Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

Yes, that was the problem, after running commandline I can now download without issue. Your the man,

The local AI makes it all complicated. Those installers are not whitelisted by Microsoft yet, so they are checked by AI (local and in the cloud). If the AI detection is malware, then the dynamic signatures can block the file later, even when the detection was changed meanwhile. The situation looks dynamical, we will see what happen next.

 

[oldschool]

The Corrected version of HardConfigurator was also blocked when downloading via Edge using definitions 1.277.592.0 from yesterday morning. Simple enough though I just allowed the download and made an exclusion in defender for the .exe.

This was my experience when downloading yesterday. Edge and Explorer set to "Warn". I already had set the exclusion. Not sure what definition version I had at the time. In any case, no problem here.

 

[JiSingh12]

Hiii,

Is this necessary when running Avast Free Moderate, & OSArmor doing real-time protection with SysHardener also installed?

 

[Andy Ful]

Hiii,
Is this necessary when running Avast Free Moderate, & OSArmor doing real-time protection with SysHardener also installed?

This can be a long discussion, so maybe better ask on the OSArmor thread or SysHardener thread?

 

[oldschool]

This can be a long discussion, so maybe better ask on the OSArmor thread or SysHardener thread?

Agreed. Please post @ either of those threads or as a Q & A thread.

 

[shmu26]

Will the new version of HC be good for MS Office 2019? Or maybe the old version is already good?

 

[Andy Ful]

Will the new version of HC be good for MS Office 2019? Or maybe the old version is already good?

I will add the support for it in the next year. I need to install the trial.

 

[JiSingh12]

better ask on the OSArmor thread or SysHardener thread?

Thanks. No worries . I have started a threat within the NVT forum

 

[Andy Ful]

It seems that Microsoft analyst decided to look at Hard_Configurator settings more thoroughly than before.
After 3 days of analyzing I have got the response:

"Hello Andy,

Thank you for the inquiry about your program. We will investigate and respond as soon as possible. If we need additional information we will contact you at this email address.

Sincerely,
Microsoft Windows Defender Response"

H_C can configure the settings deeply buried in Windows, so who knows what will happen.

 

[shmu26]

While logged into admin account 1, I enabled doc anti-exploit.
I then logged into admin account 2, opened H_C, and it said doc anti was set to "partial". So I enabled it again, while still logged into admin 2. Then I logged out.
I went back to admin 1, and I converted admin 2 to SUA.
Then I logged into the SUA (formerly admin 2). It said doc anti was set to "partial".
What's going on?

 

[509322]

While logged into admin account 1, I enabled doc anti-exploit.
I then logged into admin account 2, opened H_C, and it said doc anti was set to "partial". So I enabled it again, while still logged into admin 2. Then I logged out.
I went back to admin 1, and I converted admin 2 to SUA.
Then I logged into the SUA (formerly admin 2). It said doc anti was set to "partial".
What's going on?

Changing account type changes some Windows settings at a deep level, e.g. in registry. So that probably explains why H_C will show slightly different variation in the settings.

I also noticed that some settings will revert even when I change them , for example disable fsi and xcacls. This is Windows blocking or reverting the setting and not a H_C failure.

 

[Andy Ful]

While logged into admin account 1, I enabled doc anti-exploit.
I then logged into admin account 2, opened H_C, and it said doc anti was set to "partial". So I enabled it again, while still logged into admin 2. Then I logged out.
I went back to admin 1, and I converted admin 2 to SUA.
Then I logged into the SUA (formerly admin 2). It said doc anti was set to "partial".
What's going on?

The H_C ver. 4.0.0.0 apply on amin account different settings than on SUA. So, there can be a problem if you convert Admin to SUA. Simply log to every Admin account and enable <Documents Anti-Exploit>.

 

[509322]

@Andy Ful ... as you know Microsoft is making changes to Windows 1809 so it is going to mess with your H_C a little bit.

Not much, but enough for some people to say "Wut ?"

LOL... maybe add Help, technical explanation of SUA versus Admin accounts. There are people here who find that difficult to find infos useful and they appreciate it. Even if you point them to some webpages. However, I think your own personal explanations work a whole lot better... they are much more clear than any Microsoft documentation.

I am waiting for Windows to revert all settings after an update\upgrade (as it does with Exploit Guard modifications).

Not to state the obvious, but Windows suxx.

 

[Andy Ful]

@Andy Ful ... as you know Microsoft is making changes to Windows 1809 so it is going to mess with your H_C a little bit.

Not much, but enough for some people to say "Wut ?"

LOL... maybe add Help, technical explanation of SUA versus Admin accounts. There are people here who find that difficult to find infos useful and they appreciate it. Even if you point them to some webpages. However, I think your own personal explanations work a whole lot better... they are much more clear than any Microsoft documentation.

I am finishing the new H_C ver. 4.0.0.1 and the <Documents Anti-Exploit> option from the main menu will be system-wide. I created the new tool DocumentsAntiExploit, which is available as the external program to manage non-system-wide settings, which can be different for the different accounts. This should prevent messing the SUA with Admin.
There are 3 kinds of settings for MS Office:

1. System-wide policies for all accounts (stored in HKLM Registry Hive)
2. Non-system-wide policies for the concrete account (stored in HKCU Registry Hive).
3. Non-system-wide settings for the concrete account (stored in HKCU Registry Hive).

The first can be configured in H_C main window. The last two can be configured via DocumentsAntiExploit tool.

 

[Andy Ful]

The corrected version of Hard_Configurator 4.0.0.0 was accepted by Microsoft as clean and is available on GitHub:
For 32-bit Windows
AndyFul/Hard_Configurator
For 64-bit Windows
AndyFul/Hard_Configurator
The names of installers are the same as before.

 

[shmu26]

The H_C ver. 4.0.0.0 apply on amin account different settings than on SUA. So, there can be a problem if you convert Admin to SUA. Simply log to every Admin account and enable <Documents Anti-Exploit>.

Thanks. Every time I think that I finally know it all, I find out something new...

 

[Andy Ful]

Thanks. Every time I think that I finally know it all, I find out something new...

H_C is now a pretty complex program.

 

[509322]

H_C is now a pretty complex program.

Really ? I don't think so. H_C is quite simple. It is the monster inside Windows that is complex. H_C simply exposes Windows for the monster that it is. H_C unravels Microsoft's spaghetti code nightmare.

However, all fun aside... it is well-packaged with a lot of useful features for the user. I think the Help files are especially good. I know it takes a lot of work to make it all function together.

 

[Andy Ful]

Really ? I don't think so. H_C is quite simple. It is the monster inside Windows that is complex. H_C simply exposes Windows for the monster that it is. H_C unravels Microsoft's spaghetti code nightmare.

Yes. That was precisely my intention.

 

[509322]

Yes. That was precisely my intention.

The Polish are awesome. It takes Polish thinking and practicality to bring light to darkness.

Why buy an electric can opener when a hand-operated can opener does it all - and no electric bill ?

How did our ancestors create such a mess ? Where they stupid or just plain dumb ?