Hard_Configurator - Windows Hardening Configurator

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I had in mind the single, but unspecified computer. Could it be right something like that:
"adjusting the configuration to the specific computer hardware/software".
"adjusting the configuration to the specific computer environment".
"adjusting the configuration for the particular computer"
The first one sounds best, to my ears.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
Anyone got the sha256 from the old Hard_Configurator 4.0.0.0?
Is it by chance SHA-256 9cb9a4a7892da4808908bcfe854f6ebf0d5c07fe67ad7a383cb2757b0eedf324 ?
 
  • Like
Reactions: shmu26

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
F

ForgottenSeer 69673

For those that replied to Freki123 in the malware assistance thread. Only dedicated helpers are allowe
 
  • Like
Reactions: shmu26

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,701
@Andy Ful - I uninstalled H_C recently (at my wife's 'request' :)) and installed the new versions of ConfigureDefender and RunBySmartscreen. Since then I have Windows Explorer opening on startup or restart. It's quite annoying. I posted this issue in Troubleshooting thread but thought I should check here as well to see if it's related to these changes. Thanks in advance!

File Explorer issue solved in Settings>Apps>Startup>WE>OFF. User error which Administrator solved! :LOL:

BTW, I'm using VoodooShield only and my wife is happy - and you know the saying - "Happy wife, happy life!". :cool:
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
A few days ago @Windows_Security posted the steps to install and forget default deny on Windows 10 with Windows Defender.
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Some steps are automatically included when using Hard_Configurator, so I would like to show the easy way of making such a setup with H_C:
  1. Install H_C (ConfigureDefender is already in H_C). Press <ConfigureDefender> button and apply <Defender High> settings. Close ConfigureDefender.
  2. Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile. This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
  3. Use <Block Sponsors> button to block mshta.exe and iexplore.exe. You can add more sponsors if required. If particular applications require HTA files, then do not block mshta.exe, but make the Firewall rule to block the Internet access for it.
  4. Configure your browser via 5 b) and c) steps included in @Windows_Security post. You can skip the 5 c) step if you like to use only Edge browser.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile (MSI tweak is already included). This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
What about wscript ?
And what is this MSI tweak?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
What about wscript ?
And what is this MSI tweak?
Blocking wscript.exe/cscript.exe is not required, because Windows Script Host is properly blocked by SRP Enforcement setting set to 'Skip DLLs'. Furthermore, you can whitelist particular scripts with this setting, which is not possible when you block wscript.exe and cscript.exe.
MSI tweak is the same as the H_C option <More ...><MSI Elevation>.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Blocking wscript.exe/cscript.exe is not required, because Windows Script Host is properly blocked by SRP Enforcement setting set to 'Skip DLLs'. Furthermore, you can whitelist particular scripts with this setting, which is not possible when you block wscript.exe and cscript.exe.
MSI tweak is the same as the H_C option <More ...><MSI Elevation>.
So "Recommended SRP" already blocks Windows script host (wscript and cscript), without even using the Sponsors tab? What other sponsors does it block?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
So "Recommended SRP" already blocks Windows script host (wscript and cscript), without even using the Sponsors tab? What other sponsors does it block?
That depends on Windows version. On Windows 10 the option <Recommended SRP> blocks:
  1. CMD shell (BAT, CMD scripts), Windows Script Host (JS, VBS, JSE, VBE, and any file which has the code interpreted by cscript.exe or wscript.exe), MSI Installer. This is blocked by the proper SRP Enforcement and Default Security Level settings. CMD Shell commandlines and CMD console are not blocked.
  2. Advanced functions in PowerShell via Constrained Language Mode. PowerShell commandlines and PowerShell console are not blocked - yet, advanced PowerShell functions are disabled. Additionally <Recommended Restrictions> option applies <No PowerShell Exec.> = ON, to block PowerShell script execution.
  3. HTA, CHM, CPL, MSC, and other dangerous files are blocked only when the user tries to open them. Those files can be run when using the commandlines with sponsors.
The points 1 and 2 are very strong against malicious Windows Script Host and PowerShell scripts (also fileless), even when the system was exploited.
The point 3, protects the user against being fooled to run malicious files. But, when the system is exploited, then those files can be run as standard user via sponsors. So, when the user have installed the vulnerable applications, they should be protected by other features, like <Documents Anti-Exploit> (MS Office, Adobe Acrobat Reader), Firewall rules for sponsors, or blocking sponsors via <Block Sponsors>. The users with WD real-time protection can also activate ASR rules, available in ConfigureDefender - they are also automatically activated by the option <Defender high settings>.
 
Last edited:

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
A few days ago @Windows_Security posted the steps to install and forget default deny on Windows 10 with Windows Defender.
Q&A - [Updated 12/11/2018] Browser extension comparison: Malwares and Phishings

Some steps are automatically included when using Hard_Configurator, so I would like to show the easy way of making such a setup with H_C:
  1. Install H_C (ConfigureDefender is already in H_C). Press <ConfigureDefender> button and apply <Defender High> settings. Close ConfigureDefender.
  2. Use <Load Profile> option in Hard_Configurator and apply "Windows_10_Recommended_Enhanced" profile. This profile already includes MSI tweak, blocks scripts and Remote Access, so no need to use Exploit Guard for wmic.exe, cscript.exe, rdpshell.exe and powershell.exe.
  3. Use <Block Sponsors> button to block mshta.exe and iexplore.exe. You can add more sponsors if required. If particular applications require HTA files, then do not block mshta.exe, but make the Firewall rule to block the Internet access for it.
  4. Configure your browser via 5 b) and c) steps included in @Windows_Security post. You can skip the 5 c) step if you like to use only Edge browser.
Easier is better :emoji_pray::emoji_ok_hand:(y) I did no know, good work, you should rename the profile to WIndows_10_Security_recommended" :)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Easier is better :emoji_pray::emoji_ok_hand:(y) I did no know, good work, you should rename the profile to WIndows_10_Security_recommended" :)
"Windows_10_Recommended_Enhanced" profile includes also:
  1. Blocking shortcuts (except some special locations).
  2. Blocking file execution in writable c:\Windows subfolders.
  3. Disabling SMB 1.0 protocol.
  4. Disabling 16-bit programs.
  5. Blocking additional sponsors: csc.exe, InstallUtil.exe, reg.exe, regini.exe, schtasks.exe.
It is opened for some other useful restrictions, which will not produce false positives. If it will be finished, and @Windows_Security will like it, then I should probably rename it to WIndows_10_Security_recommended.:giggle:
Hard_Configurator has also the option to save profile via <Save Profile> option, so the user can create & save his/her custom made profiles.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top