Hard_Configurator - Windows Hardening Configurator

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
paulderdash said:
I have to confess, I even have CFW (with CS settings) running on there - though I have disabled Auto-Containment now while playing with H_C.
Most likely will just keep H_C. Oh, and OSA (some overlap, I know). :rolleyes:
Click to expand...
The danger is that overlapping configuration is inconvenient. So after some time, the users are irritated with such kind of setup, and they throw out default-deny protection.
With default-deny, is better to keep things as simple as possible and try to accustom to it, first. Even a very simple default-deny is very strong.
 
  • Like
Reactions: Nevi, paulderdash, bribon77 and 3 others
bribon77

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Andy Ful said:
On Windows 7, the recommended settings block Windows Script Host and PowerShell. You can use the predefined profile Windows_7_Recommended_Enhanced.hdc . If everything works well then you can add HH.exe and Mshta.exe . In this way you have blocked the most dangerous script interpreters. Keep an eye on blocked items, because some printers and other hardware, can sometimes use interpreters to configure settings.
Click to expand...
Sorry for my clumsiness, but I can't find Enhanced.hdc. Where is it?:emoji_innocent:
 
  • Like
Reactions: Nevi, Weebarra and Andy Ful
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
paulderdash said:
I have to confess, I even have CFW (with CS settings) running on there - though I have disabled Auto-Containment now while playing with H_C.
Most likely will just keep H_C. Oh, and OSA (some overlap, I know). :rolleyes:
Click to expand...
Also CFW is extremely light on the system, in my experience. But it does seem to me like you have a lot of overlap there. My "unsolicited advice" would be to run CFW + H_C at "Avast" settings. There is a special template for it. It basically means that .exe and .tmp files are not monitored by H_C, because they are instead monitored by Avast hardened/aggressive, or in your case, by CFW. Andy will please correct me if I am wrong.
 
  • Like
Reactions: Handsome Recluse, paulderdash, Weebarra and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
bribon77 said:
Sorry for my clumsiness, but I can't find Enhanced.hdc. Where is it?:emoji_innocent:
Click to expand...
H_C.png

LoadProfile.png


You have to install the version 4.0.0.0 at least.
 
  • Like
Reactions: Nevi, Weebarra, harlan4096 and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
shmu26 said:
Also CFW is extremely light on the system, in my experience. But it does seem to me like you have a lot of overlap there. My "unsolicited advice" would be to run CFW + H_C at "Avast" settings. There is a special template for it. It basically means that .exe and .tmp files are not monitored by H_C, because they are instead monitored by Avast hardened/aggressive, or in your case, by CFW. Andy will please correct me if I am wrong.
Click to expand...
You are right.:giggle:
 
  • Like
Reactions: Nevi, Handsome Recluse, paulderdash and 4 others
Windows_Security

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@Andy Ful

Idea for a new product: Edge Configurator : here are Edge Policies mentioned, they also work when adding registry policies through registry: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)

Here are mine for reference: (export of registry renamed to txt) on my Asus Transformer which I use for travel (hence passwords blocked etc) (Edge_policies.txt).

EDIT: I checked the policies on my Desktop (have a Win10 Pro) and noticed some differences (Edge_GPO.txt).
 

Attachments

  • Edge_Policies.txt
    4.7 KB · Views: 716
  • Edge_GPO.txt
    6 KB · Views: 779
Last edited:
  • Like
Reactions: ForgottenSeer 85179, Nevi, Weebarra and 7 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Windows_Security said:
@Andy Ful

Idea for a new product: Edge Configurator : here are Edge Policies mentioned, they also work when adding registry policies through registry: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)

Here are mine for reference: (export of registry renamed to txt) on my Asus Transformer which I use for travel (hence passwords blocked etc).
Click to expand...

I am busy now with Casual User Protection and researching WD Application Control for Windows Home. But I like that idea. If there would be an accepted Edge setting profile, I could add it to H_C.(y)
 
  • Like
Reactions: ForgottenSeer 85179, Nevi, Handsome Recluse and 5 others
Windows_Security

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@Andy Ful

There is a secure base line which works for average users, but there would be two optional settings which depend whether user wants a
A) Blank start screen or allowing users to set all startscreen/new tab related functionality through Edge GUI
B) Block passwords or allowing users to set all passwords/forms related functionality through Edge GUI

There are also some additional protections possible through WD exploit protection. That is why I thought you could make it a separate option (like you did with documents anti-exploit).

Send me a PM when you have the time to look at it.

Regards Kees
 
  • Like
Reactions: ForgottenSeer 85179, Nevi, Handsome Recluse and 5 others
paulderdash

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
Andy Ful said:
The danger is that overlapping configuration is inconvenient. So after some time, the users are irritated with such kind of setup, and they throw out default-deny protection.
With default-deny, is better to keep things as simple as possible and try to accustom to it, first. Even a very simple default-deny is very strong.
Click to expand...
Thanks, this is pretty much an expendable computer, and just playing at the moment, but yes, will probably just keep H_C, for simplicity.
 
Last edited:
  • Like
Reactions: Nevi, Weebarra, Gandalf_The_Grey and 1 other person
paulderdash

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
shmu26 said:
Also CFW is extremely light on the system, in my experience. But it does seem to me like you have a lot of overlap there. My "unsolicited advice" would be to run CFW + H_C at "Avast" settings. There is a special template for it. It basically means that .exe and .tmp files are not monitored by H_C, because they are instead monitored by Avast hardened/aggressive, or in your case, by CFW. Andy will please correct me if I am wrong.
Click to expand...
Andy Ful said:
You are right.:giggle:
Click to expand...
Thanks guys! Will do, if I keep CFW!
 
  • Like
Reactions: Nevi, Weebarra, oldschool and 4 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,233
askalan said:
It's almost time! The website of Hard_Configurator (hard-configurator.com) will start on 1.2.2019 or 2.2.2019! Final preparations have yet to be made. Be excited!

P.S.: before the start I will publish the latest screenshots, so that you can give one or the other tip!
Click to expand...
Looking forward to it (y)
 
  • Like
Reactions: Nevi, Andy Ful, Weebarra and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
askalan said:
It's almost time! The website of Hard_Configurator (hard-configurator.com) will start on 1.2.2019 or 2.2.2019! Final preparations have yet to be made. Be excited!

P.S.: before the start I will publish the latest screenshots, so that you can give one or the other tip!
Click to expand...
Excellent!:giggle:(y)
 
  • Like
Reactions: Nevi, Weebarra, stefanos and 3 others

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,419
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,096
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top