- Jul 3, 2015
- 8,153
Sounds a little bit like an amalgam of sites I visit and services I use. netfree is my content filter service, matzav is a news site I visit, bezeq is an Israeli phone service, etc.
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,491
Why do some of them use explorer.exe (like matzav)? Are they installed in the system (outside the browser)?
- Jul 3, 2015
- 8,153
No, matzav is not installed. I asked Netfree for an explanation, but they don't seem to understand what I want. I sent them the log, and they replied that they need to see a screenshot of the "problem". I don't know what to send them.
- Jul 3, 2015
- 8,153
Just now someone higher up answered me and says it has nothing to do with Netfree.No, matzav is not installed. I asked Netfree for an explanation, but they don't seem to understand what I want. I sent them the log, and they replied that they need to see a screenshot of the "problem". I don't know what to send them.
In any case, I don't experience any difference whether I block explorer.exe or allow explorer.exe. Either way, everything works.
- Jul 3, 2015
- 8,153
@Andy Ful how can I make my firewall rules survive a major Windows update? I just updated to May 2019, and your rules survived, but mine didn't...
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,491
FirewallHardening uses Windows Policies to apply firewall rules. Did you apply your own rules via Windows Firewall Advanced Settings or via FirewallHardening tool?
- Jul 3, 2015
- 8,153
- Apr 24, 2016
- 7,235
I see a new beta of Hard_Configurator: beta ver. 4.1.1.1:
github.com
What is the recommended way to install this version and get all the recommended settings?
For now I just installed over the existing version and clicked "Recommended Settings", ConfigureDefender on High and Firewall hardening at Recommended H_C. After that "Apply changes" and logoff.
GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS
GUI to Manage Software Restriction Policies and harden Windows Home OS - AndyFul/Hard_Configurator
github.com
For now I just installed over the existing version and clicked "Recommended Settings", ConfigureDefender on High and Firewall hardening at Recommended H_C. After that "Apply changes" and logoff.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,491
You have preempted my intent to publish Hard_Configurator beta 4.1.1.1 tomorrow.
If you changed ConfigureDefender or FirewallHardening settings, then rebooting the computer is required.
If you changed ConfigureDefender or FirewallHardening settings, then rebooting the computer is required.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,491
Hard_Configurator beta ver. 4.1.1.1
For Windows 64-bit: AndyFul/Hard_Configurator
For Windows 32-bit: AndyFul/Hard_Configurator
This beta version was created to strengthen the Allow-Exe setup. I added three security features:
The example of the Allow-Exe profile is WIndows_10_MT_Windows_Security_hardening, which was discussed here: Windows Defender - Using Hard_Configurator in HARDENEDmode with ConfigureDefender in HIGHEST protection on Windows10
The full changelog:
Version 4.1.1.1
For Windows 64-bit: AndyFul/Hard_Configurator
For Windows 32-bit: AndyFul/Hard_Configurator
This beta version was created to strengthen the Allow-Exe setup. I added three security features:
- FirewallHardening tool.
- <ValidateAdminCodeSignatures> option (available on Windows 8+).
- <Paranoid Extensions> option (over 250 protected file extensions).
The example of the Allow-Exe profile is WIndows_10_MT_Windows_Security_hardening, which was discussed here: Windows Defender - Using Hard_Configurator in HARDENEDmode with ConfigureDefender in HIGHEST protection on Windows10
The full changelog:
Version 4.1.1.1
- Added, "Paranoid Extensions" (259 potentially dangerous file type extensions).
- Added FirewallHardening tool, which blocks by Windows Firewall many LOLBins and allows the user to block any application.
- Removed explorer.exe paths from FirewallHardening LOLBins on Windows 8 and 8.1., for compatibility with SmartScreen.
- Two buttons <Recommended SRP> and <Recommended Restrictions> are replaced by one green button <Recommended Settings>.
- Reorganization of buttons: the violet buttons <Firewall Hardening> and <ConfigureDefender> are now located in the upper part of the main window.
The button <No Removable Disks Exec.> was replaced by the new option button <Validate Admin Code Signatures> (see point 7). - If Default Deny Protection is turned OFF by 'Switch Default Deny' tool, then "Run By SmartScreen" option is automatically enabled in Explorer context menu. It can be used for installing safely the applications both on Administrator and Standard User type of accounts.
- Added the option <Validate Admin Code Signatures> which changes the UAC settings to enforce cryptographic signatures on any interactive application that requests elevation of privilege. This setting will prevent the user to run from Explorer the applications which require Administrative rights but are not digitally signed.
- Added the profile "Windows_10_MT_Windows_Security_hardening.hdc" which uses the new option <Validate Admin Code Signatures>.
- The option <Restore Windows Defaults> does restore also Windows Defender defaults and removes FirewallHardening Outbound block rules.
- All Hard-Configurator native executables are digitally signed by SHA256 certificate (Certum Code Signing CA SHA2).
Last edited:
- Jul 3, 2015
- 8,153
Already installed. Thanks, Andy, for the hard work and the great product!
I really like the ability to toggle ValidateAdminCodeSignatures with a mouse click. That makes it much more practical.
Great work Andy, installed yesterday using new:
Two buttons <Recommended SRP> and <Recommended Restrictions> are replaced by one green button <Recommended Settings>
I've seen no issues thus far.
Thanks for your work. Now a user for over 18 months on four computers.
Two buttons <Recommended SRP> and <Recommended Restrictions> are replaced by one green button <Recommended Settings>
I've seen no issues thus far.
Thanks for your work. Now a user for over 18 months on four computers.
- Aug 17, 2014
- 11,074
- Mar 29, 2018
- 7,596
Looking great @Andy Ful. Some nice changes, especially the Paranoid option. It should be a big hit with the paranoid members!
Currently using H_C along with MBAE and Windows Defender on Windows 8.1 (default web browser is Chrome). I'm not sure it's enough, though. I was thinking of adding OSArmor, but then I read that adding OSA to H_C is not such a good idea. Instead, I'm thinking of replacing Windows Defender with FortiClient 6.0 (tweaked). Any thoughts?
By the way, the reason I'm thinking about changing things on that system is that something odd (and suspicious) recently happened. Windows Defender was found to have been turned off. And then, while trying to fix that problem, a second discovery was made -- in Windows Update, someone or something had hidden the most recent important updates. I haven't yet had a chance to closely examine that system (it's a remote machine), but hopefully I'll have a better idea of what happened in a few days.
Phil
By the way, the reason I'm thinking about changing things on that system is that something odd (and suspicious) recently happened. Windows Defender was found to have been turned off. And then, while trying to fix that problem, a second discovery was made -- in Windows Update, someone or something had hidden the most recent important updates. I haven't yet had a chance to closely examine that system (it's a remote machine), but hopefully I'll have a better idea of what happened in a few days.
Phil
- Jul 3, 2015
- 8,153
If you update to Windows 10 1903, you will have Tamper protection for Windows Defender. Then, nothing can turn it off or mess with its settings.
IMHO Windows Defender, with the tweaks available in H_C, is very strong protection. You can complain about FPs if you run WD at high settings, but you can't complain about protection
The max settings of the old 4.0.1.0 really keep windows safe View attachment 217717
View attachment 217717
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,491
...
But, the new version can be installed (even with ConfigureDefender MAX settings) by using the <Update> button from H_C panel.
We must wait a few weeks until SmartScreen will accept H_C installers.The max settings of the old 4.0.1.0 really keep windows safe
But, the new version can be installed (even with ConfigureDefender MAX settings) by using the <Update> button from H_C panel.
Thanks I completely forgot that update works for beta and not only stable versions. Thanks a lotBut, the new version can be installed (even with ConfigureDefender MAX settings) by using the <Update> button from H_C panel.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,491
By the way, why you use ConfigureDefender MAX settings? I intended these settings for casual users in the first place. That is why SmartScreen settings are set to Block (no user bypass) and the WD Security Center (now called Windows Security) are hidden. Non-casual users can set SmartScreen settings to "Warn" and unhide WD Security Center.Thanks I completely forgot that update works for beta and not only stable versions. Thanks a lot
Most users can just use HIGH settings.
Similar threads
-
- Sticky
