Hard_Configurator - Windows Hardening Configurator

shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
I had in mind the single, but unspecified computer. Could it be right something like that:
"adjusting the configuration to the specific computer hardware/software".
"adjusting the configuration to the specific computer environment".
"adjusting the configuration for the particular computer"
Click to expand...
The first one sounds best, to my ears.
 
  • Like
Reactions: askmark, oldschool, Weebarra and 1 other person
F

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
Anyone got the sha256 from the old Hard_Configurator 4.0.0.0?
Is it by chance SHA-256 9cb9a4a7892da4808908bcfe854f6ebf0d5c07fe67ad7a383cb2757b0eedf324 ?
 
  • Like
Reactions: shmu26
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
  • Like
Reactions: bribon77, oldschool, harlan4096 and 2 others
F

ForgottenSeer 69673

For those that replied to Freki123 in the malware assistance thread. Only dedicated helpers are allowe
 
  • Like
Reactions: shmu26
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
@Andy Ful - I uninstalled H_C recently (at my wife's 'request' :)) and installed the new versions of ConfigureDefender and RunBySmartscreen. Since then I have Windows Explorer opening on startup or restart. It's quite annoying. I posted this issue in Troubleshooting thread but thought I should check here as well to see if it's related to these changes. Thanks in advance!

File Explorer issue solved in Settings>Apps>Startup>WE>OFF. User error which Administrator solved! :LOL:

BTW, I'm using VoodooShield only and my wife is happy - and you know the saying - "Happy wife, happy life!". :cool:
 
Last edited:
  • Like
Reactions: vtqhtr413, Gandalf_The_Grey, Andy Ful and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
A few days ago @Windows_Security posted the steps to install and forget default deny on Windows 10 with Windows Defender.
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Some steps are automatically included when using Hard_Configurator, so I would like to show the easy way of making such a setup with H_C:
  1. Install H_C (ConfigureDefender is already in H_C). Press <ConfigureDefender> button and apply <Defender High> settings. Close ConfigureDefender.
  2. Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile. This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
  3. Use <Block Sponsors> button to block mshta.exe and iexplore.exe. You can add more sponsors if required. If particular applications require HTA files, then do not block mshta.exe, but make the Firewall rule to block the Internet access for it.
  4. Configure your browser via 5 b) and c) steps included in @Windows_Security post. You can skip the 5 c) step if you like to use only Edge browser.
 
Last edited:
  • Like
Reactions: ForgottenSeer 85179, In2an3_PpG, Handsome Recluse and 6 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile (MSI tweak is already included). This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
Click to expand...
What about wscript ?
And what is this MSI tweak?
 
  • Like
Reactions: oldschool, silversurfer, Gandalf_The_Grey and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
shmu26 said:
What about wscript ?
And what is this MSI tweak?
Click to expand...
Blocking wscript.exe/cscript.exe is not required, because Windows Script Host is properly blocked by SRP Enforcement setting set to 'Skip DLLs'. Furthermore, you can whitelist particular scripts with this setting, which is not possible when you block wscript.exe and cscript.exe.
MSI tweak is the same as the H_C option <More ...><MSI Elevation>.
 
Last edited:
  • Like
Reactions: ForgottenSeer 85179, In2an3_PpG, oldschool and 4 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
Blocking wscript.exe/cscript.exe is not required, because Windows Script Host is properly blocked by SRP Enforcement setting set to 'Skip DLLs'. Furthermore, you can whitelist particular scripts with this setting, which is not possible when you block wscript.exe and cscript.exe.
MSI tweak is the same as the H_C option <More ...><MSI Elevation>.
Click to expand...
So "Recommended SRP" already blocks Windows script host (wscript and cscript), without even using the Sponsors tab? What other sponsors does it block?
 
  • Like
Reactions: oldschool, harlan4096, silversurfer and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
shmu26 said:
So "Recommended SRP" already blocks Windows script host (wscript and cscript), without even using the Sponsors tab? What other sponsors does it block?
Click to expand...
That depends on Windows version. On Windows 10 the option <Recommended SRP> blocks:
  1. CMD shell (BAT, CMD scripts), Windows Script Host (JS, VBS, JSE, VBE, and any file which has the code interpreted by cscript.exe or wscript.exe), MSI Installer. This is blocked by the proper SRP Enforcement and Default Security Level settings. CMD Shell commandlines and CMD console are not blocked.
  2. Advanced functions in PowerShell via Constrained Language Mode. PowerShell commandlines and PowerShell console are not blocked - yet, advanced PowerShell functions are disabled. Additionally <Recommended Restrictions> option applies <No PowerShell Exec.> = ON, to block PowerShell script execution.
  3. HTA, CHM, CPL, MSC, and other dangerous files are blocked only when the user tries to open them. Those files can be run when using the commandlines with sponsors.
The points 1 and 2 are very strong against malicious Windows Script Host and PowerShell scripts (also fileless), even when the system was exploited.
The point 3, protects the user against being fooled to run malicious files. But, when the system is exploited, then those files can be run as standard user via sponsors. So, when the user have installed the vulnerable applications, they should be protected by other features, like <Documents Anti-Exploit> (MS Office, Adobe Acrobat Reader), Firewall rules for sponsors, or blocking sponsors via <Block Sponsors>. The users with WD real-time protection can also activate ASR rules, available in ConfigureDefender - they are also automatically activated by the option <Defender high settings>.
 
Last edited:
  • Like
Reactions: ForgottenSeer 85179, In2an3_PpG, Deletedmessiah and 5 others
Windows_Security

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Andy Ful said:
A few days ago @Windows_Security posted the steps to install and forget default deny on Windows 10 with Windows Defender.
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Some steps are automatically included when using Hard_Configurator, so I would like to show the easy way of making such a setup with H_C:
  1. Install H_C (ConfigureDefender is already in H_C). Press <ConfigureDefender> button and apply <Defender High> settings. Close ConfigureDefender.
  2. Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile. This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
  3. Use <Block Sponsors> button to block mshta.exe and iexplore.exe. You can add more sponsors if required. If particular applications require HTA files, then do not block mshta.exe, but make the Firewall rule to block the Internet access for it.
  4. Configure your browser via 5 b) and c) steps included in @Windows_Security post. You can skip the 5 c) step if you like to use only Edge browser.
Click to expand...
Easier is better :emoji_pray::emoji_ok_hand:(y) I did no know, good work, you should rename the profile to WIndows_10_Security_recommended" :)
 
  • Like
Reactions: In2an3_PpG, oldschool, Deletedmessiah and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Windows_Security said:
Easier is better :emoji_pray::emoji_ok_hand:(y) I did no know, good work, you should rename the profile to WIndows_10_Security_recommended" :)
Click to expand...
"Windows_10_Recommended_Enhanced" profile includes also:
  1. Blocking shortcuts (except some special locations).
  2. Blocking file execution in writable c:\Windows subfolders.
  3. Disabling SMB 1.0 protocol.
  4. Disabling 16-bit programs.
  5. Blocking additional sponsors: csc.exe, InstallUtil.exe, reg.exe, regini.exe, schtasks.exe.
It is opened for some other useful restrictions, which will not produce false positives. If it will be finished, and @Windows_Security will like it, then I should probably rename it to WIndows_10_Security_recommended.:giggle:
Hard_Configurator has also the option to save profile via <Save Profile> option, so the user can create & save his/her custom made profiles.
 
Last edited:
  • Like
Reactions: In2an3_PpG, Windows_Security, Deletedmessiah and 6 others

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,418
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,091
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top