Hard_Configurator - Windows Hardening Configurator

[Gandalf_The_Grey]

I ran Firewall Hardening tool , and I enabled all the options, and I have not encountered any issues. Many of the processes on the firewall list are on the H_C Sponsor list, so they are somewhat redundant, if you already enabled blocking for those sponsors.

I have only Recommended H_C enabled.

With LOLBins I got a firewall block from explorer, possibly related to the OneDrive sync I use.
MS Office didn't do anything on my system because I have Office 365 Home installed through the Microsoft Store.
Adobe Acrobat is useless for me because I don't use it. I use Foxit Reader (with all built-in security enabled) instead.

 

[oldschool]

I've enabled Recommended H_C + MS Office rules. Before restarting machine I opened Windows Firewall and noticed the info message "For your security, some settings are managed by your administrator." A nice touch with the reminder! Or Windows knew the rules were handled by another application. I'm only using Windows Defender + VoodooShield Pro and this is an easy, user-friendly addition.

 

[Freki123]

For me it's sometimes hard to track which on/off/whatever setting belongs to which option. Any chance to keep the overview easier? Same problem for the mainsettings page of H_C. Version 4.0.1.0 so far working great.

 

[shmu26]

I got a firewall block from explorer, possibly related to the OneDrive sync I use.

Interesting. I also use OneDrive, but I don't get a firewall block from Explorer.

 

[oldschool]

For me it's sometimes hard to track which on/off/whatever setting belongs to which option. Any chance to keep the overview easier? Same problem for the mainsettings page of H_C. Version 4.0.1.0 so far working great.
View attachment 214431

You're talking about GUI improvements, right?

 

[Freki123]

You're talking about GUI improvements, right?

Yes. The functions are all fine. I just lose the overview. Gui improvements would be the best word for it, thanks.

 

[Gandalf_The_Grey]

Interesting. I also use OneDrive, but I don't get a firewall block from Explorer.

I will enable it again and post the block when it occurs.

 

[Andy Ful]

I ran Firewall Hardening tool , and I enabled all the options, and I have not encountered any issues. Many of the processes on the firewall list are on the H_C Sponsor list, so they are somewhat redundant, if you already enabled blocking for those sponsors.

That is right. Only a few are not on the list of the blocked sponsors, like rundll32.exe, because they are often used by the system and some applications.
Generally, if the H_C user has an updated system/software on Windows 10, then he does not need to block Sponsors or harden the firewall. On the other hand, the impact of the firewall hardening on computer usability is close to 0, so it will not hurt. Firewall hardening may be useful on the vulnerable system with vulnerable software, as an additional security layer.
Sometimes the user cannot block a few Sponsors, and then they can be blocked by firewall.
Furthermore, the user can block Internet access to vulnerable applications like Word, Excel, PowerPoint, Wordpad, etc.

 

[Andy Ful]

I have only Recommended H_C enabled.

With LOLBins I got a firewall block from explorer, possibly related to the OneDrive sync I use.
...

OneDrive uses its own EXE files, so this is another reason.

 

[Gandalf_The_Grey]

OneDrive uses its own EXE files, so this is another reason.

Doesn't block anything at the moment...
So all is good for now.
I will keep an eye on the blocked events and report back if or when there is a block.

 

[Andy Ful]

For me it's sometimes hard to track which on/off/whatever setting belongs to which option. Any chance to keep the overview easier? Same problem for the mainsettings page of H_C. Version 4.0.1.0 so far working great.
View attachment 214431

I do not think it could be much easier. H_C is a complex application, a kind of configuration desktop and diagnostic tool. It allows configuring the options and shows at the same time which options are activated. So, if you run H_C you can see at once, without clicking, what settings are activated. The less advanced users can have a problem with a diagnostic part, because they do not understand what is the meaning of several settings. But, they can simply ignore them, and focus on two buttons <Recommended SRP> and <Recommended Restrictions>.

Anyway, I may be wrong. So, If someone has a good idea about GUI, then we can discuss it on this thread.

I am working on the new version which will look like:

So, the user can just focus on a few colored buttons to get most of H_C.

 

[Andy Ful]

Doesn't block anything at the moment...
So all is good for now.
I will keep an eye on the blocked events and report back if or when there is a block.

You will see a few blocked events daily for Explorer and Compattelrunner.

 

[simmerskool]

[snip] somewhat redundant, if you already enabled blocking for those sponsors.

I saw Andy's post the other day (could not find it last night) suggesting if running cf@cs (cruelcomodo) don't run H_C, or osarmor, or syshardener, or voodooshield. I've been using cf@cs for many months, and installed H_C a few weeks ago with default settings, and I did not see any apparent conflict, and best I could tell H_C was doing its thing, saw no slowdown. (Also a great thread for knowledge). BUT I was checking into cf settings since it has updated to v12, and decided to disable H_C. I was going to uninstall H_C but got the popup warning about reverting to windows (7) defaults, so I left H_C installed but disable or rather not enabled. So the question is about redundancy. Does H_C offer a layer of protection not provided by cf@cs? I imagine if yes, then tweaks are needed. What about voodooshield with cf@cs, does VS offer any additional protection, or just redundant? I asked Dan about this in the past, but he was not familiar enough with cf to comment, but said if there's no conflict, ok to leave VS installed. feedback / explanations welcome. thanks!

 

[bribon77]

Well, I'm not @Andy Ful. But I will tell my experience with H_C.
I have it installed and sometimes I activate it and other times I do not, but normally I have it activated in w7 with Cf and the configuration of Sister,
I have not had any conflicts until now.
with the configuration <recommended by SRP> and <recommended restrictions>. and the profile with the recommendation of w7 and some marked sponsors, but few of them.
H_C Version 4.0.0.2 ..

 

[Andy Ful]

I saw Andy's post the other day (could not find it last night) suggesting if running cf@cs (cruelcomodo) don't run H_C, or osarmor, or syshardener, or voodooshield. I've been using cf@cs for many months, and installed H_C a few weeks ago with default settings, and I did not see any apparent conflict, and best I could tell H_C was doing its thing, saw no slowdown. (Also a great thread for knowledge). BUT I was checking into cf settings since it has updated to v12, and decided to disable H_C. I was going to uninstall H_C but got the popup warning about reverting to windows (7) defaults, so I left H_C installed but disable or rather not enabled. So the question is about redundancy. Does H_C offer a layer of protection not provided by cf@cs? I imagine if yes, then tweaks are needed. What about voodooshield with cf@cs, does VS offer any additional protection, or just redundant? I asked Dan about this in the past, but he was not familiar enough with cf to comment, but said if there's no conflict, ok to leave VS installed. feedback / explanations welcome. thanks!

You can configure CF with CS settings (several additional tweaks are required) in a way that allows skipping H_C or VS. But, this can produce some incompatibilities with Windows Updates/Upgrades, especially on Windows 10. The problem is that CF can block/restrict both processes with medium and high integrity levels (standard and admin rights). But, H_C is set to block only processes with medium integrity level (standard rights). So, H_C can block safely much more processes without a visible impact on the system. This is optimal in the home environment, because all new processes (also the malware) can be started by the user only with standard rights (things are different in Enterprises). If the unsafe processes are properly restricted, then the malware cannot bypass UAC and elevate even on Admin account.

Anyway, you can safely uninstall H_C because it uses Windows policies which are not changed by CF settings. Both H_C and CF can coexist together, but in my opinion, such setup will be too complex for most users, because many security features are doubled.
Furthermore, on Windows 10, some H_C executables have to be specially configured in CF to apply forced SmartScreen.

 

[Andy Ful]

If I wanted to add something to CF with CS settings, then I would rather use RunBySmartScreen (on Windows 8+) and DocumentAntiExploit tool (for MS Office). The user on Windows 10 can keep Windows Defender and apply ConfiguredeFender HIGH Security Level, because WD ASR rules can add a security layer to CF.
RunBySmartScreen would require a special Trusted setting in CF, because CF should allow RunBySmartScreen running untrusted processes. This allows reducing the Trusted Vendor List in CF to some entries required for updating system/software.
The PDF reader can be run in Comodo Sandbox. Script Interpreters should be set as Untrusted in CF. Depending on the CF configuration, also Firewall Hardening tool could be useful.
But, CF in CS settings is pretty strong even without the above additions.

 

[oldschool]

Both H_C and CF can coexist together, but in my opinion, such setup will be too complex for most users, because many security features are doubled.
Furthermore, on Windows 10, some H_C executables have to be specially configured in CF to apply forced SmartScreen.

It sounds too complex a setup. I would choose either CFW or H_C, and it would be the latter for myself because it is fully compatible with Windows and is pretty user friendly whereas CFW can have issues. I've been here on the forum just long enough to learn to keep things simple.

Stay safe, not paranoid.

 

[shmu26]

You will see a few blocked events daily for Explorer and Compattelrunner.

That's interesting. I admit that I didn't go back after a day to check the log, everything seemed to be working so well I just forgot about it. But I am curious why the daily blocks from Explorer?

About CF at CS settings (with no changes): I still don't understand why it is not recommended to run it with H_C? In my experience, all you need to do is "trust" Run As Smartscreen, and then everything works fine. If you want to open the H_C GUI, then you need to "trust" that, too. No big deal.
If the user so wishes, he could rely on the Comodo default/deny, and allow EXE and TMP files in H_C. Alternatively, he could run H_C at recommended settings, and Comodo default/deny will be a safety net, in case the user (or smartscreen) made a mistake.

 

[Evjl's Rain]

hi, Andy
I appreciate your effort to make Firewall hardening tool
After comparing it vs syshardener's firewall rules, I saw that:
- Firewall hardening tool has many more rules
- syshardener only has 4 more rules (or 6 if syswow64 rules are also counted):
Bitsadmin.exe (+syswow64)
Csrss.exe
Dwm.exe
Eventvwr.exe (+syswow64)

if you can add these following processes to your tool, I'm very happy to delete all syshardener's firewall rules

by the way, do you consider blocking all of them with inbound connection rules? hackers can abuse inbound connections to access victim's PC
thank you

 

[shmu26]

hi, Andy
I appreciate your effort to make Firewall hardening tool
After comparing it vs syshardener's firewall rules, I saw that:
- Firewall hardening tool has many more rules
- syshardener only has 4 more rules (or 6 if syswow64 rules are also counted):
Bitsadmin.exe (+syswow64)
Csrss.exe
Dwm.exe
Eventvwr.exe (+syswow64)

if you can add these following processes to your tool, I'm very happy to delete all syshardener's firewall rules

by the way, do you consider blocking all of them with inbound connection rules? hackers can abuse inbound connections to access victim's PC
thank you

Regarding Bitsadmin.exe
Firewall can't block it effectively, because the actual connection is made by BITS, which can't be blocked (as far as I know). The only thing you can do is block Bitsadmin.exe from executing, but once it executes, you can't block the firewall access.