Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
thanks. great tool!
please keep us posted here when your new version comes out. It will be interesting to see how you can make such a good thing even better.
Thanks. Your post just helped me to figure out how to improve one of new options (managing programs that autostart from the User Space).:)
 
  • Like
Reactions: shmu26
5

509322

@Andy Ful, hi, I was wondering if you could give us some input on a different thread, where we were discussing powershell and Hard_Configurator, and trying to figure it out:
Security Report - Malware distributors are switching to less suspicious file types

7. Disabling/Enabling PowerShell script execution (Windows 7+).

By default, Windows has this registry policy set to disable powershell script execution. It can be trivially bypassed. That is what was explained in the linked article. It is a known issue.

He's providing you a convenient means of toggling that registry value for powershell script execution on-off instead of having to do it manually.

Windows doesn't provide robust protection against powershell abuse. If malware can get at it, then it is likely your goose is cooked.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
7. Disabling/Enabling PowerShell script execution (Windows 7+).

By default, Windows has this registry policy set to disable powershell script execution. It can be trivially bypassed. That is what was explained in the linked article. It is a known issue.

He's providing you a convenient means of toggling that registry value for powershell script execution on-off instead of having to do it manually.

Windows doesn't provide robust protection against powershell abuse. If malware can get at it, then it is likely your goose is cooked.
thanks, @Lockdown!
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
@Andy Ful

Suggestion - add option to configure Powershell language modes: Full, Constrained, Restricted, NoLanguage

Someone suggested that NoLanguage will bork the system, but I am not convinced

I am not sure if it is possible in PowerShell 2.0 and 1.0 in Windows Home. I'm also thinking about blacklisting the powershell.exe and powershell_ise.exe. Blacklisting in SRP has the advantage of much less impact on the system, because powershell scripts can be run elevated by the system processes.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Hard_Configurator new version 2.0.1.0 has been uploaded to GitHub:
GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS

Some notable changes:

1. New options in <SRP Extensions> window: Add/Remove script extensions, Save/Restore extensions, Restore default extensions.

2. New <Tools> button with troubleshooting options:
<Run SRP/Scripts EventLogView> - filters the output of NirSoft tool: FullEventLogView, to retrieve information about blocked events.
<Run Autoruns: Scripts/UserSpace> - filters out all numerous autoruns from the System Space leaving only a few entries from the User Space. They are automatically whitelisted.
<Turn ON Advanced SRP logging> - activates Verbose trace logging of SRP, and allows to view the log.
<Restore Windows Defaults> - replaces the registry changes made by Hard_Configurator with Windows default values.

3. <Block Remote Assistance> option has been renamed to <Block Remote Access> and extended to include Remote Shell and Remote Registry.

4. On the first run, Hard_Configurator makes System Restore point , performs autoruns checking and whitelisting User Space autoruns.

5. Updated manual with extended information about how SRP can control file execution/opening, using API functions: ShellExecute, CreateProcess, LoadLibrary, and about unusual shortcuts handling.

Other changes are planned in the next version:
1. Blocking sponsors (system executables that can run binary files).
2. Blocking 16Bit programs.
3. Blocking UnSecure Shell extensions.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Important info for users upgrading to Windows 10 Creators Update (compilation 15063.13).

Due to integration with Windows Defender, Microsoft made some important changes in the SmartScreen Application Reputation. So, the Hard_Configurator setting <Run As SmartScreen>='Administrator', fails to force SmartScreen for all files - it works just as the standard 'Run as administrator'.
I have to make some tests to figure out if the previous functionality of this setting could be recovered in the Windows 10 Creators version.
Until this will be done, here are the recommended Hard_Configurator settings:

<Run As SmartScreen> = 'Standard User'
<Hide 'Run As Administrator'> = 'OFF'

With the above settings, when SRP are activated, one can still use the SmartScreen when installing programs from User Space. But, both options: 'Run By SmartScreen' and 'Run as administrator', from Explorer context menu must be used:
  1. After using 'Run By SmartScreen' the program is blocked by SRP, but 'Mark of the Web' is added and the program is checked by SmartScreen.
  2. 'Run as administrator' allows to bypass SRP and install the file.

So SRP + 'Run By SmartScreen'', with the above settings, can be used as any other, second opinion anti-malware scanner.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
I must admit, that it is necessary to make Hard_Configurator installer. The last Hard_Configurator review in Computer Active (29.03.2017) has the same mistake as in the gHacks Tech News review. Autors assumed that the program is portable, and did not copy Hard_Configurator folder into Windows directory.:(
That is my fault to create semi-portable program.:oops:
By the way, the Computer Active review is very well organized, and the author knows how to write a good article with useful instructions.
The new program version is almost ready, and all final settings made from the above review, can be configured by two mouse clicks (<Recommended SRP> and <Recommended Restrictions>).
Some options suggested by @Windows_Security were added (Disable 16-bits, Shell Extension Security), and also some new: Disable Command Prompt, Disable Elevation on SUA, Block PowerShell Sponsors, MSI Elevation (Symantec Registry tweak).
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Will you make also and portable version (for others who know how to use it)?
Can you post a link to that review, please.

UPDATE:
This options "Run As SmartScreen" can't be turned ON?

ss.png
 
Last edited:
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Will you make also and portable version (for others who know how to use it)?
Can you post a link to that review, please.
I can make semi-portable version for MalwareTips members, but one has to remember to copy the Hard_Configurator folder into 'C:\Windows' directory!
Computer Active is a printed magazine (one of the top 15 largest subscription titles in the UK).
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
I don't know why people don't - RTFM!!!

2.png

Please, do that semi-portable version for us...thank you :)

EDIT:
Maybe you miss this question from privies post:
"This options "Run As SmartScreen" can't be turned ON?"
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
...
Maybe you miss this question from privies post:
"This options "Run As SmartScreen" can't be turned ON?"
I can be turned on. Simply go to the Windows Defender settings, and change the 'Warn' to 'Block'. and next change 'Block' to 'Warn'.:) But, do not use 'Administrator' option after Windows Creators Update in Windows 10. Microsoft changed the way of SmartScreen working, so this option does not force SmartScreen check. Anyway, the <Run As Smartscreen> = 'Standard User' works well.
I solved this issue (related to Windows Creators Update) in the new Hard_Configurator version (coming soon).
 
Last edited:
  • Like
Reactions: Av Gurus

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Hi @Andy Ful

I'm thinking of using the Hard Configurator to harden my Windows.

Just some questions.

Does it come with recommended settings or all settings already enabled without user intervention? If user intervention is needed is there an explanation if the feature is enabled(if it's disabled by default). O&O ShutUp is an interesting software that if you hover the mouse over a feature it gives a short explanation of the feature. Does your software works likewise?

After a Windows firmware update do I need re-enable the features again?

Does this software protects 3rd-party applications or solely protects Windows only?

Thanks
 
  • Like
Reactions: Andy Ful

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
I can make semi-portable version for MalwareTips members, but one has to remember to copy the Hard_Configurator folder into 'C:\Windows' directory!
Computer Active is a printed magazine (one of the top 15 largest subscription titles in the UK).
Please make it for I'm using all portable software for my set up

Thanks
 
  • Like
Reactions: Andy Ful

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Hi @Andy Ful

I'm thinking of using the Hard Configurator to harden my Windows.

Just some questions.

Does it come with recommended settings or all settings already enabled without user intervention? If user intervention is needed is there an explanation if the feature is enabled(if it's disabled by default). O&O ShutUp is an interesting software that if you hover the mouse over a feature it gives a short explanation of the feature. Does your software works likewise?

After a Windows firmware update do I need re-enable the features again?

Does this software protects 3rd-party applications or solely protects Windows only?

Thanks

You have HELP by every tweak which explain (very detail) what is that tweak doing (check my picture above) .
When you start it it will create Restore Points and check your PC for Autoruns program, then you can enable tweak (one by one or all together).
Just remember to first put Hard Configurator in C:Windows folder.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top