Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
I don't understand, why is it blocked, if it runs with admin rights, and ps1 is not a blocked file type?
Normally it is not run as admin, but @Freki123 have run it as admin to see the log from Advanced SRP logging feature (see TOOLS). (y)
This is probably not necessary, because he could just use <Blocked Events / Security Logs> to see the same blocked events.
The script is created by Windows to manage PowerShell Language modes, but I do not know how it is related to the game from @Freki123 post.

Andy, why the question marks instead of 1 asterisk ?
The whitelisted entries in the user Temp folder should be maximally specific (not general). The best way would be whitelisting the script by hash, but @Freki cannot probably see it because it is quickly deleted.

This script should be blocked!!! See the next post.

@Freki123,
Why do you want to whitelist this PowerShell script? Do you have any problem with the game when the script is blocked? What Windows edition do you use (Home, Pro, E3, E5)?
It seems that this script is a part of PowerShell validating mechanism to find out if SRP or Applocker are activated. When it is blocked, PowerShell turns on Constrained Language mode which is welcome. This script should be blocked, so it should not be whitelisted. If you whitelist this script the test will be fooled and PowerShell will turn off Constrained Language mode (Full Language will be applied).
 
Last edited:

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
@Andy Ful Im on Windows 10Pro, 64 bit, 1809. I didn't really wanted to whitelist powershell but from the log it seemed to me that it was the only thing blocked after i whitelisted all the needed exes.
The game wouldn't start at all that was the problem (Launcher yes, game no).
Since powershell is a bit of a mystery to me I stopped before creating big holes with any ps whitelisting.
After some try and error with H_C I found out that that the game also got a file integrity check. I ran that and it re downloaded a few files.
Tldr: It seems the problem was a corrupt game install and NOT H_C related. (Never thought of that ever).
Will have to try it again tomorrow getting late now.

Thanks for all the helpful answers :)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
@Andy Ful Im on Windows 10Pro, 64 bit, 1809. I didn't really wanted to whitelist powershell but from the log it seemed to me that it was the only thing blocked after i whitelisted all the needed exes.
The game wouldn't start at all that was the problem (Launcher yes, game no).
Since powershell is a bit of a mystery to me I stopped before creating big holes with any ps whitelisting.
After some try and error with H_C I found out that that the game also got a file integrity check. I ran that and it re downloaded a few files.
Tldr: It seems the problem was a corrupt game install and NOT H_C related. (Never thought of that ever).
Will have to try it again tomorrow getting late now.

Thanks for all the helpful answers :)
The fact that you can see this script blocked is normal and was reported in Enterprises when running signed scripts under Applocker (or SRP). I also use H_C on Windows 10Pro, 64 bit, 1809 and cannot see such script blocked. So, maybe it happens when running only digitally signed scripts? I am not sure, because I do not use signed PowerShell scripts.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
I also use H_C on Windows 10Pro, 64 bit, 1809 and cannot see such script blocked. So, maybe it happens when running only digitally signed scripts? I am not sure, because I do not use signed PowerShell scripts.
For me it was: I wanted to play a game > whitelisted stuff > the game still wouldn't start (only the launcher client). Read the error log >saw powershell stuff (which is above my skill level and I didn't want to mess it up) > gave up and asked for help/ideas.
In hindsight it seemed to be a corrupt game install but at the time being I thought it had to do with H_C. I didn't really wanted to run powershell I just wanted a working game and the powershell error was the only hint I got.
Sorry can't explain it any better.
Anyway thanks for all the kind help :)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
For me it was: I wanted to play a game > whitelisted stuff > the game still wouldn't start (only the launcher client). Read the error log >saw powershell stuff (which is above my skill level and I didn't want to mess it up) > gave up and asked for help/ideas.
In hindsight it seemed to be a corrupt game install but at the time being I thought it had to do with H_C. I didn't really wanted to run powershell I just wanted a working game and the powershell error was the only hint I got.
Sorry can't explain it any better.
Anyway thanks for all the kind help :)
You are welcome. :giggle:
Please, do not hesitate to ask, because this thread is also for learning. Anyway, your problem is interesting for two reasons:
  1. Something tried to run PowerShell.
  2. I have never seen this blocked PowerShell script on my machine, although such behavior is common in Enterprises which use SRP or Applocker.
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Problem with ran by smart screen. Any help??
214345
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Was H_C installed and enabled in your OneKey system image? What settings are you using in H_C?

Have you made any changes to firewall settings? Any other security apps installed?
no

Use ConfigureDefender :
ADMIN: SMARTSCREEN For Explorer set to Warn (or Block).(y)
I tried all Andy. I am 5 hours to the laptop . Nothing :mad: :mad:
Look the PRTSC ..##### is crazy
214349
214350
214351


Anyway i will test the Panda free tomorow and after the infection, that is sure :) other one time clean install and i will see .
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Last edited:

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
You have set it to User but you should set to Warn (or Block). That should help to use RunBySmartScreen. Microsoft probably changed something in SmartScreen and it is an issue only after the fresh install, because the old settings are absent. I will investigate it.
I did that too. I did everything I could think of making it work. Nothing.

I thought I found Why does not work.
Old version windows 10 regedit
214352


My regedit after clean install
214354
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
What happens if you enable it in group policy?Smart screen works. The program not work

214355

Here is the smart screen on my regedit

You have set it to User but you should set to Warn (or Block). That should help to use RunBySmartScreen. Microsoft probably changed something in SmartScreen and it is an issue only after the fresh install, because the old settings are absent. I will investigate it.

Microsoft sure changed something in SmartScreen and it is an issue.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
I did that too. I did everything I could think of making it work. Nothing.

I thought I found Why does not work.
Old version windows 10 regedit
View attachment 214352

My regedit after clean install
View attachment 214354
When you run H_C then it automatically adds the right registry value (if the value is absent):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SmartScreenEnabled = Prompt
So, if you are using RunBySmartScreen via H_C (set <Run As SmartScreen> = "Standard User"), then there should be no issue.
If it is anyway, then let me know, please.

Edit
You can test easily on any EXE file if SmartScreen is triggered. Simply turn off the Internet connection for a while and run the EXE file via "Run As SmartScreen" or "Run By SmartScreen" from the right-click Explorer context menu. You should see the SmartScreen prompt that SmartScreen cannot connect to SmartScreen filter.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
@stefanos,
I can guess that the issue was with the standalone RunBySmartScreen, which does not add the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SmartScreenEnabled = Prompt
This can be an issue on a fresh installation of the new Windows 10 versions. Those versions skip this registry key on a fresh installation. It is added only when the user changes the SmartScreen settings to Block or Off.
So, it seems that I have to add the ability to correct this also in RunBySmartScreen standalone version.
Anyway using ConfigureDefender to set SmartScreen to Warn or Block (but not to User) also solves this issue.
Thanks for testing. Be safe.:giggle:(y)
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
After 2 clean install windows 10 without install anything
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer SmartScreen I can not see the value smart screen. And i have not run by smart screen at axplorer. When i try to install it come the message The smartScreen is disabled. Please enable it to make use of Run by Smartscreen. But SmartScreen if i run one unknown file working.
214357
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top