Hard_Configurator - Windows Hardening Configurator

F

ForgottenSeer 72227

Andy Ful said:
The firewall rules for Sponsors are used in SysHardener, because it cannot block the execution of Sponsors via shortcuts, CHM files and some other files with dangerous extensions. Those vectors of attack are covered by H_C default-deny settings even without blocking Sponsors.
There is no need to use firewall rules or block Sponsors in H_C default-deny settings, when using Windows 10 with updated system/software. Simply, access to the command line will be blocked, and the Sponsor will not be executed. You can see that also from Malware Hub tests. See the sample in the wild:
malwaretips.com

Shifty new variant of Qbot banking trojan spreads

An active malware campaign primarily targeting U.S. corporations with a new polymorphic variant of the Qbot banking trojan has been compromising thousands of victims around the world, researchers have reported. The worm-like malware, whose original version is roughly a decade old, allows...
malwaretips.com malwaretips.com

I tried to explain in the FAQ when the user should block Sponsors, especially Interpreters. In rare situations, the user could also use firewall rules instead, when some special software cannot work with blocked Sponsor. This would not be especially effective, but better than nothing. The similar idea would be blocking some special executables by the firewall (like rundll32.exe), which cannot be blocked in H_C, because they are often used in Windows. I am not sure it this help much, but can be done.
Click to expand...


Thanks for the clarification. I didn't understand it fully and assumed that the firewall rules were needed as well. In that case I will remove Syshardener as it's already covered in H_C via another method.:)

Thanks for clarifying it! (y)
 
  • Like
Reactions: bribon77, Weebarra, Andy Ful and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,488
Freki123 said:
I'm tempted to try Hard Configurator again. What type of software would be good to add? (If any is needed).
I think about HardConfigurator + Sandboxie (mandatory for me :D) + X What should X be? System Hardener, Voodoo Shield or...
Would be glad for any helpful input :)
Click to expand...
If you are a big fan of Sandboxie (paid version), then you do not need H_C. Just use two Explorer instances. One standard Explorer, and the second Sandboxed Explorer. The Sandboxed Explorer should be run via the special shortcut.
The daily work can be done in Sandboxed Explorer. Administrator work, installing applications, and updating, via standard Explorer. Unsafe tasks can be run from the standard Explorer right-click menu in the restricted sandbox. You can also block Interpreters by preparing another total-block sandbox, that can run only notepad + disabled Internet connection + disabled read/write access to all drives.
If you want to use Forced SmartScreen for installing applications, then use my Run By SmartScreen tool.
 
Last edited:
  • Like
  • Thanks
Reactions: Tiny, askmark, shmu26 and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,488
Freki123 said:
@Andy Ful Guilty as charged, i really like Sandboxie (paid). Thanks for your helpful suggestion to use a sandboxed explorer.
I sandboxed browsers, pdf reader, mediaplayer... but never really thought about the explorer :D
Click to expand...
Be careful! Do not choose to automatically sandbox the executable explorer.exe, because Sandboxie will sandbox all instances of Windows Explorer. Just make a shortcut that can run Explorer in the sandbox, then you can manually run one instance of explorer.exe in the sandbox.
 
Last edited:
  • Like
  • Thanks
Reactions: Weebarra, Freki123, harlan4096 and 6 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Like Andy said, if you use Sandboxie paid, and you know what you are doing, and you are disciplined, it can really do a lot.
The guru of sandboxing is Bo Elam. You can find him at Wilders Security and at the official SBIE support forum.
But it isn't easy to build security on Sandboxie alone. There are easier and less frustrating ways of doing it.
 
  • Like
Reactions: Tiny, ForgottenSeer 72227, Weebarra and 6 others
F

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
@shmu26 Sadly i don't think my knowledge is good enough to use sandboxie alone. That's why i wanted to use it in a layered approach.
Testing Hard Configurator and Sandboxie on my old laptop. On my main pc i try SUA to see if SUA and i can work together :D (tried it years ago and i got bad memorys about it). If all went well i think about a clean install (which i hate) and using sandboxie and Hard Configurator also on the main pc.
 
  • Like
Reactions: ForgottenSeer 72227, Weebarra, harlan4096 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,488
H_C on SUA is
Freki123 said:
...
Testing Hard Configurator and Sandboxie on my old laptop. On my main pc i try SUA to see if SUA and i can work together :D (tried it years ago and i got bad memorys about it). If all went well i think about a clean install (which i hate) and using sandboxie and Hard Configurator also on the main pc.
Click to expand...
I would like to advise you using first H_C (Recommended settings) on Admin account with Windows 10. You will have fewer problems with installing/updating applications. I assume that you have read the H_C FAQs related to installing and updating applications on SUA.

If you want to use an old laptop with Windows 7 or Vista, then you cannot use SmartScreen. Furthermore, those Windows versions are easier to be exploited. The good setup would be:
  1. Apply the AV + H_C on SUA.
  2. Use applications which are installed in c:\Progran Files or c:\ProgramData (fewer problems with installations/updates).
  3. Do not use applications which install in the user profile (subfolder of c:\Users).
  4. Avoid installing applications in Sandboxie sandbox (sandboxes are located in the UserSpace). But, you can use most applications installed in c:\Program Files and run sandboxed.
 
Last edited:
  • Like
Reactions: ForgottenSeer 72227, Weebarra, AlanOstaszewski and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,488
shmu26 said:
Hi @Andy Ful
here is a link to my edit of the FAQ
It is a MS Word doc with lots of tracked changes and very little embedded malware :)

Dropbox

www.dropbox.com www.dropbox.com
All changes should be treated as mere suggestions. I changed the font size just to make it easier to read on my computer screen.
Enjoy.
Click to expand...
Thanks shmu26. It looks very interesting. I will try to integrate some your important suggestions to the current version of FAQ.:giggle:(y)
 
  • Like
Reactions: ForgottenSeer 72227, askmark, Weebarra and 7 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,233
When i open a new blank page in Word I always get a warning about macros being disabled. How do I remove that warning?

210219


I'm using the Windows 10 Recommended Enhanced profile with Office 365.
 
  • Like
Reactions: stefanos, Weebarra, oldschool and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,488
Gandalf_The_Grey said:
When i open a new blank page in Word I always get a warning about macros being disabled. How do I remove that warning?

View attachment 210219

I'm using the Windows 10 Recommended Enhanced profile with Office 365.
Click to expand...
Have you got this alert before, or this is a new alert.
This alert is a sign that something in your Word, tries to run a VBA code (Word template, VBA Add-in, etc.). The alert can be avoided by changing H_C settings, but it would be better to find out why Word tries to run VBA code (probably macro).
The similar problem had @shmu26. If I correctly remember, he used a Word template with macro.
 
  • Like
Reactions: Weebarra, oldschool and harlan4096
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
Have you got this alert before, or this is a new alert.
This alert is a sign that something in your Word, tries to run a VBA code (Word template, VBA Add-in, etc.). The alert can be avoided by changing H_C settings, but it would be better to find out why Word tries to run VBA code (probably macro).
The similar problem had @shmu26. If I correctly remember, he used a Word template with macro.
Click to expand...
Yup, if I use Word add-ons, I get various warnings.
I can get them from ASR, and they are usually harmless, they don't affect functionality.
And I can get them from system-wide document anti-exploit. Those warnings are more debilitating. They don't let you carry on with your work. My solution is to use document anti-exploit for specific user accounts, but not system-wide.
 
  • Like
Reactions: Andy Ful, Weebarra, oldschool and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,488
The system-wide H_C option <Documents Anti-Exploit> set to 'Adobe + VBA' is a very strong mitigation, and it will block any attempts to use VBA code in MS Office applications. It is much stronger than blocking macros in MS Office documents. Usually, the users do not need VBA in MS Office, unless they need the automation macros in templates, Add-ins, etc. In such a case, the system-wide H_C option <Documents Anti-Exploit> should be set to 'Adobe'. Next, MS Office hardening can be done via Switch Default-Deny >> Documents Anti-Exploit . This hardening is valid only for the current account, so it should be done on all user accounts that use MS Office.
 
  • Like
Reactions: shmu26, silversurfer and oldschool

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,431
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,123
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top