes to Windows 1809 so it is going to mess with your H_C a little bit.

Not much, but enough for some people to say "Wut ?"

LOL... maybe add Help, technical explanation of SUA versus Admin accounts. There are people here who find that difficult to find infos useful and they appreciate it. Even if you point them to some webpages. However, I think your own personal explanations work a whole lot better... they are much more clear than any Microsoft documentation.
Click to expand...
I am finishing the new H_C ver. 4.0.0.1 and the <Documents Anti-Exploit> option from the main menu will be system-wide. I created the new tool DocumentsAntiExploit, which is available as the external program to manage non-system-wide settings, which can be different for the different accounts. This should prevent messing the SUA with Admin.
There are 3 kinds of settings for MS Office:
  1. System-wide policies for all accounts (stored in HKLM Registry Hive)
  2. Non-system-wide policies for the concrete account (stored in HKCU Registry Hive).
  3. Non-system-wide settings for the concrete account (stored in HKCU Registry Hive).
The first can be configured in H_C main window. The last two can be configured via DocumentsAntiExploit tool.
 
Last edited:
  • Like
Reactions: Weebarra, silversurfer, oldschool and 4 others
The corrected version of Hard_Configurator 4.0.0.0 was accepted by Microsoft as clean and is available on GitHub:
For 32-bit Windows
AndyFul/Hard_Configurator
For 64-bit Windows
AndyFul/Hard_Configurator
The names of installers are the same as before.
 
  • Like
Reactions: Weebarra, silversurfer, oldschool and 5 others
Andy Ful said:
The H_C ver. 4.0.0.0 apply on amin account different settings than on SUA. So, there can be a problem if you convert Admin to SUA. Simply log to every Admin account and enable <Documents Anti-Exploit>.(y):giggle:
Click to expand...
Thanks. Every time I think that I finally know it all, I find out something new...
 
  • Like
Reactions: Weebarra, In2an3_PpG, vtqhtr413 and 1 other person
Andy Ful said:
H_C is now a pretty complex program.
Click to expand...

Really ? I don't think so. H_C is quite simple. It is the monster inside Windows that is complex. H_C simply exposes Windows for the monster that it is. H_C unravels Microsoft's spaghetti code nightmare. :love:

However, all fun aside... it is well-packaged with a lot of useful features for the user. I think the Help files are especially good. I know it takes a lot of work to make it all function together.
 
  • Like
Reactions: askmark, JiSingh12, Andy Ful and 4 others
Lockdown said:
Really ? I don't think so. H_C is quite simple. It is the monster inside Windows that is complex. H_C simply exposes Windows for the monster that it is. H_C unravels Microsoft's spaghetti code nightmare. :love:
Click to expand...
Yes. That was precisely my intention.:giggle:
 
  • Like
  • Applause
Reactions: kylprq, Weebarra, shmu26 and 3 others
Andy Ful said:
Yes. That was precisely my intention.:giggle:
Click to expand...

The Polish are awesome. It takes Polish thinking and practicality to bring light to darkness. :love:

Why buy an electric can opener when a hand-operated can opener does it all - and no electric bill ?

How did our ancestors create such a mess ? Where they stupid or just plain dumb ?
 
Last edited by a moderator:
  • Like
Reactions: Andy Ful, shmu26 and harlan4096

You may also like...