Hard_Configurator - Windows Hardening Configurator

[oldschool]

H_C works as usual.

It turns out it was user error. I forgot to remove LNK files from designated file types. I have to get re-familiarized with SRP.

 

[Kerneli]

Is there Windows 11 23H2 support coming? Or what else would be good free alternative besides Hard configurator as cannot use it with my Win11 23H2...

 

[Andy Ful]

Is there Windows 11 23H2 support coming? Or what else would be good free alternative besides Hard configurator as cannot use it with my Win11 23H2...

H_C works on Windows 11 23H2.

 

[Azazel]

Hello @Andy Ful ,
I have a question.
Is "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" a robust protective rule or are there non-sophisticated ways it can be easily bypassed?

 

[oldschool]

Is "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" a robust protective rule

Yes it is. It's equivalent to Avast hardened mode.

 

[n8chavez]

Hello @Andy Ful ,
I have a question.
Is "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" a robust protective rule or are there non-sophisticated ways it can be easily bypassed?

I've found that particular option being more trouble then it's worth; in essence creating a lockdown mode where EVERYTHING new-ish needs to be whitelisted in order to run.

 

[oldschool]

I've found that particular option being more trouble then it's worth; in essence creating a lockdown mode where EVERYTHING new-ish needs to be whitelisted in order to run.

OTOH, I've had no problems whatsoever. It just depends on one's situation.

 

[n8chavez]

Really? Well, curiouser and curiouser. I've had nothing but problems. But I always automate things via scripting and always update my software.

 

[Andy Ful]

Really? Well, curiouser and curiouser. I've had nothing but problems. But I always automate things via scripting and always update my software.

Yes, It can block new installations/updates with low prevalence. The block disappears after about 2 days. One can use that ASR rule set to Warn to avoid most problems.
Of course, it will be inconvenient when one has many applications that auto-update frequently. That is why it is not included in ConfigureDefender HIGH settings.

 

[n8chavez]

Yes, It can block new installations/updates with low prevalence. The block disappears after about 2 days. One can use that ASR rule set to Warn to avoid most problems.
Of course, it will be inconvenient when one has many applications that auto-update frequently. That is why it is not included in ConfigureDefender HIGH settings.

Don't get me wrong; I'm not in any way, shape or form saying that you or Hard Configurator is bad. I just mean that particular ASR option doesn't fit my needs, for reasons you mentioned. My opinion, this or @danb's Configure Defender should be on every system without exception.

 

[Andy Ful]

I just mean that particular ASR option doesn't fit my needs, for reasons you mentioned.

Yes, I know.
Anyway, I do not think that you need H_C or ConfigureDefender. For many MT members, any advanced protection is a kind of insurance, learning, or fun.

 

[ForgottenSeer 109138]

Yes, I know.
Anyway, I do not think that you need H_C or ConfigureDefender. For many MT members, any advanced protection is a kind of insurance, learning, or fun.

No way, you didn't just contradict yourself here did you, an advanced application is for fun and learning yet so easy a typical users can use them correct. Its not like they could misconfigure into vulnerability.

 

[ForgottenSeer 109138]

If I understand correctly, Sponsors=LOLBins?

I'm thinking of @oldschool configuration.If Sponsors=LOLBins, FirewallHardening ADD LOLBins can be obtained in this way too?

1. Press <Load Profile> and choose All_OFF.hdc
2. Press <(Re)Install SRP>
3. Press <Block Sponsors> <Select All>
4. Apply changes.

There are 178 in total.

Is one better than the other? It is better to block LOLBins from FirewallHardening or Sponsors this way. LOLBins contain the same number?

Its lack of understanding the operating system and how it works, combined with a lack of understanding of the software that can cause issue Andy, how easy would it be to misconfigure something you don't understand. I can pull posts from this thread all day long demonstrating this if you would like, since you trashed my thread stating otherwise.

 

[ForgottenSeer 109138]

If you are using this software for fun or learning do become aware of the products disclaimer. Any damage you do to your system or any other issues that may arise are solely the responsibility of the user. The developer that pushes this software as so easy to use, is not responsible once you install his product. If you are not knowledgeable of windows process and procedures or familiar with default deny I would not recommend taking this chance. You are better off using a Security Suit.

Disclaimer of Warranty
THIS SOFTWARE IS DISTRIBUTED "AS IS". NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED. YOU USE IT AT YOUR OWN RISK. THE AUTHOR WILL NOT BE LIABLE FOR DATA LOSS, DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING THIS SOFTWARE.

Distribution
These tools may be freely distributed as long as no modification is made to it.

Andrzej Pluta (@Andy Ful)

 

[Andy Ful]

No way, you didn't just contradict yourself here did you, an advanced application is for fun and learning yet so easy a typical users can use them correct. Its not like they could misconfigure into vulnerability.

There is no contradiction. The H_C is mainly intended for advanced users to apply Windows built-in restrictions on the computers of inexperienced users (no MT members).
MT members can use H_C on personal computers if they want, but often it is not necessary for security reasons. I guess that they often like to use it as a kind of insurance, learning, or fun.

 

[Andy Ful]

Its lack of understanding the operating system and how it works, combined with a lack of understanding of the software that can cause issue Andy, how easy would it be to misconfigure something you don't understand. I can pull posts from this thread all day long demonstrating this if you would like,

I am not sure what to say. H_C is a tool for advanced users, but there can be users who want to experiment with settings.
Anyway, you are wrong when thinking that such experiments will do something dangerous to the system. Even with the most restricted setup we have:

1. During the installation, the user is prompted to do a System Restore Point.
2. SRP restrictions do not restrict local Administrators and processes running with high privileges.
3. SystemSpace is always whitelisted (%WinDir%, %ProgramFiles%, etc.)
4. H_C can be started even with the most restrictive setup, so the user can always change the setup.
5. The Recommended Settings can be restored with one click.

By the way, I am sorry that your thread has been closed. I did not ask the staff for that (and did not report anything), even when your posts became too personal.

 

[Andy Ful]

If you are using this software for fun or learning do become aware of the products disclaimer. Any damage you do to your system or any other issues that may arise are solely the responsibility of the user. The developer that pushes this software as so easy to use, is not responsible once you install his product. If you are not knowledgeable of windows process and procedures or familiar with default deny I would not recommend taking this chance. You are better off using a Security Suit.

You know that this is a standard disclaimer for open-source & free software. This disclaimer is displayed during installation, so users are informed without your warning. As you can see the disclaimer intends to discourage inexperienced users. I already explained it to you in another thread. It seems that you start trolling this thread.
Hard_Configurator has been here for several years and does not produce much trouble.

 

[vtqhtr413]

You can't figure for ever person Andy, I appreciate you.

 

[SirJon]

Thank you Andy for all your hard work. It is appreciated.

 

[Kwan ST]

Hello all, since Windows 11 IoT Enterprise LTSC has recently been available I was wondering if I can use Hard Configurator on that OS.
Has anybody tried it already? Thanks