Hard_Configurator - Windows Hardening Configurator

blueblackwow65

Level 23
Verified
Well-known
Dec 19, 2012
1,256
When you are using your PC as Admin (not a seperate basic user account) and use Windows Defender as antivirus, simple use this profile and you are good to go. It is not a Default Deny (it has a hole in it, but uses the whitelist of WD to protect this hole). You probably end up using a full default deny policy, but this is a good first step in using a whitelist in stead of blacklist approach.

How about if I am not using windows defender ?
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,701
How about if I am not using windows defender ?

It shouldn't be a problem, but I suggest reading here where using any AV is mentioned: Windows Defender - Using Hard_Configurator in HARDENEDmode with ConfigureDefender in HIGHEST protection on Windows10 And of course, reading the Help pages, User Manual and as much of H_C thread to learn more is also a good thing, though it is rather long now.

H_C's smart default deny "Recommended" settings are also pretty easy to use, or you may tweak H_C to default-allow according to your preferences. You don't have a Security Configuration posted so I'll restrict my answer to this for now.
 

Marana

Level 1
Verified
Jan 21, 2018
48
@Andy Ful I didn't find a separate thread about FirewallHardening tool, so I hope it is appropriate to ask about it here...

The tools seems to be working fine, but I'm curious about why the rules in the group "H_C Firewall Rules" are not shown when using the Binisoft Windows Firewall Control. It seems to me that WFC displays all other rules configured for Windows Firewall except those inserted by FirewallHardening(x64).exe...
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
@Andy Ful I didn't find a separate thread about FirewallHardening tool, so I hope it is appropriate to ask about it here...

The tools seems to be working fine, but I'm curious about why the rules in the group "H_C Firewall Rules" are not shown when using the Binisoft Windows Firewall Control. It seems to me that WFC displays all other rules configured for Windows Firewall except those inserted by FirewallHardening(x64).exe...
The rules are applied via Windows Policies. They cannot be removed/changed by using the Windows Firewall console. Binisoft Windows Firewall Control probably do not check firewall rules introduced via Windows Policies.
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
Apologies for what is probably a dumb question so far down this thread, else just tell me to go RTFM!

I have scanned the manual, but is there a separate 'ConfigureDefender' panel within H_C, with the different modes, or ability to access the ConfigureDefender settings only, or is it generally built into the Recommended SRP and Restrictions (buttons).

I would want to run H_C at default, but Defender at 'High' ... is this easily achieved in H_C?
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Apologies for what is probably a dumb question so far down this thread, else just tell me to go RTFM!

I have scanned the manual, but is there a separate 'ConfigureDefender' panel within H_C, with the different modes, or ability to access the ConfigureDefender settings only, or is it generally built into the Recommended SRP and Restrictions (buttons).

I would want to run H_C at default, but Defender at 'High' ... is this easily achieved in H_C?
H_C settings from the main panel do not change ConfigureDefender settings. So you can use the H_C Recommended Settings and press ConfigureDefender button to manage independently WD settings. But, if you will uninstall H_C this will restore Windows defaults by removing H_C restrictions and restoring default WD settings.
In the next H_C version the same will be true for FirewallHardening tool - for now, this tool is not yet integrated into H_C.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
1 have 1 feedback for Firewall hardening tool on Windows 8.1

on W8.1, Windows uses Explorer.exe for smartscreen checking. If explorer.exe is blocked, smartscreen will always "can't be reached"
that's the only problem :) if there is an option of ask if the user is using Windows 8/8.1 or not, it will be better for users
it took me 10mins to find out the culprit
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
1 have 1 feedback for Firewall hardening tool on Windows 8.1

on W8.1, Windows uses Explorer.exe for smartscreen checking. If explorer.exe is blocked, smartscreen will always "can't be reached"
that's the only problem :) if there is an option of ask if the user is using Windows 8/8.1 or not, it will be better for users
it took me 10mins to find out the culprit
Thanks.:giggle:
I also noticed this issue some time ago (Windows 8 and 8.1) but did not research it. Yet, this issue is clearly evident from FirewallHardening <Blocked Events> log. I will remove Explorer.exe from LOLBins on Windows 8, 8.1 in the forthcoming version of H_C.(y)
 
Last edited:

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
H_C settings from the main panel do not change ConfigureDefender settings. So you can use the H_C Recommended Settings and press ConfigureDefender button to manage independently WD settings. But, if you will uninstall H_C this will restore Windows defaults by removing H_C restrictions and restoring default WD settings.
In the next H_C version the same will be true for FirewallHardening tool - for now, this tool is not yet integrated into H_C.
But just to confirm, ConfigureDefender (and button) being the separate (portable) download, right?
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
But just to confirm, ConfigureDefender (and button) being the separate (portable) download, right?
The button <ConfigureDefender> in H_C is not for downloading ConfigureDefender, but for running it.
ConfigureDefender executable is included in H_C installation, just as some other executables.
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
The button <ConfigureDefender> in H_C is not for downloading ConfigureDefender, but for running it.
ConfigureDefender executable is included in H_C installation, just as some other executables.
OK, apologies, maybe I'm just mentally-challenged but I have H_C 4.0.0.2 on one machine, and just do not see that <ConfigureDefender> button in H_C!
How do I get to it?
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
OK, apologies, maybe I'm just mentally-challenged but I have H_C 4.0.0.2 on one machine, and just do not see that <ConfigureDefender> button in H_C!
How do I get to it?
Are you sure?
216750
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I am more than mentally challenged, in fact totally and utterly deranged!
Of course it's there :rolleyes: albeit 'greyed out' because there is another AV being used on that machine.
Hey, slow down, overlooking a grey button on a grey background is no sign of mental deficiency. I think it was purposely designed to be hard to see when a 3rd party AV is active.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Hi Andy, I saw blocks for explorer.exe in the firewall log. Attached. The destination IP seems to change every time.

EDIT: At first I thought it might be connected to the AV I was trying out (Kaspersky Free 2019) or some other recently installed software, so I imaged back to an earlier state, but the blocks are still coming.
Maybe it is connected to a new ISP-based content filtering service that I recently installed, it uses a system-level root certificate.
 

Attachments

  • Firewall.log
    336.5 KB · Views: 298
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top