shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,960
OS
Windows 10
I had in mind the single, but unspecified computer. Could it be right something like that:
"adjusting the configuration to the specific computer hardware/software".
"adjusting the configuration to the specific computer environment".
"adjusting the configuration for the particular computer"
The first one sounds best, to my ears.
 
Joined
Aug 10, 2013
Messages
133
Anyone got the sha256 from the old Hard_Configurator 4.0.0.0?
Is it by chance SHA-256 9cb9a4a7892da4808908bcfe854f6ebf0d5c07fe67ad7a383cb2757b0eedf324 ?
 
Likes: shmu26

Andy Ful

Level 32
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,126
OS
Windows 10
Antivirus
Microsoft

oldschool

Level 15
Verified
Joined
Mar 29, 2018
Messages
710
OS
Windows 10
Antivirus
Cylance
@Andy Ful - I uninstalled H_C recently (at my wife's 'request' :)) and installed the new versions of ConfigureDefender and RunBySmartscreen. Since then I have Windows Explorer opening on startup or restart. It's quite annoying. I posted this issue in Troubleshooting thread but thought I should check here as well to see if it's related to these changes. Thanks in advance!

File Explorer issue solved in Settings>Apps>Startup>WE>OFF. User error which Administrator solved! :LOL:

BTW, I'm using VoodooShield only and my wife is happy - and you know the saying - "Happy wife, happy life!". :cool:
 
Last edited:

Andy Ful

Level 32
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,126
OS
Windows 10
Antivirus
Microsoft
A few days ago @Windows_Security posted the steps to install and forget default deny on Windows 10 with Windows Defender.
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Some steps are automatically included when using Hard_Configurator, so I would like to show the easy way of making such a setup with H_C:
  1. Install H_C (ConfigureDefender is already in H_C). Press <ConfigureDefender> button and apply <Defender High> settings. Close ConfigureDefender.
  2. Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile. This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
  3. Use <Block Sponsors> button to block mshta.exe and iexplore.exe. You can add more sponsors if required. If particular applications require HTA files, then do not block mshta.exe, but make the Firewall rule to block the Internet access for it.
  4. Configure your browser via 5 b) and c) steps included in @Windows_Security post. You can skip the 5 c) step if you like to use only Edge browser.
 
Last edited:

shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,960
OS
Windows 10
Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile (MSI tweak is already included). This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
What about wscript ?
And what is this MSI tweak?
 

Andy Ful

Level 32
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,126
OS
Windows 10
Antivirus
Microsoft
What about wscript ?
And what is this MSI tweak?
Blocking wscript.exe/cscript.exe is not required, because Windows Script Host is properly blocked by SRP Enforcement setting set to 'Skip DLLs'. Furthermore, you can whitelist particular scripts with this setting, which is not possible when you block wscript.exe and cscript.exe.
MSI tweak is the same as the H_C option <More ...><MSI Elevation>.
 
Last edited:

shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,960
OS
Windows 10
Blocking wscript.exe/cscript.exe is not required, because Windows Script Host is properly blocked by SRP Enforcement setting set to 'Skip DLLs'. Furthermore, you can whitelist particular scripts with this setting, which is not possible when you block wscript.exe and cscript.exe.
MSI tweak is the same as the H_C option <More ...><MSI Elevation>.
So "Recommended SRP" already blocks Windows script host (wscript and cscript), without even using the Sponsors tab? What other sponsors does it block?
 

Andy Ful

Level 32
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,126
OS
Windows 10
Antivirus
Microsoft
So "Recommended SRP" already blocks Windows script host (wscript and cscript), without even using the Sponsors tab? What other sponsors does it block?
That depends on Windows version. On Windows 10 the option <Recommended SRP> blocks:
  1. CMD shell (BAT, CMD scripts), Windows Script Host (JS, VBS, JSE, VBE, and any file which has the code interpreted by cscript.exe or wscript.exe), MSI Installer. This is blocked by the proper SRP Enforcement and Default Security Level settings. CMD Shell commandlines and CMD console are not blocked.
  2. Advanced functions in PowerShell via Constrained Language Mode. PowerShell commandlines and PowerShell console are not blocked - yet, advanced PowerShell functions are disabled. Additionally <Recommended Restrictions> option applies <No PowerShell Exec.> = ON, to block PowerShell script execution.
  3. HTA, CHM, CPL, MSC, and other dangerous files are blocked only when the user tries to open them. Those files can be run when using the commandlines with sponsors.
The points 1 and 2 are very strong against malicious Windows Script Host and PowerShell scripts (also fileless), even when the system was exploited.
The point 3, protects the user against being fooled to run malicious files. But, when the system is exploited, then those files can be run as standard user via sponsors. So, when the user have installed the vulnerable applications, they should be protected by other features, like <Documents Anti-Exploit> (MS Office, Adobe Acrobat Reader), Firewall rules for sponsors, or blocking sponsors via <Block Sponsors>. The users with WD real-time protection can also activate ASR rules, available in ConfigureDefender - they are also automatically activated by the option <Defender high settings>.
 
Last edited:

Windows_Security

Level 19
Content Creator
Verified
Joined
Mar 13, 2016
Messages
922
OS
Windows 7
A few days ago @Windows_Security posted the steps to install and forget default deny on Windows 10 with Windows Defender.
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Some steps are automatically included when using Hard_Configurator, so I would like to show the easy way of making such a setup with H_C:
  1. Install H_C (ConfigureDefender is already in H_C). Press <ConfigureDefender> button and apply <Defender High> settings. Close ConfigureDefender.
  2. Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile. This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
  3. Use <Block Sponsors> button to block mshta.exe and iexplore.exe. You can add more sponsors if required. If particular applications require HTA files, then do not block mshta.exe, but make the Firewall rule to block the Internet access for it.
  4. Configure your browser via 5 b) and c) steps included in @Windows_Security post. You can skip the 5 c) step if you like to use only Edge browser.
Easier is better :emoji_pray::emoji_ok_hand:(y) I did no know, good work, you should rename the profile to WIndows_10_Security_recommended" :)
 

Andy Ful

Level 32
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,126
OS
Windows 10
Antivirus
Microsoft
Easier is better :emoji_pray::emoji_ok_hand:(y) I did no know, good work, you should rename the profile to WIndows_10_Security_recommended" :)
"Windows_10_Recommended_Enhanced" profile includes also:
  1. Blocking shortcuts (except some special locations).
  2. Blocking file execution in writable c:\Windows subfolders.
  3. Disabling SMB 1.0 protocol.
  4. Disabling 16-bit programs.
  5. Blocking additional sponsors: csc.exe, InstallUtil.exe, reg.exe, regini.exe, schtasks.exe.
It is opened for some other useful restrictions, which will not produce false positives. If it will be finished, and @Windows_Security will like it, then I should probably rename it to WIndows_10_Security_recommended.:giggle:
Hard_Configurator has also the option to save profile via <Save Profile> option, so the user can create & save his/her custom made profiles.
 
Last edited: