Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Why then did it show up in the log when I pressed Blocked Events? That's not only for your tool?
My tool blocks only the entries (by path) which are visible on the list. The <Blocked Events > option gives you a report from Windows Log for outbound blocked connections of all programs (event Id = 5152). So you can see there all applications that are blocked, not only those that you choose to block via my tool.
Do you use any DNS filtering program?
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
My tool blocks only the entries (by path) which are visible on the list. The <Blocked Events > option gives you a report from Windows Log for outbound blocked connections of all programs (event Id = 5152). So you can see there all applications that are blocked, not only those that you choose to block via my tool.
Thanks, I figured that out when I saw CCleaner blocks.
Had blocked them myself in Windows Firewall.
Now I have to find the reason for the other blocks.. :unsure:
O&O ShutUp 10 can be a reason.
Will see if there are no more blocks when resetting O&O ShutUp 10 to the default windows values.
Just wanted to say, great new tool and good info on the logs (y)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I have blocked connections for all available LOLBins, and can see only a few blocked events daily for compattelrunner.exe and explorer.exe.
Is it recommended to block compattelrunner?
I read that it checks your specs to see if your system meets requirements for certain Windows updates. That sounds like a good thing to me.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
The program compattelrunner.exe is run by 2 Application Experience tasks:
  1. Microsoft Compatibility Appraiser
  2. ProgramDataUpdater
Both are for users who participate in the Windows Customer Experience Improvement Program. It collects the data about computer usage to help M$ improve Windows. Many users reported an extensive usage of resources when it is running. It is not for the users but for M$:

It is ticked by default on SysHardener list, but I do not think that it has to be blocked. Your choice.
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@Andy Ful

Thanks for the new tool.

Feature request, on Hard_Configurator:

a) Since powershell is also included in the block sponsors section, could you change that to running powerscripts RESTRICTED?

b) Could you replace the obselete option of "No removable disk execution" with "Disable CMD and scripts"?

Thanks

Kees

P.S. I changed default setting to Disallowed on my desktop and Asus Transformer. When that runs OK after May Update, I will change it on my Wife's laptop also. :)
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Okay did a reset on my laptop and going for an almost all Microsoft config with Office 365 Home installed through the store and Edge Dev as daily browser on my laptop with windows 10 1903.
Removed Internet Explorer 11.
Hard_Configurator Beta 4.0.1.0 at recommended settings (asked on first start).
ConfigureDefender 2.0.0.1 at High protection level.
FirewallHardening 1.0.0.0 added Recommended H_C.
Anything I need to add or change for better protection?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Okay did a reset on my laptop and going for an almost all Microsoft config with Office 365 Home installed through the store and Edge Dev as daily browser on my laptop with windows 10 1903.
Removed Internet Explorer 11.
Hard_Configurator Beta 4.0.1.0 at recommended settings (asked on first start).
ConfigureDefender 2.0.0.1 at High protection level.
FirewallHardening 1.0.0.0 added Recommended H_C.
Anything I need to add or change for better protection?
Add Firewall Rules (FirewallHardening) for MS Office and HIGH Protection Level for WD (ConfigureDefender). Some ASR rules introduced via HIGH Protection Level are important for MS Office. Stay a while on these settings to see if they work well for you.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Add Firewall Rules (FirewallHardening) for MS Office and HIGH Protection Level for WD (ConfigureDefender). Some ASR rules introduced via HIGH Protection Level are important for MS Office. Stay a while on these settings to see if they work well for you.
Sorry, forgot to mention that I already set the High protection level for WD (edited post).
The add firewall rules for MS Office doesn't seem to work on my system.
Maybe because I have Office 365 Home installed through the Microsoft Store.
Found that office trough the store had extra ASR rules rolled out recently:
So in theory more secure then the regular apps, but don't know if those rules are working on my system :unsure:
EDIT: found the missing link :D
 
Last edited:

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Okay did a reset on my laptop and going for an almost all Microsoft config with Office 365 Home installed through the store and Edge Dev as daily browser on my laptop with windows 10 1903.

Anything I need to add or change for better protection?

When you don't use an Anti-Virus, Anti-Exploit or AdBlocker which injects its code (a DLL) into the browser, add this Exploit Protection (App & Browser Control of Windows Defender).

214168
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Office 365 has a different path than the regular Office.
FirewallHardening reads the MS Office application path from the Registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\winword.exe

I am afraid that Office 365 may have different paths.:(
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
FirewallHardening reads the MS Office application path from the Registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\winword.exe

I am afraid that Office 365 may have different paths.:(
I have Office 365 and I checked the reg key, and it shows the right path
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
@Gandalf_The_Grey and @shmu26
Could you please check the registry key:
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Office 365
Under the value: 'InstallLocation' should be the right installation path. If so, then I can add this into FirewallHardening tool.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I have Office 365 and I checked the reg key, and it shows the right path
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
So in your case, adding the firewall block rules for Office 365 via FirewallHardening tool should work. The right application paths to excel.exe, powerpoint.exe and word.exe should be visible on the list.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
@Gandalf_The_Grey and @shmu26
Could you please check the registry key:
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Office 365
Under the value: 'InstallLocation' should be the right installation path. If so, then I can add this into FirewallHardening tool.
It's not there (in my case) because of the install from Microsoft Store:

Schermopname (1).png


Through the task manager I get these paths:
Access: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.11601.20230.0_x86__8wekyb3d8bbwe\Office16
Excel: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.11601.20230.0_x86__8wekyb3d8bbwe\Office16
Outlook: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11601.20230.0_x86__8wekyb3d8bbwe\Office16
Powerpoint: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.11601.20230.0_x86__8wekyb3d8bbwe\Office16
Publisher: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.11601.20230.0_x86__8wekyb3d8bbwe\Office16
Word: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.11601.20230.0_x86__8wekyb3d8bbwe\Office16

So they are in (access restricted) C:\Program Files\WindowsApps when installed from the store.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top