Freki123

Level 6
Verified
By the way, why you use ConfigureDefender MAX settings?
I set it to MAX to find out when I would stumble across a software that would create a block. Pure curiosity. (Also changed WD Sec Center to visible).
I went back from useraccount to admin account since lots of software I used seems to need admin and it started to get annoying :D . Since I'm the only user I hope it will be ok:D
 
Last edited:

paulderdash

Level 4
I just tried it with the update button, and it's easy as pie.
Smooth as silk.

And also successfully blocking nags in 360 Total Security (Free) using new Firewall Hardening ...

This soft rocks, Andy!
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
Smooth as silk.

And also successfully blocking nags in 360 Total Security (Free) using new Firewall Hardening ...

This soft rocks, Andy!
Be careful with blocking processes related to AVs. :giggle:
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
I am testing Chromium Edge with "Code integrity guard" activated by WD Exploit Protection for browser executable msedge.exe (@Windows_Security suggestion).
I could install many browser extensions both from Microsoft Store and from Chrome Web Store - they work well, for now.
I do not test Edge, because with the Creators Update of Windows 10, it already uses Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG):
 
Last edited:

Andy Ful

Level 48
Verified
Trusted
Content Creator
I am testing Chromium Edge with "Code integrity guard" activated by WD Exploit Protection for browser executable msedge.exe (@Windows_Security suggestion).
I could install many browser extensions both from Microsoft Store and from Chrome Web Store - they work well, for now.
I do not test Edge, because with the Creators Update of Windows 10, it already uses Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG):
It seems that msedge.exe on my computer, tries to load on startup the DLL from 7-ZIP (probably injected by 7-Zip application):
"Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge Dev\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\7-Zip\7-zip.dll that did not meet the Enterprise signing level requirements or violated code integrity policy."

I applied WD Application Control to allow only Windows and Microsoft Store executables (EXE, MSI, DLLs, etc.). The Error message above is related to Event Id 3077.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
I am trying to mimic the functionality of SRP + forced SmartScreen by using WD Application Control on Windows 10 Home ver. 1903. For now, I am using WDAC policies which work as follows:
  1. All drivers are allowed.
  2. All programs and DLLs are allowed in the SystemSpace (C:\Windows, C:\Program Files, C:\Program Files (x86) - except writable locations).
  3. All Windows Store Apps are allowed.
  4. All programs (EXE, MSI) and DLLs which are accepted by Microsoft as safe (Intelligent Security Graph Authorization) are allowed.
  5. All other programs (EXE, MSI) and DLLs are blocked (also .NET DLLs).
  6. PowerShell and Windows Script Host scripting is restricted.
  7. Whitelisting applications in UserSpace is not possible on Windows Home and Pro.
The points 3. and 4. are related to "Trust apps with good reputation" (Microsoft Intune option). It works similarly to Kaspersky's Trusted Application Mode.

PowerShell restrictions are similar to those in SRP (Constrained Language Mode).
Windows Script Host restrictions are similar to PowerShell restrictions, so the user can run VBS, JS, etc., scripts but the advanced functions and some COM objects are blocked.

In fact, this setup is very similar to the idea I had before creating H_C based on SRP.
There are some differences as compared to the current version of H_C:
  1. No need to use the right-click Explorer context menu to check if the program is safe and next run the program.
  2. "Trust apps with good reputation" checks all applications (EXE, MSI) and loaded DLLs in the UserSpace, also those which were not downloaded from the Internet.
  3. "Trust apps with good reputation" is different from SmartScreen. Some applications can be accepted by SmartScreen but blocked by "Trust apps with good reputation", and vice versa.
  4. Windows Script Host scripting is restricted, as compared to SRP where it is blocked.
  5. The protection cannot be bypassed by the user when using "Run as administrator" or elevated shell (elevated CMD, elevated PowerShell, elevated Total Commander, etc.).
  6. The protection can be bypassed if the file triggered the SmartScreen check and was accepted by SmartScreen or the user bypassed the SmartScreen alert.
    It also means that the protection can be bypassed by the user when using RunBySmartScreen, while in SRP the "Run as administrator" or "Run As SmartScreen" must be used.
  7. Blocked programs and DLLs cannot be whitelisted in UserSpace.
In fact, all the productivity applications I use are accepted in this setup, so I did not need to whitelist anything. ConfigureDefender and H_C installers are also accepted as safe (but not by SmartScreen).
 
Last edited:

oldschool

Level 36
Verified
@Andy Ful and other H_C users: I don't see what in the previous version was the default, easy to load H_C W10 Recommended Settings in the new Beta version. Only Enhanced, etc. Should I revert to the previous version to get it or is it still available somehow with the new button configuration in the Beta? :emoji_thinking:
 

Gandalf_The_Grey

Level 21
Verified
@Andy Ful and other H_C users: I don't see what in the previous version was the default, easy to load H_C W10 Recommended Settings in the new Beta version. Only Enhanced, etc. Should I revert to the previous version to get it or is it still available somehow with the new button configuration in the Beta? :emoji_thinking:
There is now 1 button for the Recommended Settings and an Recommended Enhanced profile to load. What exactly do you want to load?
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
Looks fine here, all executable are still available!
You meant deleted by built-in browser protection (SmartScreen, Google Safe Browsing) during downloads?

View attachment 219403
Yes, this issue is present in Chromium Edge, where SmartScreen works differently from SmartScreen in native Edge. It is encouraging for people who want to download something not accepted by SmartScreen. I submitted this issue to Microsoft, and here is the answer:

"Hello Andy,
Thank you for your patience.

We investigated the issue you reported for Hard_Configurator beta downloaded from hxxps://github.com/AndyFul/Hard_Configurator/blob/master/Hard_Configurator_setup(x64)_beta_4.1.1.1.exe and hxxps://github.com/AndyFul/Hard_Configurator/blob/master/Hard_Configurator_setup(x86)_beta_4.1.1.1.exe. The warning you experienced indicates that the application has not yet established reputation within our system.

The certificate used to sign Hard_Configurator beta is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.

Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start.  For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications. "
:giggle::emoji_pray:

This answer is OK because that is how SmartScreen works.
The current behavior of SmartScreen in Chromium Edge is similar to the behavior of SmartScreen in native Edge on old Windows 10 systems. Now, the native Edge blocks only the known malicious applications, so Hard_Configurator installers are allowed without any alerts from native Edge. The software behavior consistency is not a strong point of Microsoft.
 
Last edited:

oldschool

Level 36
Verified
There is now 1 button for the Recommended Settings and an Recommended Enhanced profile to load. What exactly do you want to load?
I 'd like the "Recommended". I clicked the button but I got a message that I had done so in the wrong order or something, and was at risk of locking system.

This answer is OK because that is how SmartScreen works.
The current behavior of SmartScreen in Chromium Edge is similar to the behavior of SmartScreen in native Edge on old Windows 10 systems. Now, the native Edge blocks only the known malicious applications, so Hard_Configurator installers are allowed without any alerts from native Edge. The software behavior consistency is not a strong point of Microsoft.
Very concise & clear explanation.
 
  • Like
Reactions: bribon77

Andy Ful

Level 48
Verified
Trusted
Content Creator
I 'd like the "Recommended". I clicked the button but I got a message that I had done so in the wrong order or something, and was at risk of locking system.
...
You have probably activated a profile with Allow EXE and RunBySmartScreen before applying the Recommended Settings (for example WIndows_10_MT_Windows_Security_hardening.hdc).
But if you accepted the changes, then the Recommended Settings have been applied. (y)

I see, I saw that it was updated so I checked the commit history and saw this;

View attachment 219440

...But if all is good, disregard.
It is all OK - these entries were uploaded/deleted for testing WD Application Control.(y):giggle:
 

oldschool

Level 36
Verified
You have probably activated a profile with Allow EXE and RunBySmartScreen before applying the Recommended Settings (for example WIndows_10_MT_Windows_Security_hardening.hdc).
But if you accepted the changes, then the Recommended Settings have been applied. (y)
I previously had "Allow Exe" loaded and active, but may have selected some switches when I re-entered GUI later, prior to selected "Recommended". The warning refers to the old GUI with the Recommended SRP and Recommended Restrictions where the user makes a previous selection in the wrong order. Because these two buttons no longer exist I suggest this issue be addressed as it can cause confusion.

Also, has the user guide been updated.? I haven't read it.
 
Last edited:

Andy Ful

Level 48
Verified
Trusted
Content Creator
I previously had "Allow Exe" loaded. Is there a way to "unload" a profile?
The profile is unloaded automatically when you load another profile or press <Recommended Settings>. You can load the profile All_Off.hdc to disable all H_C settings. The settings related to ConfigureDefender and Firewall Hardening are not changed. If you want to unload also these settings then use <Tools><Restore Windows Defaults> (works on H_C beta 4.1.1.1) or just do it from ConfigureDefender and Firewall Hardening.
 

oldschool

Level 36
Verified
The profile is unloaded automatically when you load another profile or press <Recommended Settings>. You can load the profile All_Off.hdc to disable all H_C settings. The settings related to ConfigureDefender and Firewall Hardening are not changed. If you want to unload also these settings then use <Tools><Restore Windows Defaults> (works on H_C beta 4.1.1.1) or just do it from ConfigureDefender and Firewall Hardening.
Very clear explanation. This would be perfect added to the manual just as written above. Still the best customer service in the business! (y)(y)