Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

After 2 clean install windows 10 without install anything
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer SmartScreen I can not see the value smart screen. And i have not run by smart screen at axplorer. When i try to install it come the message The smartScreen is disabled. Please enable it to make use of Run by Smartscreen. But SmartScreen if i run one unknown file working.
View attachment 214357

That is normal in the new Windows 10 compilations, as I explained in my previous post.
It seems that we posted at the same time.
From your post, it seems that you try to install the standalone version of RunBySmartScreen. It is not necessary (and not recommended) when you use H_C because RunBySmartScreen is already included in H_C with the option <Run As SmartScreen> = "Standard User". But, in the H_C recommended settings you should see the setting <Run As SmartScreen> = "Administrator" (allows bypass SRP). With this setting you will see "Run As SmartScreen" option in Explorer context menu (it works differently from "Run By SmartScreen".

 

[stefanos]

@stefanos,
I can guess that the issue was with the standalone RunBySmartScreen, which does not add the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SmartScreenEnabled = Prompt
This can be an issue on a fresh installation of the new Windows 10 versions. Those versions skip this registry key on a fresh installation. It is added only when the user changes the SmartScreen settings to Block or Off.
So, it seems that I have to add the ability to correct this also in RunBySmartScreen standalone version.
Thanks for testing. Be safe.

Thanks my friend. Because I am dead . Ι trying to find a solution two days. I have no other patience to deal with the problem

That is normal in the new Windows 10 compilation, as I explained in my previous post.
It seems that we posted at the same time.

Yes

If your new install is 1903 my guess would be MS needs a few days to fix stuff/problems. I mean the got usb stick upgrade problems, amd driver problems....
I'm still on 1809 better wait till more help arrives

Is windows 10 1809 after clean install

 

[Andy Ful]

@stefanos
Here is the simple trick with standalone RunBySmartScreen for those users who do not use H_C. Go to the WD Security Center and open App & browser control. Next, find the section 'Check apps and files'. Change the setting to from Warn to Block, and after accepting changes change it back from Block to Warn. This will add the right registry entry which will allow installation of standalone RunBySmartScreen.

 

[paulderdash]

On my ancient HP Intel Atom N550 Netbook, Win 10 Home v1809 (Build 17763.529) where I have H_C running, I have recently experienced that WinX Command Prompt (Admin), and Windows button right-click->Command Prompt (Admin), has exactly the problem described here:

Run as Administrator Option Missing or Does Nothing; File Association Error

Case 1: When you right-click on an executable file or a shortcut, the Run as Administrator may be missing. From Windows 10 or 11 Start menu, if you right-click a program, click More, and select Run as…

www.winhelponline.com

(Haven't tried the solution in the article yet to see if it fixes the issue).

I was wondering if H_C could have caused this, and if so, which setting it would be?

Probably a long shot as I have been using H_C for a little while and had not noticed this before ... and it happens with default-deny on or off.

 

[Andy Ful]

On my ancient HP Intel Atom N550 Netbook, Windows 10 Home v1809 (Build 17763.529) where I have H_C running, I have recently experienced that WinX Command Prompt (Admin), and Windows button right-click->Command Prompt (Admin), has exactly the problem described here:

Run as Administrator Option Missing or Does Nothing; File Association Error

Case 1: When you right-click on an executable file or a shortcut, the Run as Administrator may be missing. From Windows 10 or 11 Start menu, if you right-click a program, click More, and select Run as…

www.winhelponline.com

(Haven't tried the solution in the article yet to see if it fixes the issue).

I was wondering if H_C could have caused this, and if so, which setting it would be?

Probably a long shot as I have been using H_C for a little while and had not noticed this before ... and it happens with default-deny on or off.

Yes, this is one of H_C's settings:
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-815210
The solution is mentioned also in the help for <Hide 'Run As Administrator> option.

 

[stefanos]

@stefanos
Here is the simple trick with standalone RunBySmartScreen for those users who do not use H_C. Go to the WD Security Center and open App & browser control. Next, find the section 'Check apps and files'. Change the setting to from Warn to Block, and after accepting changes change it back from Block to Warn. This will add the right registry entry which will allow installation of standalone RunBySmartScreen.

I think I tried it and it did not succeed. I tried other one time and after i try H C. Just i scare my bad English with H C

@stefanos
Here is the simple trick with standalone RunBySmartScreen for those users who do not use H_C. Go to the WD Security Center and open App & browser control. Next, find the section 'Check apps and files'. Change the setting to from Warn to Block, and after accepting changes change it back from Block to Warn. This will add the right registry entry which will allow installation of standalone RunBySmartScreen.

YEEEEEEEEEEEEEEEEES GOOOAAAAAAALLLLL Now workinggg. S. HIT 2 days for so easy solution

 

[Andy Ful]

I think I tried it and it did not succeed. I tried other one time and after i try H C. Just i scare my bad English with H C


YEEEEEEEEEEEEEEEEES GOOOAAAAAAALLLLL Now workinggg. S. HIT 2 days for so easy solution

You are three fresh installations wiser and your English has improved a little.

 

[Gandalf_The_Grey]

I enabled the Windows 10 Recommended Enhanced profile in Hard Configurator.
Is there a list or something like that to see what this does?
Couldn't find it in the manual.
FirewallHardening is at Recommended H_C
ConfigureDefender is at High Settings
I enabled Windows Defender Sandbox by running:

setx /M MP_FORCE_USE_SANDBOX 1

Is there a reason for not including the Windows Defender Sandbox setting in ConfigureDefender?

 

[Andy Ful]

I enabled the Windows 10 Recommended Enhanced profile in Hard Configurator.
Is there a list or something like that to see what this does?
...

Any Recommended Enhanced profile = recommended settings + some blocked Sponsors. What sponsors are blocked can be seen after pressing <Block Sponsors> button (mostly Script Interpreters).

Is there a reason for not including the Windows Defender Sandbox setting in ConfigureDefender?

Not for now. I did not test it. If it will work well then surely will be added.

 

[oldschool]

Not for now. I did not test it. If it will work well then surely will be added.

It's been working well for me. It uses more RAM than the antimalware service but no big deal. Overall CPU is very low and Windows 1903 is fast.

 

[shmu26]

Question: If I enabled the user-account-specific DocumentsAntiExploit, but not the system-wide Documents Anti-Exploit, and I use MS Office 365, what are the security risks involved?

 

[Andy Ful]

Question: If I enabled the user-account-specific DocumentsAntiExploit, but not the system-wide Documents Anti-Exploit, and I use MS Office 365, what are the security risks involved?

It is user-account-specific as you mentioned. Furthermore, some MS Office components can still use VBA (templates, Add-ins, etc.). VBA macros are blocked only in documents.
For you, the difference is not important.

 

[oldschool]

@Andy Ful is the Firewall Hardening tool meant to be used in conjunction with H_C or may it be used by itself? Maybe I should re-read the relevant posts ...

 

[shmu26]

some MS Office components can still use VBA (templates, Add-ins, etc.).

Agreed that add-ins is not a big issue, as long as you check them out before installing/adding.
But malicious templates could be delivered the same way as malicious docs, correct? It's not readily apparent when you open a Word file whether it is a doc or a template.

Is the ASR rule "Impede JavaScript and VBScript to launch executables" a good replacement for the missing protection?

 

[Andy Ful]

@Andy Ful is the Firewall Hardening tool meant to be used in conjunction with H_C or may it be used by itself? Maybe I should re-read the relevant posts ...

It can be used as a standalone application.

...
But malicious templates could be delivered the same way as malicious docs, correct? It's not readily apparent when you open a Word file whether it is a doc or a template.

Yes, in theory. But, did you ever hear about such malware?
Anyway, if you want, you can add the template extensions to Designated File Types.

Is the ASR rule "Impede JavaScript and VBScript to launch executables" a good replacement for the missing protection?

It is good against malware in the wild. But, can be bypassed in targetted attacks.

 

[shmu26]

Yes, in theory. But, did you ever hear about such malware?
Anyway, if you want, you can add the template extensions to Designated File Types.

It is good against malware in the wild. But, can be bypassed in targetted attacks.

If you target me, I don't stand a chance

 

[Andy Ful]

I am the defender, not the attacker.

 

[shmu26]

Yes, in theory. But, did you ever hear about such malware?

Yeah, I guess it would be kind of stupid to launch a malware campaign that delivers templates, which would arouse suspicion, when they could do the same with docs.

 

[oldschool]

It can be used as a standalone application.

Thanks Andy. I'll give it a try and play around with it.

 

[shmu26]

Thanks Andy. I'll give it a try and play around with it.

I ran Firewall Hardening tool , and I enabled all the options, and I have not encountered any issues. Many of the processes on the firewall list are on the H_C Sponsor list, so they are somewhat redundant, if you already enabled blocking for those sponsors.