Andy Ful

Level 49
Verified
Trusted
Content Creator
Why don't home users use certificate rules in H_C? Wouldn't it be convenient to have a trusted vendors list?
SRP supports signing with *.cer files - most applications do not use this.

Microsoft has delayed the upgrade to Windows 1903, so I pushed the new version of Hard_Configurator (beta ver. 4.0.1.0). Please use the <Update> option from the main H_C window to test if updating works well. (y):giggle:
 

Gandalf_The_Grey

Level 22
Verified
Microsoft has delayed the upgrade to Windows 1903, so I pushed the new version of Hard_Configurator (beta ver. 4.0.1.0). Please use the <Update> option from the main H_C window to test if updating works well. (y):giggle:
Upgrading went without any problems with the update option (y)

Nice to see icons, but I don't like the white background of the Hard Configurator icon, see screenshot:
Schermopname (4).png

Do I have to load the enhanced profile again, because of the changes?
 
Last edited:

Andy Ful

Level 49
Verified
Trusted
Content Creator
Upgrading went without any problems with the update option (y)

Nice to see icons, but I don't like the white background of the Hard Configurator icon, see screenshot:
View attachment 213402

Do I have to load the enhanced profile again, because of the changes?
You can save the present enhanced profile as old_enhaced (if it worked well) and load the new enhanced profile.
 

shmu26

Level 83
Verified
Trusted
Content Creator
Upgrade went smooth.
I had a little hitch with the Sponsors. I enabled all, and unticked "runonce", and refreshed Explorer. I checked the Sponsor list, and I saw that runonce was ticked.
I unticked it again, logged off, and checked again. This time, it correctly remembered my settings.
 

shmu26

Level 83
Verified
Trusted
Content Creator
Did update to beta, max settings enabled. I had controlled folder access enabled, since i cant access to security center while on max settings, what will happen to controlled folder access is it still enabled or?

on-demand scanners will find something, that i just exluded aswell
If you open H_C you should see towards the bottom, in the middle, a purple button called ConfigureDefender.
Click on that, scroll down on the window that opens, and you will find Controlled folder access settings in there.
 

Freki123

Level 6
Verified
I just did the update.
I blocked all sponsors (only run once excluded) to see what will happen :D So far all seems to work normal.
The only block I encountered so far was with WFC:
Access to C:\Program Files\Windows Firewall Control\wfc.exe has been restricted by your Administrator by location with policy rule {1016bbe0-a716-428b-822e-5e544b6a3269} placed on path wfc.exe.
I just whitelisted the wfc.exe and it worked normal after that.
Thanks for upgrading the 7-zip version also. When i see a "List nr. 1"in Block Sponsors I expect to see a "List nr. 2" also. Why would I give my only list a number otherwise?
Thanks for your time and work :)
Hard_Configurator(x64).exe 7b46e21e115a3704a1103760b4f57feb62519952b3e5f100f23680b3ddd10e4f Got 3fp on virus total atm.
SwitchDefaultDeny(x64).exe 201a92ba59c3157d121c9e858fc5b55dacdd337da2e22a3eb758b32ad288df53 Got 3fp on virus total atm.
 
Last edited:

Freki123

Level 6
Verified
@Andy Ful Since you asked for the blizzard pathes
D:\Games\Battle.net\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Battle.net\Agent\Agent.exe
D:\Games\Battle.net\Battle.net\Battle.net.11060\SystemSurvey.exe
C:\ProgramData\Battle.net\Agent\Agent.6685\Agent.exe
D:\Games\Battle.net\Overwatch\Overwatch.exe
Order should be like i got it from the events blocked log.
It's for the blizzard game Overwatch
 

Andy Ful

Level 49
Verified
Trusted
Content Creator
@Andy Ful Since you asked for the blizzard pathes
D:\Games\Battle.net\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Battle.net\Agent\Agent.exe
D:\Games\Battle.net\Battle.net\Battle.net.11060\SystemSurvey.exe
C:\ProgramData\Battle.net\Agent\Agent.6685\Agent.exe
D:\Games\Battle.net\Overwatch\Overwatch.exe
Order should be like i got it from the events blocked log.
It's for the blizzard game Overwatch
You can use two folder paths:
D:\Games\Battle.net
C:\ProgramData\Battle.net\Agent
 

oldschool

Level 38
Verified
You can use two folder paths:
D:\Games\Battle.net
C:\ProgramData\Battle.net\Agent
Bingo! I keep learning whitelisting tricks following this thread. Still the best customer service in the IT world! Thanks @Andy Ful. (y)

I keep some apps pinned to taskbar and the color of the new icon stands out nice. Much better than generic app icon from earlier versions. Most excellent & supreme! (y)
 

Freki123

Level 6
Verified
@Andy Ful Thanks for your kind and helpful answer. Is there a fast method to find out which exe files are used and needed to run a game?
Only thing that comes to my mind is use "advanced srp logging" and run the game via smartscreen to get the whole bunch of exes from the log. Any other possibility? I try to avoid whitelisting folder when a game only uses like 2 exes. (But to find out which exes are needed I did what I mentioned in the configure defender thread which takes time.)
How do i refresh the settings without logging out? I read it but I think i understand it wrong :D
So I just sort the colums in the task manager new? (picture 2)
Tldr:
Is there a fast method to find out which exe files are used and needed to run a game?
How do i refresh the settings without logging out?
How much security would I lose with the folder whitelisting approach?
Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
 

Attachments

Andy Ful

Level 49
Verified
Trusted
Content Creator
For people who like high security and also have a high frustration level, isn't it more secure to whitelist the specific files, like @Freki123 did? Seeing as games are a popular target for malcoders.
First, the game has to be exploited.
Second, it is hardly possible that the exploit will attack SRP. If something will be dropped, then it will be in the %UserProfile%.
But, you are right. The most secure (and most frustrating) is whitelisting only directly blocked files.:giggle:
 

Moonhorse

Level 27
Verified
Content Creator
@Andy Ful Thanks for your kind and helpful answer. Is there a fast method to find out which exe files are used and needed to run a game?
Only thing that comes to my mind is use "advanced srp logging" and run the game via smartscreen to get the whole bunch of exes from the log. Any other possibility? I try to avoid whitelisting folder when a game only uses like 2 exes. (But to find out which exes are needed I did what I mentioned in the configure defender thread which takes time.)
How do i refresh the settings without logging out? I read it but I think i understand it wrong :D
So I just sort the colums in the task manager new? (picture 2)
Tldr:
Is there a fast method to find out which exe files are used and needed to run a game?
How do i refresh the settings without logging out?
How much security would I lose with the folder whitelisting approach?
Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
There were similar case with tera 2 years ago
 

Andy Ful

Level 49
Verified
Trusted
Content Creator
...Is there a fast method to find out which exe files are used and needed to run a game?
There is not. You can use the Log or "Advanced SRP logging". In the second case use <Filtered> button to see only the entries from UserSpace (recommended).
...
How do i refresh the settings without logging out? I read it but I think i understand it wrong :D
So I just sort the colums in the task manager new? (picture 2)
The instruction is as follows:
"Simply, run Explorer and Task Manager in extended view (from Power Menu). Sort the view in Task Manager window by clicking the 'Name' column. In the Applications section, right-click on 'Windows Explorer' entry and choose 'Restart'."

Did you run Explorer? I do not see it on your screenshot.

How much security would I lose with the folder whitelisting approach?
A little, and still much more secure than with any default-allow setup.

Counter-Strike vulnerabilities Exploited by Malicious Servers I remembered that when shmu26 said people target games. Ty
You cannot prevent such exploits (on the server level) with any kind of whitelisting. The server will give you the fake game update and you are done, even when you whitelist only one file.
 

Andy Ful

Level 49
Verified
Trusted
Content Creator
There were similar case with tera 2 years ago
This can happen, but usually, the exploit is patched by the vendor until anyone is hurt (it was also the case of TERA). Anyway, if something will be dropped, then it will be in the %UserProfile%, except when the malc0ders know that you applied SRP.
 

Andy Ful

Level 49
Verified
Trusted
Content Creator
There is not bulletproof protection against the exploits in games which use a remote server, because the user allows remote access to his/her computer.
The most secure way is installing/updating/running the game platform and games in the virtual environment with strong isolation from the real system. But, this is not bulletproof too and can be exploited. Furthermore, most games will probably fail to run properly.
Yet, in the real world, whitelisting games by using folder rules is a pretty much safe and convenient solution. It is much safer than default-allow setup and easy to apply.
The user can also use hash rules for game executables, but then it will be necessary to apply the hash rules again after each update.