blueblackwow65

Level 16
Verified
When you are using your PC as Admin (not a seperate basic user account) and use Windows Defender as antivirus, simple use this profile and you are good to go. It is not a Default Deny (it has a hole in it, but uses the whitelist of WD to protect this hole). You probably end up using a full default deny policy, but this is a good first step in using a whitelist in stead of blacklist approach.

How about if I am not using windows defender ?
 

oldschool

Level 32
Verified
How about if I am not using windows defender ?
It shouldn't be a problem, but I suggest reading here where using any AV is mentioned: Windows Defender - Using Hard_Configurator in HARDENEDmode with ConfigureDefender in HIGHEST protection on Windows10 And of course, reading the Help pages, User Manual and as much of H_C thread to learn more is also a good thing, though it is rather long now.

H_C's smart default deny "Recommended" settings are also pretty easy to use, or you may tweak H_C to default-allow according to your preferences. You don't have a Security Configuration posted so I'll restrict my answer to this for now.
 

Marana

Level 1
@Andy Ful I didn't find a separate thread about FirewallHardening tool, so I hope it is appropriate to ask about it here...

The tools seems to be working fine, but I'm curious about why the rules in the group "H_C Firewall Rules" are not shown when using the Binisoft Windows Firewall Control. It seems to me that WFC displays all other rules configured for Windows Firewall except those inserted by FirewallHardening(x64).exe...
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
@Andy Ful I didn't find a separate thread about FirewallHardening tool, so I hope it is appropriate to ask about it here...

The tools seems to be working fine, but I'm curious about why the rules in the group "H_C Firewall Rules" are not shown when using the Binisoft Windows Firewall Control. It seems to me that WFC displays all other rules configured for Windows Firewall except those inserted by FirewallHardening(x64).exe...
The rules are applied via Windows Policies. They cannot be removed/changed by using the Windows Firewall console. Binisoft Windows Firewall Control probably do not check firewall rules introduced via Windows Policies.
 

paulderdash

Level 4
Apologies for what is probably a dumb question so far down this thread, else just tell me to go RTFM!

I have scanned the manual, but is there a separate 'ConfigureDefender' panel within H_C, with the different modes, or ability to access the ConfigureDefender settings only, or is it generally built into the Recommended SRP and Restrictions (buttons).

I would want to run H_C at default, but Defender at 'High' ... is this easily achieved in H_C?
 
  • Like
Reactions: oldschool

Andy Ful

Level 45
Verified
Trusted
Content Creator
Apologies for what is probably a dumb question so far down this thread, else just tell me to go RTFM!

I have scanned the manual, but is there a separate 'ConfigureDefender' panel within H_C, with the different modes, or ability to access the ConfigureDefender settings only, or is it generally built into the Recommended SRP and Restrictions (buttons).

I would want to run H_C at default, but Defender at 'High' ... is this easily achieved in H_C?
H_C settings from the main panel do not change ConfigureDefender settings. So you can use the H_C Recommended Settings and press ConfigureDefender button to manage independently WD settings. But, if you will uninstall H_C this will restore Windows defaults by removing H_C restrictions and restoring default WD settings.
In the next H_C version the same will be true for FirewallHardening tool - for now, this tool is not yet integrated into H_C.
 

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
1 have 1 feedback for Firewall hardening tool on Windows 8.1

on W8.1, Windows uses Explorer.exe for smartscreen checking. If explorer.exe is blocked, smartscreen will always "can't be reached"
that's the only problem :) if there is an option of ask if the user is using Windows 8/8.1 or not, it will be better for users
it took me 10mins to find out the culprit
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
1 have 1 feedback for Firewall hardening tool on Windows 8.1

on W8.1, Windows uses Explorer.exe for smartscreen checking. If explorer.exe is blocked, smartscreen will always "can't be reached"
that's the only problem :) if there is an option of ask if the user is using Windows 8/8.1 or not, it will be better for users
it took me 10mins to find out the culprit
Thanks.:giggle:
I also noticed this issue some time ago (Windows 8 and 8.1) but did not research it. Yet, this issue is clearly evident from FirewallHardening <Blocked Events> log. I will remove Explorer.exe from LOLBins on Windows 8, 8.1 in the forthcoming version of H_C.(y)
 
Last edited:

paulderdash

Level 4
H_C settings from the main panel do not change ConfigureDefender settings. So you can use the H_C Recommended Settings and press ConfigureDefender button to manage independently WD settings. But, if you will uninstall H_C this will restore Windows defaults by removing H_C restrictions and restoring default WD settings.
In the next H_C version the same will be true for FirewallHardening tool - for now, this tool is not yet integrated into H_C.
But just to confirm, ConfigureDefender (and button) being the separate (portable) download, right?
 
  • Like
Reactions: oldschool

paulderdash

Level 4
The button <ConfigureDefender> in H_C is not for downloading ConfigureDefender, but for running it.
ConfigureDefender executable is included in H_C installation, just as some other executables.
OK, apologies, maybe I'm just mentally-challenged but I have H_C 4.0.0.2 on one machine, and just do not see that <ConfigureDefender> button in H_C!
How do I get to it?
 
  • Like
Reactions: oldschool

shmu26

Level 82
Verified
Trusted
Content Creator
I am more than mentally challenged, in fact totally and utterly deranged!
Of course it's there :rolleyes: albeit 'greyed out' because there is another AV being used on that machine.
Hey, slow down, overlooking a grey button on a grey background is no sign of mental deficiency. I think it was purposely designed to be hard to see when a 3rd party AV is active.
 

shmu26

Level 82
Verified
Trusted
Content Creator
Hi Andy, I saw blocks for explorer.exe in the firewall log. Attached. The destination IP seems to change every time.

EDIT: At first I thought it might be connected to the AV I was trying out (Kaspersky Free 2019) or some other recently installed software, so I imaged back to an earlier state, but the blocks are still coming.
Maybe it is connected to a new ISP-based content filtering service that I recently installed, it uses a system-level root certificate.
 

Attachments

Last edited: