- Jul 3, 2015
- 8,153
I just tried it with the update button, and it's easy as pie.
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
I set it to MAX to find out when I would stumble across a software that would create a block. Pure curiosity. (Also changed WD Sec Center to visible).
I went back from useraccount to admin account since lots of software I used seems to need admin and it started to get annoying
. Since I'm the only user I hope it will be ok
Last edited:
- Apr 28, 2015
- 271
Smooth as silk.
And also successfully blocking nags in 360 Total Security (Free) using new Firewall Hardening ...
360 Total Security - English
Yeah I noticed the updates wrern`t on par with the Total Security version. So what is it lacking then protection wise if it has 5 engines and a...
www.wilderssecurity.com
This soft rocks, Andy!
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Be careful with blocking processes related to AVs.Smooth as silk.
And also successfully blocking nags in 360 Total Security (Free) using new Firewall Hardening ...
360 Total Security - English
Yeah I noticed the updates wrern`t on par with the Total Security version. So what is it lacking then protection wise if it has 5 engines and a...
This soft rocks, Andy!
- Apr 28, 2015
- 271
I will probably just go to WD, simplest.Be careful with blocking processes related to AVs.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
I am testing Chromium Edge with "Code integrity guard" activated by WD Exploit Protection for browser executable msedge.exe (@Windows_Security suggestion).
I could install many browser extensions both from Microsoft Store and from Chrome Web Store - they work well, for now.
I do not test Edge, because with the Creators Update of Windows 10, it already uses Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG):
blogs.windows.com
I could install many browser extensions both from Microsoft Store and from Chrome Web Store - they work well, for now.
I do not test Edge, because with the Creators Update of Windows 10, it already uses Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG):
Mitigating arbitrary native code execution in Microsoft Edge
Some of the most important security features in modern web browsers are those that you never actually see as you browse the web. These security features work behind the scenes to protect you from browser-based vulnerabilities that could be abused by hackers to compromise your device or personal...
blogs.windows.com
Last edited:
- Mar 29, 2018
- 7,596
And why not, considering you're using H_C.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
It seems that msedge.exe on my computer, tries to load on startup the DLL from 7-ZIP (probably injected by 7-Zip application):I am testing Chromium Edge with "Code integrity guard" activated by WD Exploit Protection for browser executable msedge.exe (@Windows_Security suggestion).
I could install many browser extensions both from Microsoft Store and from Chrome Web Store - they work well, for now.
I do not test Edge, because with the Creators Update of Windows 10, it already uses Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG):
Mitigating arbitrary native code execution in Microsoft Edge
Some of the most important security features in modern web browsers are those that you never actually see as you browse the web. These security features work behind the scenes to protect you from browser-based vulnerabilities that could be abused by hackers to compromise your device or personal...
"Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge Dev\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\7-Zip\7-zip.dll that did not meet the Enterprise signing level requirements or violated code integrity policy."
I applied WD Application Control to allow only Windows and Microsoft Store executables (EXE, MSI, DLLs, etc.). The Error message above is related to Event Id 3077.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
I am trying to mimic the functionality of SRP + forced SmartScreen by using WD Application Control on Windows 10 Home ver. 1903. For now, I am using WDAC policies which work as follows:
PowerShell restrictions are similar to those in SRP (Constrained Language Mode).
Windows Script Host restrictions are similar to PowerShell restrictions, so the user can run VBS, JS, etc., scripts but the advanced functions and some COM objects are blocked.
In fact, this setup is very similar to the idea I had before creating H_C based on SRP.
There are some differences as compared to the current version of H_C:
- All drivers are allowed.
- All programs and DLLs are allowed in the SystemSpace (C:\Windows, C:\Program Files, C:\Program Files (x86) - except writable locations).
- All Windows Store Apps are allowed.
- All programs (EXE, MSI) and DLLs which are accepted by Microsoft as safe (Intelligent Security Graph Authorization) are allowed.
- All other programs (EXE, MSI) and DLLs are blocked (also .NET DLLs).
- PowerShell and Windows Script Host scripting is restricted.
- Whitelisting applications in UserSpace is not possible on Windows Home and Pro.
PowerShell restrictions are similar to those in SRP (Constrained Language Mode).
Windows Script Host restrictions are similar to PowerShell restrictions, so the user can run VBS, JS, etc., scripts but the advanced functions and some COM objects are blocked.
In fact, this setup is very similar to the idea I had before creating H_C based on SRP.
There are some differences as compared to the current version of H_C:
- No need to use the right-click Explorer context menu to check if the program is safe and next run the program.
- "Trust apps with good reputation" checks all applications (EXE, MSI) and loaded DLLs in the UserSpace, also those which were not downloaded from the Internet.
- "Trust apps with good reputation" is different from SmartScreen. Some applications can be accepted by SmartScreen but blocked by "Trust apps with good reputation", and vice versa.
- Windows Script Host scripting is restricted, as compared to SRP where it is blocked.
- The protection cannot be bypassed by the user when using "Run as administrator" or elevated shell (elevated CMD, elevated PowerShell, elevated Total Commander, etc.).
- The protection can be bypassed if the file triggered the SmartScreen check and was accepted by SmartScreen or the user bypassed the SmartScreen alert.
It also means that the protection can be bypassed by the user when using RunBySmartScreen, while in SRP the "Run as administrator" or "Run As SmartScreen" must be used. - Blocked programs and DLLs cannot be whitelisted in UserSpace.
Last edited:
- Mar 29, 2018
- 7,596
@Andy Ful and other H_C users: I don't see what in the previous version was the default, easy to load H_C W10 Recommended Settings in the new Beta version. Only Enhanced, etc. Should I revert to the previous version to get it or is it still available somehow with the new button configuration in the Beta?
- Aug 17, 2014
- 11,074
Looks fine here, all executable are still available!
You meant deleted by built-in browser protection (SmartScreen, Google Safe Browsing) during downloads?
Last edited:
- Apr 24, 2016
- 7,233
There is now 1 button for the Recommended Settings and an Recommended Enhanced profile to load. What exactly do you want to load?@Andy Ful and other H_C users: I don't see what in the previous version was the default, easy to load H_C W10 Recommended Settings in the new Beta version. Only Enhanced, etc. Should I revert to the previous version to get it or is it still available somehow with the new button configuration in the Beta?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Yes, this issue is present in Chromium Edge, where SmartScreen works differently from SmartScreen in native Edge. It is encouraging for people who want to download something not accepted by SmartScreen. I submitted this issue to Microsoft, and here is the answer:
"Hello Andy,
Thank you for your patience.
We investigated the issue you reported for Hard_Configurator beta downloaded from hxxps://github.com/AndyFul/Hard_Configurator/blob/master/Hard_Configurator_setup(x64)_beta_4.1.1.1.exe and hxxps://github.com/AndyFul/Hard_Configurator/blob/master/Hard_Configurator_setup(x86)_beta_4.1.1.1.exe. The warning you experienced indicates that the application has not yet established reputation within our system.
The certificate used to sign Hard_Configurator beta is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.
Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications. "
:emoji_pray:This answer is OK because that is how SmartScreen works.
The current behavior of SmartScreen in Chromium Edge is similar to the behavior of SmartScreen in native Edge on old Windows 10 systems. Now, the native Edge blocks only the known malicious applications, so Hard_Configurator installers are allowed without any alerts from native Edge. The software behavior consistency is not a strong point of Microsoft.
Last edited:
- Mar 24, 2016
- 43
I see, I saw that it was updated so I checked the commit history and saw this;
...But if all is good, disregard.
- Mar 29, 2018
- 7,596
I 'd like the "Recommended". I clicked the button but I got a message that I had done so in the wrong order or something, and was at risk of locking system.
Very concise & clear explanation.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
You have probably activated a profile with Allow EXE and RunBySmartScreen before applying the Recommended Settings (for example WIndows_10_MT_Windows_Security_hardening.hdc).
But if you accepted the changes, then the Recommended Settings have been applied.
It is all OK - these entries were uploaded/deleted for testing WD Application Control.
- Mar 29, 2018
- 7,596
You have probably activated a profile with Allow EXE and RunBySmartScreen before applying the Recommended Settings (for example WIndows_10_MT_Windows_Security_hardening.hdc).
But if you accepted the changes, then the Recommended Settings have been applied.
I previously had "Allow Exe" loaded and active, but may have selected some switches when I re-entered GUI later, prior to selected "Recommended". The warning refers to the old GUI with the Recommended SRP and Recommended Restrictions where the user makes a previous selection in the wrong order. Because these two buttons no longer exist I suggest this issue be addressed as it can cause confusion.
Also, has the user guide been updated.? I haven't read it.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
The profile is unloaded automatically when you load another profile or press <Recommended Settings>. You can load the profile All_Off.hdc to disable all H_C settings. The settings related to ConfigureDefender and Firewall Hardening are not changed. If you want to unload also these settings then use <Tools><Restore Windows Defaults> (works on H_C beta 4.1.1.1) or just do it from ConfigureDefender and Firewall Hardening.
- Mar 29, 2018
- 7,596
Very clear explanation. This would be perfect added to the manual just as written above. Still the best customer service in the business!
Similar threads
-
- Sticky
