Hard_Configurator - Windows Hardening Configurator

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Im not sure is this asked before(maybe), but is it possible to have option to run H_C on system startup, since it has minimize option when opened from desktop?

So it kinda helps to see you have such settings enabled as example

hchmmm.png
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
This is the one thing plus some other PowerShell tweaks that I like. Other than that H_C covers everything else. (y)
AFAIK the recommended settings of H_C already include Constrained language for Powershell, and the settings on the right side have the other tweaks. And in the sponsors list, you can block all non-elevated powershell executions. I think that pretty much covers it. Andy can shed more light on the subject.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
The firewall rules are not required in H_C, because the advanced user can block sponsors via SRP, which is much more comprehensive protection for the home users. Also, in the recommended H_C settings, both blocked sponsors and firewall rules are a kind of overkill, except some special cases.
Yet, firewall rules can be useful for not advanced users in default allow setup (SysHardener, CUP).

It is worth mentioning that firewall rules cannot fully stop PowerShell from downloading the payload (only some methods can be blocked). Also, the firewall 'Block' rule for the application, does not block its child processes. So for example, if the user applies the firewall 'Block' rule for cmd.exe, then the 'ping' command from the CMD Console (or command line) still can connect to the Internet.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Im not sure is this asked before(maybe), but is it possible to have option to run H_C on system startup, since it has minimize option when opened from desktop?

So it kinda helps to see you have such settings enabled as example

View attachment 206560
After installing H_C, the 'Switch Default Deny' shortcut is created on the desktop. You can run it to see if the default-deny protection is enabled.
SwitchDefaultDeny.png


It is possible to make the simple application that could start with Windows (minimized in the system tray), and read from the Registry if default-deny SRP is activated. I did not do it, because H_C was intended to avoid adding the additional processes in the system.
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,701
After installing H_C, the 'Switch Default Deny' shortcut is created on the desktop. You can run it to see if the default-deny protection is enabled. ...I did not do it, because H_C was intended to avoid adding the additional processes in the system.

Please keep it as is. (y)

@Moonhorse - you should not normally need to change configuration often, unless you simply wish to do so.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
I have got the message from @askalan, that he wants to support the Hard_Configurator project by creating the dedicated domain and web page. So, the domain hard-configurator.com will be directed to the dedicated webpage with some important information about Hard_Configurator. The web page will be finished soon. At this moment the domain hard-configurator.com is connected to the GitHUB webpage.
The photos:
View attachment 204904

View attachment 204905
Thanks @askalan. Good work.(y)(y)(y)
Any updates on the website hard-configurator.com?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
The same as escaping Wine and infecting the Linux.
Could you comment on the risk of escaping Wine? I mean, is that a theoretical possibility, or something that once happened, or something that commonly happens, or...
I am asking because I never heard much about it, other than that the possibility exists.
 
  • Like
Reactions: harlan4096

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Could you comment on the risk of escaping Wine? I mean, is that a theoretical possibility, or something that once happened, or something that commonly happens, or...
I am asking because I never heard much about it, other than that the possibility exists.
There were uncovered some vulnerabilities which could allow to infect the particular Linux distributions via Wine. But, I did not hear about such malware in the wild. Many Windows malware files cannot run properly in Wine. Some can infect Wine and the mounted drives, but are not aware of Linux.
In theory, the attacker can use Wine to infect Linux. But generally, it is rather improbable in the wild, because it is not profitable for the malc0ders. Yet, you have to find the AV that works well in Wine to fight the malware that can run in Wine.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
There were uncovered some vulnerabilities which could allow to infect the particular Linux distributions via Wine. But, I did not hear about such malware in the wild. Many Windows malware files cannot run properly in Wine. Some can infect Wine and the mounted drives, but are not aware of Linux.
In theory, the attacker can use Wine to infect Linux. But generally, it is rather improbable in the wild, because it is not profitable for the malc0ders. Yet, you have to find the AV that works well in Wine to fight the malware that can run in Wine.
Thanks. I had the idea to delete typical lol bins such as cmd.exe etc from the Windows directory in Wine, since MS Office apps don't really need them for normal usage.
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
And an ETA for new version of H_C? Apologies if it's already been mentioned here.

I want to try H_C but thought I'd wait for the new version if it is imminent.
The new version of H_C is usually pushed after the new compilation of Windows 10. I may do it earlier, but there are not any essential new features, except a few cosmetic changes.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top