- Jul 3, 2015
- 8,153
Why don't home users use certificate rules in H_C? Wouldn't it be convenient to have a trusted vendors list?
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
SRP supports signing with *.cer files - most applications do not use this.
Microsoft has delayed the upgrade to Windows 1903, so I pushed the new version of Hard_Configurator (beta ver. 4.0.1.0). Please use the <Update> option from the main H_C window to test if updating works well.
- Apr 24, 2016
- 7,233
Upgrading went without any problems with the update optionMicrosoft has delayed the upgrade to Windows 1903, so I pushed the new version of Hard_Configurator (beta ver. 4.0.1.0). Please use the <Update> option from the main H_C window to test if updating works well.
Nice to see icons, but I don't like the white background of the Hard Configurator icon, see screenshot:
Do I have to load the enhanced profile again, because of the changes?
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
You can save the present enhanced profile as old_enhaced (if it worked well) and load the new enhanced profile.Upgrading went without any problems with the update option
Nice to see icons, but I don't like the white background of the Hard Configurator icon, see screenshot:
View attachment 213402
Do I have to load the enhanced profile again, because of the changes?
- Jul 3, 2015
- 8,153
Upgrade went smooth.
I had a little hitch with the Sponsors. I enabled all, and unticked "runonce", and refreshed Explorer. I checked the Sponsor list, and I saw that runonce was ticked.
I unticked it again, logged off, and checked again. This time, it correctly remembered my settings.
I had a little hitch with the Sponsors. I enabled all, and unticked "runonce", and refreshed Explorer. I checked the Sponsor list, and I saw that runonce was ticked.
I unticked it again, logged off, and checked again. This time, it correctly remembered my settings.
- May 29, 2018
- 2,728
Did update to beta, max settings enabled. After a while everything seems working well..
Last edited:
- Jul 3, 2015
- 8,153
If you open H_C you should see towards the bottom, in the middle, a purple button called ConfigureDefender.
Click on that, scroll down on the window that opens, and you will find Controlled folder access settings in there.
I just did the update.
I blocked all sponsors (only run once excluded) to see what will happen So far all seems to work normal.
The only block I encountered so far was with WFC:
Access to C:\Program Files\Windows Firewall Control\wfc.exe has been restricted by your Administrator by location with policy rule {1016bbe0-a716-428b-822e-5e544b6a3269} placed on path wfc.exe.
I just whitelisted the wfc.exe and it worked normal after that.
Thanks for upgrading the 7-zip version also. When i see a "List nr. 1"in Block Sponsors I expect to see a "List nr. 2" also. Why would I give my only list a number otherwise?
Thanks for your time and work
Hard_Configurator(x64).exe 7b46e21e115a3704a1103760b4f57feb62519952b3e5f100f23680b3ddd10e4f Got 3fp on virus total atm.
SwitchDefaultDeny(x64).exe 201a92ba59c3157d121c9e858fc5b55dacdd337da2e22a3eb758b32ad288df53 Got 3fp on virus total atm.
I blocked all sponsors (only run once excluded) to see what will happen
So far all seems to work normal.The only block I encountered so far was with WFC:
Access to C:\Program Files\Windows Firewall Control\wfc.exe has been restricted by your Administrator by location with policy rule {1016bbe0-a716-428b-822e-5e544b6a3269} placed on path wfc.exe.
I just whitelisted the wfc.exe and it worked normal after that.
Thanks for upgrading the 7-zip version also. When i see a "List nr. 1"in Block Sponsors I expect to see a "List nr. 2" also. Why would I give my only list a number otherwise?
Thanks for your time and work
Hard_Configurator(x64).exe 7b46e21e115a3704a1103760b4f57feb62519952b3e5f100f23680b3ddd10e4f Got 3fp on virus total atm.
SwitchDefaultDeny(x64).exe 201a92ba59c3157d121c9e858fc5b55dacdd337da2e22a3eb758b32ad288df53 Got 3fp on virus total atm.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Ha, ha. I forgot to delete this.
@Andy Ful Since you asked for the blizzard pathes
D:\Games\Battle.net\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Battle.net\Agent\Agent.exe
D:\Games\Battle.net\Battle.net\Battle.net.11060\SystemSurvey.exe
C:\ProgramData\Battle.net\Agent\Agent.6685\Agent.exe
D:\Games\Battle.net\Overwatch\Overwatch.exe
Order should be like i got it from the events blocked log.
It's for the blizzard game Overwatch
D:\Games\Battle.net\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Battle.net\Agent\Agent.exe
D:\Games\Battle.net\Battle.net\Battle.net.11060\SystemSurvey.exe
C:\ProgramData\Battle.net\Agent\Agent.6685\Agent.exe
D:\Games\Battle.net\Overwatch\Overwatch.exe
Order should be like i got it from the events blocked log.
It's for the blizzard game Overwatch
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
- Mar 29, 2018
- 7,596
Bingo! I keep learning whitelisting tricks following this thread. Still the best customer service in the IT world! Thanks @Andy Ful.
I keep some apps pinned to taskbar and the color of the new icon stands out nice. Much better than generic app icon from earlier versions. Most excellent & supreme!
- Jul 3, 2015
- 8,153
For people who like high security and also have a high frustration level, isn't it more secure to whitelist the specific files, like @Freki123 did? Seeing as games are a popular target for malcoders.
@Andy Ful Thanks for your kind and helpful answer. Is there a fast method to find out which exe files are used and needed to run a game?
Only thing that comes to my mind is use "advanced srp logging" and run the game via smartscreen to get the whole bunch of exes from the log. Any other possibility? I try to avoid whitelisting folder when a game only uses like 2 exes. (But to find out which exes are needed I did what I mentioned in the configure defender thread which takes time.)
How do i refresh the settings without logging out? I read it but I think i understand it wrong
So I just sort the colums in the task manager new? (picture 2)
Tldr:
Is there a fast method to find out which exe files are used and needed to run a game?
How do i refresh the settings without logging out?
How much security would I lose with the folder whitelisting approach?
Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
Only thing that comes to my mind is use "advanced srp logging" and run the game via smartscreen to get the whole bunch of exes from the log. Any other possibility? I try to avoid whitelisting folder when a game only uses like 2 exes. (But to find out which exes are needed I did what I mentioned in the configure defender thread which takes time.)
How do i refresh the settings without logging out? I read it but I think i understand it wrong
So I just sort the colums in the task manager new? (picture 2)
Tldr:
Is there a fast method to find out which exe files are used and needed to run a game?
How do i refresh the settings without logging out?
How much security would I lose with the folder whitelisting approach?
Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
Attachments
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
First, the game has to be exploited.
Second, it is hardly possible that the exploit will attack SRP. If something will be dropped, then it will be in the %UserProfile%.
But, you are right. The most secure (and most frustrating) is whitelisting only directly blocked files.
- May 29, 2018
- 2,728
There were similar case with tera 2 years ago@Andy Ful Thanks for your kind and helpful answer. Is there a fast method to find out which exe files are used and needed to run a game?
Only thing that comes to my mind is use "advanced srp logging" and run the game via smartscreen to get the whole bunch of exes from the log. Any other possibility? I try to avoid whitelisting folder when a game only uses like 2 exes. (But to find out which exes are needed I did what I mentioned in the configure defender thread which takes time.)
How do i refresh the settings without logging out? I read it but I think i understand it wrong
So I just sort the colums in the task manager new? (picture 2)
Tldr:
Is there a fast method to find out which exe files are used and needed to run a game?
How do i refresh the settings without logging out?
How much security would I lose with the folder whitelisting approach?
Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
TERA chat has been disabled to prevent players yelling malware at you to infect your PC
Players of the MMO TERA are in an uproar this week because of a newly-discovered exploit with some very serious potential uses, including remote execution of malicious code through the in-game chat. That means - in theory - someone could remotely install malware on your computer simply by being logg
www.pcgamesn.com
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
There is not. You can use the Log or "Advanced SRP logging". In the second case use <Filtered> button to see only the entries from UserSpace (recommended).
The instruction is as follows:...
How do i refresh the settings without logging out? I read it but I think i understand it wrong
So I just sort the colums in the task manager new? (picture 2)
"Simply, run Explorer and Task Manager in extended view (from Power Menu). Sort the view in Task Manager window by clicking the 'Name' column. In the Applications section, right-click on 'Windows Explorer' entry and choose 'Restart'."
Did you run Explorer? I do not see it on your screenshot.
A little, and still much more secure than with any default-allow setup.
You cannot prevent such exploits (on the server level) with any kind of whitelisting. The server will give you the fake game update and you are done, even when you whitelist only one file.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
This can happen, but usually, the exploit is patched by the vendor until anyone is hurt (it was also the case of TERA). Anyway, if something will be dropped, then it will be in the %UserProfile%, except when the malc0ders know that you applied SRP.There were similar case with tera 2 years ago
TERA chat has been disabled to prevent players yelling malware at you to infect your PC
Players of the MMO TERA are in an uproar this week because of a newly-discovered exploit with some very serious potential uses, including remote execution of malicious code through the in-game chat. That means - in theory - someone could remotely install malware on your computer simply by being logg
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
There is not bulletproof protection against the exploits in games which use a remote server, because the user allows remote access to his/her computer.
The most secure way is installing/updating/running the game platform and games in the virtual environment with strong isolation from the real system. But, this is not bulletproof too and can be exploited. Furthermore, most games will probably fail to run properly.
Yet, in the real world, whitelisting games by using folder rules is a pretty much safe and convenient solution. It is much safer than default-allow setup and easy to apply.
The user can also use hash rules for game executables, but then it will be necessary to apply the hash rules again after each update.
The most secure way is installing/updating/running the game platform and games in the virtual environment with strong isolation from the real system. But, this is not bulletproof too and can be exploited. Furthermore, most games will probably fail to run properly.
Yet, in the real world, whitelisting games by using folder rules is a pretty much safe and convenient solution. It is much safer than default-allow setup and easy to apply.
The user can also use hash rules for game executables, but then it will be necessary to apply the hash rules again after each update.
Similar threads
-
- Sticky
