Hard_Configurator - Windows Hardening Configurator

B

blueblackwow65

Level 23
Verified
Well-known
Dec 19, 2012
1,250
Windows_Security said:
When you are using your PC as Admin (not a seperate basic user account) and use Windows Defender as antivirus, simple use this profile and you are good to go. It is not a Default Deny (it has a hole in it, but uses the whitelist of WD to protect this hole). You probably end up using a full default deny policy, but this is a good first step in using a whitelist in stead of blacklist approach.

malwaretips.com

Using Hard_Configurator in HARDENEDmode with ConfigureDefender in HIGHEST protection on Windows10

I do not think this UAC setting useful with H_C Recommended settings. This profile does not require whitelisting applications in UserSpace, so it is easier to manage. It is worth to remember that the UAC setting 'Only elevate executables that are signed and validated', will block application...
malwaretips.com malwaretips.com
Click to expand...
How about if I am not using windows defender ?
 
  • Like
Reactions: Gandalf_The_Grey and oldschool
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,596
blueblackwow65 said:
How about if I am not using windows defender ?
Click to expand...

It shouldn't be a problem, but I suggest reading here where using any AV is mentioned: Windows Defender - Using Hard_Configurator in HARDENEDmode with ConfigureDefender in HIGHEST protection on Windows10 And of course, reading the Help pages, User Manual and as much of H_C thread to learn more is also a good thing, though it is rather long now.

H_C's smart default deny "Recommended" settings are also pretty easy to use, or you may tweak H_C to default-allow according to your preferences. You don't have a Security Configuration posted so I'll restrict my answer to this for now.
 
  • Like
Reactions: Freki123, bribon77, blueblackwow65 and 4 others
Marana

Marana

Level 1
Verified
Jan 21, 2018
48
@Andy Ful I didn't find a separate thread about FirewallHardening tool, so I hope it is appropriate to ask about it here...

The tools seems to be working fine, but I'm curious about why the rules in the group "H_C Firewall Rules" are not shown when using the Binisoft Windows Firewall Control. It seems to me that WFC displays all other rules configured for Windows Firewall except those inserted by FirewallHardening(x64).exe...
 
  • Like
Reactions: oldschool, harlan4096, Andy Ful and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
Marana said:
@Andy Ful I didn't find a separate thread about FirewallHardening tool, so I hope it is appropriate to ask about it here...

The tools seems to be working fine, but I'm curious about why the rules in the group "H_C Firewall Rules" are not shown when using the Binisoft Windows Firewall Control. It seems to me that WFC displays all other rules configured for Windows Firewall except those inserted by FirewallHardening(x64).exe...
Click to expand...
The rules are applied via Windows Policies. They cannot be removed/changed by using the Windows Firewall console. Binisoft Windows Firewall Control probably do not check firewall rules introduced via Windows Policies.
 
  • Like
Reactions: ForgottenSeer 85179, oldschool, Gandalf_The_Grey and 2 others
paulderdash

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
Apologies for what is probably a dumb question so far down this thread, else just tell me to go RTFM!

I have scanned the manual, but is there a separate 'ConfigureDefender' panel within H_C, with the different modes, or ability to access the ConfigureDefender settings only, or is it generally built into the Recommended SRP and Restrictions (buttons).

I would want to run H_C at default, but Defender at 'High' ... is this easily achieved in H_C?
 
  • Like
Reactions: oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
paulderdash said:
Apologies for what is probably a dumb question so far down this thread, else just tell me to go RTFM!

I have scanned the manual, but is there a separate 'ConfigureDefender' panel within H_C, with the different modes, or ability to access the ConfigureDefender settings only, or is it generally built into the Recommended SRP and Restrictions (buttons).

I would want to run H_C at default, but Defender at 'High' ... is this easily achieved in H_C?
Click to expand...
H_C settings from the main panel do not change ConfigureDefender settings. So you can use the H_C Recommended Settings and press ConfigureDefender button to manage independently WD settings. But, if you will uninstall H_C this will restore Windows defaults by removing H_C restrictions and restoring default WD settings.
In the next H_C version the same will be true for FirewallHardening tool - for now, this tool is not yet integrated into H_C.
 
  • Like
Reactions: oldschool and harlan4096
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
1 have 1 feedback for Firewall hardening tool on Windows 8.1

on W8.1, Windows uses Explorer.exe for smartscreen checking. If explorer.exe is blocked, smartscreen will always "can't be reached"
that's the only problem :) if there is an option of ask if the user is using Windows 8/8.1 or not, it will be better for users
it took me 10mins to find out the culprit
 
  • Like
Reactions: simmerskool, oldschool, Gandalf_The_Grey and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
Evjl's Rain said:
1 have 1 feedback for Firewall hardening tool on Windows 8.1

on W8.1, Windows uses Explorer.exe for smartscreen checking. If explorer.exe is blocked, smartscreen will always "can't be reached"
that's the only problem :) if there is an option of ask if the user is using Windows 8/8.1 or not, it will be better for users
it took me 10mins to find out the culprit
Click to expand...
Thanks.:giggle:
I also noticed this issue some time ago (Windows 8 and 8.1) but did not research it. Yet, this issue is clearly evident from FirewallHardening <Blocked Events> log. I will remove Explorer.exe from LOLBins on Windows 8, 8.1 in the forthcoming version of H_C.(y)
 
Last edited:
  • Like
Reactions: simmerskool, Freki123, oldschool and 1 other person
paulderdash

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
Andy Ful said:
H_C settings from the main panel do not change ConfigureDefender settings. So you can use the H_C Recommended Settings and press ConfigureDefender button to manage independently WD settings. But, if you will uninstall H_C this will restore Windows defaults by removing H_C restrictions and restoring default WD settings.
In the next H_C version the same will be true for FirewallHardening tool - for now, this tool is not yet integrated into H_C.
Click to expand...
But just to confirm, ConfigureDefender (and button) being the separate (portable) download, right?
 
  • Like
Reactions: oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
paulderdash said:
But just to confirm, ConfigureDefender (and button) being the separate (portable) download, right?
Click to expand...
The button <ConfigureDefender> in H_C is not for downloading ConfigureDefender, but for running it.
ConfigureDefender executable is included in H_C installation, just as some other executables.
 
  • Like
Reactions: bribon77, Gandalf_The_Grey, harlan4096 and 1 other person
paulderdash

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
Andy Ful said:
The button <ConfigureDefender> in H_C is not for downloading ConfigureDefender, but for running it.
ConfigureDefender executable is included in H_C installation, just as some other executables.
Click to expand...
OK, apologies, maybe I'm just mentally-challenged but I have H_C 4.0.0.2 on one machine, and just do not see that <ConfigureDefender> button in H_C!
How do I get to it?
 
  • Like
Reactions: oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
paulderdash said:
OK, apologies, maybe I'm just mentally-challenged but I have H_C 4.0.0.2 on one machine, and just do not see that <ConfigureDefender> button in H_C!
How do I get to it?
Click to expand...
Are you sure?
216750
 
  • Like
Reactions: bribon77, oldschool, Gandalf_The_Grey and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
paulderdash said:
I am more than mentally challenged, in fact totally and utterly deranged!
Of course it's there :rolleyes: albeit 'greyed out' because there is another AV being used on that machine.
Click to expand...
Hey, slow down, overlooking a grey button on a grey background is no sign of mental deficiency. I think it was purposely designed to be hard to see when a 3rd party AV is active.
 
  • Like
  • HaHa
Reactions: Freki123, oldschool, harlan4096 and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Hi Andy, I saw blocks for explorer.exe in the firewall log. Attached. The destination IP seems to change every time.

EDIT: At first I thought it might be connected to the AV I was trying out (Kaspersky Free 2019) or some other recently installed software, so I imaged back to an earlier state, but the blocks are still coming.
Maybe it is connected to a new ISP-based content filtering service that I recently installed, it uses a system-level root certificate.
 

Attachments

  • Firewall.log
    336.5 KB · Views: 290
Last edited:
  • Like
Reactions: simmerskool, oldschool, silversurfer and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
  • Like
Reactions: Gandalf_The_Grey, silversurfer and shmu26

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,433
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,126
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top