Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Why don't home users use certificate rules in H_C? Wouldn't it be convenient to have a trusted vendors list?
SRP supports signing with *.cer files - most applications do not use this.

Microsoft has delayed the upgrade to Windows 1903, so I pushed the new version of Hard_Configurator (beta ver. 4.0.1.0). Please use the <Update> option from the main H_C window to test if updating works well. (y):giggle:
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Microsoft has delayed the upgrade to Windows 1903, so I pushed the new version of Hard_Configurator (beta ver. 4.0.1.0). Please use the <Update> option from the main H_C window to test if updating works well. (y):giggle:
Upgrading went without any problems with the update option (y)

Nice to see icons, but I don't like the white background of the Hard Configurator icon, see screenshot:
Schermopname (4).png

Do I have to load the enhanced profile again, because of the changes?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Upgrading went without any problems with the update option (y)

Nice to see icons, but I don't like the white background of the Hard Configurator icon, see screenshot:
View attachment 213402

Do I have to load the enhanced profile again, because of the changes?
You can save the present enhanced profile as old_enhaced (if it worked well) and load the new enhanced profile.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Upgrade went smooth.
I had a little hitch with the Sponsors. I enabled all, and unticked "runonce", and refreshed Explorer. I checked the Sponsor list, and I saw that runonce was ticked.
I unticked it again, logged off, and checked again. This time, it correctly remembered my settings.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Did update to beta, max settings enabled. I had controlled folder access enabled, since i cant access to security center while on max settings, what will happen to controlled folder access is it still enabled or?

on-demand scanners will find something, that i just exluded aswell
If you open H_C you should see towards the bottom, in the middle, a purple button called ConfigureDefender.
Click on that, scroll down on the window that opens, and you will find Controlled folder access settings in there.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
I just did the update.
I blocked all sponsors (only run once excluded) to see what will happen :D So far all seems to work normal.
The only block I encountered so far was with WFC:
Access to C:\Program Files\Windows Firewall Control\wfc.exe has been restricted by your Administrator by location with policy rule {1016bbe0-a716-428b-822e-5e544b6a3269} placed on path wfc.exe.
I just whitelisted the wfc.exe and it worked normal after that.
Thanks for upgrading the 7-zip version also. When i see a "List nr. 1"in Block Sponsors I expect to see a "List nr. 2" also. Why would I give my only list a number otherwise?
Thanks for your time and work :)
Hard_Configurator(x64).exe 7b46e21e115a3704a1103760b4f57feb62519952b3e5f100f23680b3ddd10e4f Got 3fp on virus total atm.
SwitchDefaultDeny(x64).exe 201a92ba59c3157d121c9e858fc5b55dacdd337da2e22a3eb758b32ad288df53 Got 3fp on virus total atm.
 
Last edited:

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
@Andy Ful Since you asked for the blizzard pathes
D:\Games\Battle.net\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Battle.net\Agent\Agent.exe
D:\Games\Battle.net\Battle.net\Battle.net.11060\SystemSurvey.exe
C:\ProgramData\Battle.net\Agent\Agent.6685\Agent.exe
D:\Games\Battle.net\Overwatch\Overwatch.exe
Order should be like i got it from the events blocked log.
It's for the blizzard game Overwatch
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
@Andy Ful Since you asked for the blizzard pathes
D:\Games\Battle.net\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Battle.net\Agent\Agent.exe
D:\Games\Battle.net\Battle.net\Battle.net.11060\SystemSurvey.exe
C:\ProgramData\Battle.net\Agent\Agent.6685\Agent.exe
D:\Games\Battle.net\Overwatch\Overwatch.exe
Order should be like i got it from the events blocked log.
It's for the blizzard game Overwatch
You can use two folder paths:
D:\Games\Battle.net
C:\ProgramData\Battle.net\Agent
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
You can use two folder paths:
D:\Games\Battle.net
C:\ProgramData\Battle.net\Agent

Bingo! I keep learning whitelisting tricks following this thread. Still the best customer service in the IT world! Thanks @Andy Ful. (y)

I keep some apps pinned to taskbar and the color of the new icon stands out nice. Much better than generic app icon from earlier versions. Most excellent & supreme! (y)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
You can use two folder paths:
D:\Games\Battle.net
C:\ProgramData\Battle.net\Agent
For people who like high security and also have a high frustration level, isn't it more secure to whitelist the specific files, like @Freki123 did? Seeing as games are a popular target for malcoders.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
@Andy Ful Thanks for your kind and helpful answer. Is there a fast method to find out which exe files are used and needed to run a game?
Only thing that comes to my mind is use "advanced srp logging" and run the game via smartscreen to get the whole bunch of exes from the log. Any other possibility? I try to avoid whitelisting folder when a game only uses like 2 exes. (But to find out which exes are needed I did what I mentioned in the configure defender thread which takes time.)
How do i refresh the settings without logging out? I read it but I think i understand it wrong :D
So I just sort the colums in the task manager new? (picture 2)
Tldr:
Is there a fast method to find out which exe files are used and needed to run a game?
How do i refresh the settings without logging out?
How much security would I lose with the folder whitelisting approach?
Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
 

Attachments

  • Untitled - Copy.jpg
    Untitled - Copy.jpg
    65.7 KB · Views: 229
  • Untitled2 - Copy.jpg
    Untitled2 - Copy.jpg
    148.9 KB · Views: 205

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
For people who like high security and also have a high frustration level, isn't it more secure to whitelist the specific files, like @Freki123 did? Seeing as games are a popular target for malcoders.
First, the game has to be exploited.
Second, it is hardly possible that the exploit will attack SRP. If something will be dropped, then it will be in the %UserProfile%.
But, you are right. The most secure (and most frustrating) is whitelisting only directly blocked files.:giggle:
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
@Andy Ful Thanks for your kind and helpful answer. Is there a fast method to find out which exe files are used and needed to run a game?
Only thing that comes to my mind is use "advanced srp logging" and run the game via smartscreen to get the whole bunch of exes from the log. Any other possibility? I try to avoid whitelisting folder when a game only uses like 2 exes. (But to find out which exes are needed I did what I mentioned in the configure defender thread which takes time.)
How do i refresh the settings without logging out? I read it but I think i understand it wrong :D
So I just sort the colums in the task manager new? (picture 2)
Tldr:
Is there a fast method to find out which exe files are used and needed to run a game?
How do i refresh the settings without logging out?
How much security would I lose with the folder whitelisting approach?
Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
There were similar case with tera 2 years ago
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
...Is there a fast method to find out which exe files are used and needed to run a game?
There is not. You can use the Log or "Advanced SRP logging". In the second case use <Filtered> button to see only the entries from UserSpace (recommended).
...
How do i refresh the settings without logging out? I read it but I think i understand it wrong :D
So I just sort the colums in the task manager new? (picture 2)
The instruction is as follows:
"Simply, run Explorer and Task Manager in extended view (from Power Menu). Sort the view in Task Manager window by clicking the 'Name' column. In the Applications section, right-click on 'Windows Explorer' entry and choose 'Restart'."

Did you run Explorer? I do not see it on your screenshot.

How much security would I lose with the folder whitelisting approach?
A little, and still much more secure than with any default-allow setup.

Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
You cannot prevent such exploits (on the server level) with any kind of whitelisting. The server will give you the fake game update and you are done, even when you whitelist only one file.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
There were similar case with tera 2 years ago
This can happen, but usually, the exploit is patched by the vendor until anyone is hurt (it was also the case of TERA). Anyway, if something will be dropped, then it will be in the %UserProfile%, except when the malc0ders know that you applied SRP.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
There is not bulletproof protection against the exploits in games which use a remote server, because the user allows remote access to his/her computer.
The most secure way is installing/updating/running the game platform and games in the virtual environment with strong isolation from the real system. But, this is not bulletproof too and can be exploited. Furthermore, most games will probably fail to run properly.
Yet, in the real world, whitelisting games by using folder rules is a pretty much safe and convenient solution. It is much safer than default-allow setup and easy to apply.
The user can also use hash rules for game executables, but then it will be necessary to apply the hash rules again after each update.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top