shmu26

Level 82
Verified
Trusted
Content Creator
I did not test (on Windows 1903 and 1809) if this issue will vanish after removing Child Account restrictions. In theory, the issue can be persistent. Please, let me know if the SRP functionality has been recovered.(y)
So I left Microsoft Family, and SRP did not start working again, even after a reboot. I reinstalled SRP, and still no go.
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
So I left Microsoft Family, and SRP did not start working again, even after a reboot. I reinstalled SRP, and still no go.
I made some preliminary tests. After making child account and accepting by the child the parental control, SRP does not work properly. It is not related to SRP settings so reinstalling SRP does not help. Also removing Child Account does not help. It is a frustrating bug. I will try to analyze the registry changes (it will take some time).(y)
 

shmu26

Level 82
Verified
Trusted
Content Creator
I made some preliminary tests. After making child account and accepting by the child the parental control, SRP does not work properly. It is not related to SRP settings so reinstalling SRP does not help. Also removing Child Account does not help. It is a frustrating bug. I will try to analyze the registry changes (it will take some time).(y)
Thanks.
I did things a little differently. I added my regular admin Microsoft account, with my true birth date, as a "child" into a different Microsoft account. My goal was to have anti-porn filtering in Edge browser. When I saw it was problematic, I removed myself from the "family".

I am also wondering if this child account thing is making the update from 1809 to 1903 to fail. I did the upgrade successfully one time, but when I restored a 1809 system image, now I can't upgrade anymore. It is the only significant change I can think of between then and now.
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
Hard_Configurator ver. 5.0.0.0 (new version)

For Windows 64-bit:
https://github.com/AndyFul/Hard_Configurator/blob/master/Hard_Configurator_setup(x64)_5.0.0.0.exe
For Windows 32-bit: https://github.com/AndyFul/Hard_Configurator/blob/master/Hard_Configurator_setup(x86)_5.0.0.0.exe

What is new in
ver. 5.0.0.0 ?
1. Added the new version of ConfigureDefender with additional ASR rule: "Block persistence through WMI event subscription".
2. Minor bugs corrected.
3. H_C executables are accepted by SmartScreen.
:giggle: (y)
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
It will update from the update button in the GUI?
Yes. :giggle:
Update or is a clean install required? And thank you @Andy Ful HC saves me so much time and it's helped me with family members systems. Have you got a donation page?
A clean install is not required. Just use the <Update> button and consider if you need the added features.
I have a Code Signing certificate valid to July 2020. For now, I did not have a donation page. I will see in next year if a donation will be necessary.(y)
 

blueblackwow65

Level 17
Verified
Hi I might be trying version 5 quick config I would think is best,I have Norton with VS and Comodo firewall, what do I need to get rid of if anything/ Thks
 
  • Like
Reactions: Andy Ful

ZeroDay

Level 28
Verified
Malware Tester
Yes. :giggle:

A clean install is not required. Just use the <Update> button and consider if you need the added features.
I have a Code Signing certificate valid to July 2020. For now, I did not have a donation page. I will see in next year if a donation will be necessary.(y)
Thank you. And I think you should set up a donation page, I know everyone here really appreciates your work, time and effort. Update went perfectly, thanks again.

Hi I might be trying version 5 quick config I would think is best,I have Norton with VS and Comodo firewall, what do I need to get rid of if anything/ Thks
Comodo, norton already has a firewall. Keeping VS won't hurt.
 

ZeroDay

Level 28
Verified
Malware Tester
I have no firewall with this version of norton.Thks
Then I'd get rid of VD. VD+CF is overkill add Norton into the mix and all you're doing is increasing your attack surface. Norton AV and Just Comodo firewall at CS settings is more than enough. Add HC to that and you don't need anything else at all. You'd be fine with just Norton and Hard Configuration. Your current setup is too much and puts your more at risk if anything.
 

oldschool

Level 34
Verified
Hi I might be trying version 5 quick config I would think is best,I have Norton with VS and Comodo firewall, what do I need to get rid of if anything/ Thks
@andy is correct. You are over-thinking this. You have a number of possibilities, none of which include all or most of these softs. Please post your questions about security configurations on your config. thread or open a new thread. Thank you!
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
Hi I might be trying version 5 quick config I would think is best,I have Norton with VS and Comodo firewall, what do I need to get rid of if anything/ Thks
Such a setup is common among many MT users. But, look at the below thread:
:giggle:(y)

Anyway, you can use your current setup if you like it. I used a similar setup a few years ago.
As @oldschool have said, it is better to open a thread about your config. (y)
 
Last edited:

Andy Ful

Level 46
Verified
Trusted
Content Creator
I looked at the test made by devjit2018 with F-Secure SAFE 17.7 with Hard_Configurator Firewall Rules (FirewallHardening option):
It seems that F-Secure missed only the 4.js malware, which is similar to the sample analyzed by Dr.Web vxCube: https://www.virustotal.com/ui/file_behaviours/151691e449047156af81357903207a74067e5a602f6c734da32144b2a7d51f7b_Dr.Web vxCube/html
From this analysis, it follows that the malware got persistence (can be easily removed). Furthermore, some Internet connections of PowerShell were blocked by FirewallHardening rules. But one connection was realized via svchost.exe which cannot be blocked, because many legal processes use svchost.exe connections. This malicious process probably bypassed protection. The infection can be easily identified by analyzing the blocked connections in the FirewallHardening Log.

Of course, the 4.js malware would be blocked by H_C settings (either Allow EXE or Recommended settings).
 
Last edited: