Hard_Configurator - Windows Hardening Configurator

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Kantry123 said:
defender High
SRP applied with Default Deny (Recommended restrictions)
Restrictions (Recommended ones)

Will this be suffice or should add any other 3rd party application too ?
Click to expand...
So you are using Windows Defender + H_C (recommended settings + ConfigureDefender high settings)? I assume that your system is Windows 10. Did you upgrade to ver. 1709 or higher?
What do you mean by "only allowing the proceses that are trusted and verified"?(y)
 
  • Like
Reactions: Gandalf_The_Grey, harlan4096, shmu26 and 1 other person
Kantry123

Kantry123

Level 7
Verified
Well-known
Oct 20, 2014
321
Andy Ful said:
So you are using Windows Defender + H_C (recommended settings + ConfigureDefender high settings)? I assume that your system is Windows 10. Did you upgrade to ver. 1709 or higher?
Click to expand...
mine is at 1809 i had to roll back from 1903 as its way too buggy.
212783
 
  • Like
Reactions: Gandalf_The_Grey, harlan4096, shmu26 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Kantry123 said:
mine is at 1809 i had to roll back from 1903 as its way too buggy.
View attachment 212783
Click to expand...
Do you use MS Office or Adobe Acrobat Reader?
What do you mean by "only allowing the proceses that are trusted and verified"?
What is your web browser?

Kantry123 said:
...
Does it mean i'm completely safe from viruses that are auto executed like Ransomware etc ?
and yeah i mean the viruses from Flash Drives from one PC to Another?
Click to expand...
There is no such protection. But, if you do not intentionally bypass SmartScreen alerts or turn off default-deny protection, then the chances of infecting the system are similar to winning the National Lottery.
I assume that you have also hardened your browser by using AppContainer + some security flags + good antiphishing & Ads filtering.
 
  • Like
Reactions: Gandalf_The_Grey, harlan4096, shmu26 and 2 others
Kantry123

Kantry123

Level 7
Verified
Well-known
Oct 20, 2014
321
Andy Ful said:
Do you use MS Office or Adobe Acrobat Reader?
What do you mean by "only allowing the proceses that are trusted and verified"?
What is your web browser?
Click to expand...
yes i use Ms office 365
I've adobe acrobat Dc pro
chrome and Firefox are my browsers.
Only Allowing UAC only if the process is digitally signed Except H_C :p

yes the disadvantage i feel is every-time I've to switch off default deny to Install anew program.

regards

Andy Ful said:
There is no such protection. But, if you do not intentionally bypass SmartScreen alerts or turn off default-deny protection, then the chances of infecting the system are similar to winning the National Lottery.
I assume that you have also hardened your browser by using AppContainer + some security flags + good antiphishing & Ads filtering.
Click to expand...
app container i don't know what it is but i'm using Adguard desktop version and lastpass for password magmt.

thats it
 
  • Like
Reactions: Gandalf_The_Grey, harlan4096, shmu26 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Kantry123 said:
...
yes the disadvantage i feel is every-time I've to switch off default deny to Install anew program.
..
Click to expand...
In fact, you do not have to do it. In most cases, you can use "Run As SmartScreen" from the Explorer context menu to install applications without turning off default-deny. (y)
 
  • Like
Reactions: Gandalf_The_Grey, harlan4096, shmu26 and 2 others
Kantry123

Kantry123

Level 7
Verified
Well-known
Oct 20, 2014
321
Andy Ful said:
In fact, you do not have to do it. In most cases, you can use "Run As SmartScreen" from the Explorer context menu to install applications without turning off default-deny. (y)
Click to expand...
I just ran it with Run as smartscreen but I get this popup even though the file is digitally signed.
same is with UNSIGNED APPLICATION too..

212784


this popup is for Signed application ESET Online scanner.

Am i doing something wrong ?
 
  • Like
Reactions: Gandalf_The_Grey, harlan4096, shmu26 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Kantry123 said:
I just ran it with Run as smartscreen but I get this popup even though the file is digitally signed.
same is with UNSIGNED APPLICATION too..

View attachment 212784

this popup is for Signed application ESET Online scanner.

Am i doing something wrong ?
Click to expand...
I do not think that you have used "Run As SmartScreen" or it is blocked by another security application. Could you please, send the screenshot of the main Hard_Configurator window here?
Did you read the H_C FAQ, especially the below section (read about the order of pressing the buttons):

How to restore Recommended settings.
  1. Press <Recommended SRP> left panel button,
  2. Press <Recommended Restrictions> right panel button,
  3. Press <APPLY CHANGES> button.
Restoring the Recommended settings preserves the user's whitelisted entries and blocked file extensions.

PLEASE NOTE: If SRP is deactivated, then order of the pressed buttons is important! Pressing the buttons in another order (for example 2,1,3) will prevent installation of new applications. This kind of a locked setup is much more restricted as compared to Recommended settings.

Hard_Configurator

oldschool said:
...
Edit: But you must also apply yourself and learn. Access the wisdom that resides in this effort. (y)
Click to expand...
(y):giggle:
 
Last edited:
  • Like
Reactions: bribon77, Gandalf_The_Grey, harlan4096 and 4 others
Kantry123

Kantry123

Level 7
Verified
Well-known
Oct 20, 2014
321
Andy Ful said:
I do not think that you have used "Run As SmartScreen" or it is blocked by another security application. Could you please, send the screenshot of the main Hard_Configurator window here?
Did you read the H_C FAQ, especially the below section (read about the order of pressing the buttons):

How to restore Recommended settings.
  1. Press <Recommended SRP> left panel button,
  2. Press <Recommended Restrictions> right panel button,
  3. Press <APPLY CHANGES> button.
Restoring the Recommended settings preserves the user's whitelisted entries and blocked file extensions.

PLEASE NOTE: If SRP is deactivated, then order of the pressed buttons is important! Pressing the buttons in another order (for example 2,1,3) will prevent installation of new applications. This kind of a locked setup is much more restricted as compared to Recommended settings.

Hard_Configurator
Click to expand...
212785
1556146353770.png
 
  • Like
Reactions: bribon77, Gandalf_The_Grey, harlan4096 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
shmu26 said:
Yup, I have been following that thread, more or less, and I am interested to hear Andy's perspective on it.
Click to expand...
I do not have a clear personal opinion about Chrome security flags, except the flags related to AppContainer. I often use Edge, and now I test Chromium Edge Dev with the below enabled/disabled security flags:
Anonymize local IPs exposed by WebRTC, Extension Content Verification, Block scripts loaded via document.write, Enable AppContainer Lockdown, TLS 1.3 downgrade hardening, Mark non-secure origins as non-secure, Enable GPU AppContainer Lockdown, PDF Isolation, Block unsafe downloads over insecure connections, Enable IE Integration (set to Disabled), Service Worker Push Messaging (set to Disabled).
 
  • Like
Reactions: ForgottenSeer 85179, bribon77, Moonhorse and 6 others

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,431
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,115
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top