shmu26

Level 76
Content Creator
Trusted
Verified
On my wife's laptop I have Comodo Firewall (not at paranoid settings), and H_C with a lot of sponsors enabled. I don't hear any complaints, and I see no conflicts.
CFW at non-paranoid settings has two basic weaknesses: the list of approved software and vendors is fallible, and the vulnerable process protection is weak. I solve both problems with H_C.
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
H_C is very similar to CF with autosandbox set to Block (no HIPS). But, H_C does not block administrative processes, like Windows updates or system scheduled tasks, and uses forced SmartScreen (instead of File Lookup).
CF can be used in organizations and businesses, because it is stronger against the attacks originated from the local network, especially when those attacks are already elevated.
The advantage of using H_C can be important only in the home environment, because the home users usually do not need the features related to the local network, like SMB protocols, Remote Desktop, Remote Assistance, Remote Shell, Remote Registry, admin scripting, etc. If those features are blocked, then the attack from the local network is hardly possible.
It follows from the above, that in the home environment with H_C settings, the attack via already elevated malware is highly improbable. Any malware must be then originated by the user, so has to initially run not elevated (on Windows Vista and higher versions). Hard_Configurator is made to block such processes (so they cannot also bypass UAC), by using default-deny settings.
 
Last edited:

kylprq

Level 3
Are you running CFW at CruelSister settings?
yes

But, such CF setup can also break your system or
its true somehow with cs settings broke windows update

On my wife's laptop I have Comodo Firewall (not at paranoid settings), and H_C with a lot of sponsors enabled. I don't hear any complaints, and I see no conflicts.
CFW at non-paranoid settings has two basic weaknesses: the list of approved software and vendors is fallible, and the vulnerable process protection is weak. I solve both problems with H_C.
ı mean this ı wanna use it with cf at cs settings,

i did asked for h_c settings
 
  • Like
Reactions: oldschool

shmu26

Level 76
Content Creator
Trusted
Verified
ı mean this ı wanna use it with cf at cs settings,

i did asked for h_c settings
I suggest to run H_C at the settings that are recommended for Avast hardened mode/aggressive. There is a special button for this, in the file whitelist section (allow exe and tmp). As Andy said, it is not really needed, but if you want to, that is a good way to do it.
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
I suggest to run H_C at the settings that are recommended for Avast hardened mode/aggressive. There is a special button for this, in the file whitelist section (allow exe and tmp). As Andy said, it is not really needed, but if you want to, that is a good way to do it.
You can simply load the profile:
WIndows_10_Avast_Hardened_Mode_Aggressive.hdc
 

Vasudev

Level 28
Verified
@Andy Ful - Can you explain this for me please? Is this going to interfere with Windows updates?

I get the feeling sometimes that while EV shows various WD blocks, the operations actually proceed. :unsure:
Atleast WD PUP protection is actually classifying rempl aka forced WU crap as PUPs.
You're better off w/o that forced update feeding program. I always install only offline updates and no microcode patches or any other so called "Enhanced Reliability" thing which will be the main reason Windows 10 breaks.
 

shmu26

Level 76
Content Creator
Trusted
Verified
Some people complain after installing Windows Setup Remediations Service in Windows 10, especially on using too much system resources.
I think it is basically a tool to help your system get ready for the update to 1809. So users should just go to 1809 already, and get it over with, unless there is a compelling reason not to.
 

Sunshine-boy

Level 27
Verified
the results on Malware Hub should be as good as for any decent AV,
Av detects the malicious actions in a smart way:notworthy:
block by default(SRP/comodo sandbox) is just blocking the file and no detection in place.im not saying its bad but we can't compare SRP/comodo sandbox with av because it's not fair. SRP is like you never clicked the file.
I myself like Hard_Configurator and the philosophy behind it:oops:
 

bribon77

Level 26
Verified
I love H_C.I think it's a great program, it's true that it's different from AV but if you understand it well you don't need AV.
To find out if something is bad or good VT helps. and some on-demand scanners in case you're wrong about something.
 
D

Deleted member 178

AV and SRPs aren't for the same audience anyway.
AVs are generally for average users and those who often install softwares.
SRPs are for skilled users and those with static systems (like in enterprises).

Reason why business versions of AVs like Symantec often includes some SRP-style modules.
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
Av detects the malicious actions in a smart way:notworthy:
Yes. The AVs are also more universal, because they can be used in ogranizations, too. The H_C settings (for SRP), intentionally do not block administrative processes, so can be a strong protection only in the home environment.

Yet, in my opinion the 'smart way' of most AVs, is adjusted not to home users, but for all users (including organizations and businesses). That is why the AVs do not block some Windows features, which are hard to protect like scripting, remote features, and SMB protocols.
In the home environment the 'smart way' would be blocking by default those features with some exclusions. (y)(y)
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
Stylish! :) What else is new in the the new version?
When installing H_C, the user will be asked to uninstall Bash (Linux subsystem) and PowerShell 2.0. The user will be also asked to make the System Restore Point separately of whitelisting Autoruns entries (useful when roll up software is installed). Those improvements were proposed/discussed by @Lockdown and @shmu26.

I am working/playing for some time with the mix of H_C and SysHardener. It is called Casual User Protection (CUP), and will be similar to the H_C profile for Avast Hardened Aggressive mode (EXE and TMP files allowed). The CUP is similar to the idea of Simple Stupid Security.
Q&A - Simple Stupid Security vs. free AV
For now I plan 5 options:
<SmartScreen>
<Casual User Protection>
<Windows Defender high settings>
<Firewall hardening>
<Blocked Interpreters Log>

The applied restrictions:
  1. SmartScreen set to Block + installation of RunBySmartScreen.
  2. SRP default-deny. Allowed EXE, TMP, and MSI (.msi --> changed file association Msi.Package -> RunBySmartScreen).
  3. Documents Anti-Exploit (blocked macros in MS Office and Adobe Acrobat Reader XI/DC hardening.
  4. Blocked Outbound & Inbound Internet connections for predefined not blocked Interpreters: mshta.exe, hh.exe, mmc.exe, etc. and some other system executables like bitsadmin.exe, etc.
  5. Blocked Outbound & Inbound Internet connections for predefined vulnerable applications: MS Office, Adobe Acrobat Reader, etc.
  6. PowerShell set to Constrained Language Mode (PSLockdown policy) + Blocked script exec + blocked by path powershell.exe and powershell_ise.exe via HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.
  7. Blocked Windows Script Host (registry tweak) + blocked wscript.exe, cscript.exe via 'Image File Execution Options' (for logging).
  8. Blocked: SMB protocols,Remote Desktop, Remote Assistance, Remote Registry, and Remote Shell.
  9. Uninstall PowerShell 2.0 and Bash (if installed).
  10. Change the network profile to Public.
The options 1-7 can be turned ON/OFF without Logging Off.
Points 7-10 and RunBySmartScreen are applied when installing CUP, and set to default Windows settings when uninstalling.
The user can use the last option (<Blocked Interpreters Log>), to check if any Windows script or PowerShell command were blocked. If nothing important is blocked, then the CUP settings can be safely applied.

I am experimenting with CUP - I am not quite sure, if such application will be useful. We will see.
 
Last edited:

Raiden

Level 10
Content Creator
Verified
When installing H_C, the user will be asked to uninstall Bash (Linux subsystem) and PowerShell 2.0. The user will be also asked to make the System Restore Point separately of whitelisting Autoruns entries (useful when roll up software is installed). Those improvements were proposed/discussed by @Lockdown and @shmu26.

I am working/playing for some time with the mix of H_C and SysHardener. It is called Casual User Protection (CUP), and will be similar to the H_C profile for Avast Hardened Aggressive mode (EXE and TMP files allowed). The CUP is similar to the idea of Simple Stupid Security.
Q&A - Simple Stupid Security vs. free AV
For now I plan 5 options:
<SmartScreen>
<Casual User Protection>
<Windows Defender high settings>
<Firewall hardening>
<Blocked Interpreters Log>

The applied restrictions:
  1. SmartScreen set to Block + installation of RunBySmartScreen.
  2. SRP default-deny. Allowed EXE, TMP, and MSI (.msi --> changed file association Msi.Package -> RunBySmartScreen).
  3. Documents Anti-Exploit (blocked macros in MS Office and Adobe Acrobat Reader XI/DC hardening.
  4. Blocked Outbound & Inbound Internet connections for predefined not blocked Interpreters: mshta.exe, hh.exe, mmc.exe, etc. and some other system executables like bitsadmin.exe, etc.
  5. Blocked Outbound & Inbound Internet connections for predefined vulnerable applications: MS Office, Adobe Acrobat Reader, etc.
  6. PowerShell set to Constrained Language Mode (PSLockdown policy) + Blocked script exec + blocked by path powershell.exe and powershell_ise.exe via HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.
  7. Blocked Windows Script Host (registry tweak) + blocked wscript.exe, cscript.exe via 'Image File Execution Options' (for logging).
  8. Blocked: SMB protocols,Remote Desktop, Remote Assistance, Remote Registry, and Remote Shell.
  9. Uninstall PowerShell 2.0 and Bash (if installed).
  10. Change the network profile to Public.
The options 1-7 can be turned ON/OFF without Logging Off.
Points 7-10 and RunBySmartScreen are applied when installing CUP, and set to default Windows settings when uninstalling.
The user can use the last option (<Blocked Interpreters Log>), to check if any Windows script or PowerShell command were blocked. If nothing important is blocked, then the CUP settings can be safely applied.

I am experimenting with CUP - I am not quite sure, if such application will be useful. We will see.
This is Awsome. I would definitely switch with these changes and I could remove syshardener as it will have the benifts of both programs all in one :)