Hard_Configurator - Windows Hardening Configurator

rashmi said:
I retested the H_C deinstallation feature and got the same results. I then reinstalled H_C and configured it the same as before. After restarting the system, I disabled H_C protections and could successfully execute the refresh group policy command.
This time, I chose "Restore Windows Defaults" and closed the window. I then reopened H_C and clicked "No" for all configurations, deinstalled H_C, and restarted the system. I could successfully execute the refresh group policy command.
It appears the H_C deinstallation feature is corrupting group policy or not properly restoring Windows defaults.
Click to expand...

Thanks. Bug confirmed. It will be fixed in the next version soon.(y)
 
  • Like
Reactions: rashmi and Gandalf_The_Grey
rashmi said:
Are your tools compatible with Administrative Templates for Windows 11 24H2? Just for a test, I replaced the "PolicyDefinitions" folder with the 24H2 one. I installed H_C, CD, and FH, and it appears the tools are functioning well.
Click to expand...

malwaretips.com

Serious Discussion - WHHLight - simplified application control for Windows Home and Pro.

I vaguely recall seeing something about avoiding group policy configuration in forum threads or help files. Can I set up group policy while using WHHLight (SWH, SS, WDAC, CD, FH, DAE) on the system? Group Policies (GPO) work on Windows Pro and some other editions (not on Windows Home). You can...
malwaretips.com malwaretips.com
 
  • Like
Reactions: rashmi, Gandalf_The_Grey and dronefox1166
rashmi said:
@Andy Ful, Are any of your tools compatible with the child account/Microsoft Family Safety?
Click to expand...

I noticed that some features of Microsoft Family Safety can apply AppLocker policies (not via GPO). So, after applying/changing any Microsoft Family Safety settings, you should run WHHLight or H_C. You will see the alert if there are some incompatibilities.
 
  • Thanks
Reactions: rashmi
I am testing McAfee and Hard configurator with recommended enhance in a VM and cannot manage to launch Mcafee and keep getting this alert even when i whitelist it. Any idea what I am doing wrong?

Access to \\?\C:\Program Files\McAfee\wps\1.33.152.1\mc-web-view.exe has been restricted by your Administrator by the default software restriction policy level.
 
  • Like
Reactions: rashmi and Andy Ful
SHvFl said:
I am testing McAfee and Hard configurator with recommended enhance in a VM and cannot manage to launch Mcafee and keep getting this alert even when i whitelist it. Any idea what I am doing wrong?

Access to \\?\C:\Program Files\McAfee\wps\1.33.152.1\mc-web-view.exe has been restricted by your Administrator by the default software restriction policy level.
Click to expand...

You must use Whitelist By Path >>Add Path*Wildcards, and paste the full path \\?\C:\Program Files\McAfee
Do not use quotes!
Some process wants to start mc-web-view.exe from C:\Program Files by using UNC path, with \\?\ in the beginning, but only standard paths are whitelisted (C:\Program Files).
 
Last edited:
  • Like
Reactions: rashmi
Andy Ful said:
You must use Whitelist By Path >>Add Path*Wildcards, and paste the full path \\?\C:\Program Files\McAfee
Do not use quotes!
Some process wants to start mc-web-view.exe from C:\Program Files by using UNC path, with \\?\ in the beginning, but only standard paths are whitelisted (C:\Program Files).
Click to expand...
Thank you. I did not try to whitelist the path as I didn't understand that only standard paths are whitelisted.
 
  • Like
Reactions: Khushal, Andy Ful and simmerskool
rashmi said:
The Windows 25H2 release has its version of Group Policy. Is there anything I need to do with H_C after the 25H2 installation on Windows 11 Pro?
Click to expand...

Run H_C to see if the settings are OK. Do not use GPO or follow the advice from "SOFTWARE INCOMPATIBILITIES" (see H_C manual).(y)
 
  • +Reputation
  • Thanks
  • Like
Reactions: simmerskool, rashmi and Khushal
I created a "Grade 7" folder on the "D—Data Partition" with the folder's shortcut on the desktop and instructed the kids to keep only files from school in the folder. I whitelisted (by path) the "Grade 7" folder in H_C. Kids receive image, video, MS Office, and PDF files for homework and projects. Recently, they received nearly 20 MS Office files with RTF and CSV extensions, which H_C blocked. Moving the files to the Grade 7 folder allowed their execution. I whitelisted the main "Grade 7" folder, as kids frequently move or arrange files and folders within it. @Andy Ful, is it fine, or do you have any suggestions?

Windows 11 Pro
Hard_Configurator Recommended Settings (Hide "Run As Administrator" ON)
Configure Defender Recommended "High" Settings ("SmartScreen" Block)
Firewall Hardening Recommended H_C
MS Office Professional 2021 (Word, Excel, PowerPoint, and Access)
PDF Reader Pro
 
Last edited:
  • Like
Reactions: simmerskool and Andy Ful
rashmi said:
I created a "Grade 7" folder on the "D—Data Partition" with the folder's shortcut on the desktop and instructed the kids to keep only files from school in the folder. I whitelisted (by path) the "Grade 7" folder in H_C. Kids receive image, video, MS Office, and PDF files for homework and projects. Recently, they received nearly 20 MS Office files with RTF and CSV extensions, which H_C blocked. Moving the files to the Grade 7 folder allowed their execution. I whitelisted the main "Grade 7" folder, as kids frequently move or arrange files and folders within it. @Andy Ful, is it fine, or do you have any suggestions?
Click to expand...

It depends on how reputable the files from school are and how responsible the children are.
If you are not sure, then instead of whitelisting the whole folder (and subfolders), you can whitelist only RTF and CSV files in this folder and its subfolders.

Example of rules for subfolders:
D:\Grade 7\*.rtf
D:\Grade 7\*.csv
D:\Grade 7\*\*.rtf
D:\Grade 7\*\*.csv
D:\Grade 7\*\*\*.rtf
D:\Grade 7\*\*\*.csv

etc., if deeper subfolders are required.
 
  • +Reputation
  • Thanks
Reactions: rashmi and simmerskool
@rashmi

Which restrictions do you use for MS Office on children's computers?
What is the source of documents (flash drive, Internet)?
 
  • +Reputation
  • Like
Reactions: rashmi and simmerskool
Andy Ful said:
It depends on how reputable the files from school are and how responsible the children are.
Click to expand...
The kids follow my instructions, and the files should be safe. The teachers create these files, which primarily comprise questions, fields for answers, details about projects or articles, and similar content.

Andy Ful said:
Which restrictions do you use for MS Office on children's computers?
What is the source of documents (flash drive, Internet)?
Click to expand...
Adobe + VBA. I do not use the separate document tool.
The kids have Gmail accounts from school. They receive attachments or access Google Drive for files.
 
  • Like
Reactions: simmerskool and Andy Ful
rashmi said:
Man, I'm seriously bored with Hard_Configurator Tools—nothing's breaking, no action—@Andy Ful... maybe throw an alert that kicks off a game when both the system and user go idle! :)
Click to expand...

Yes. For most users, the H_C Recommended Settings have a good balance between usability and security. :)
However, this can depend on the user. Those who install many applications (especially tweaking or administrator tools) can sometimes see alerts.
 
  • +Reputation
  • Like
Reactions: EASTER, simmerskool, Gandalf_The_Grey and 2 others
Last edited:
  • Like
  • Applause
  • +Reputation
Reactions: silversurfer, jerzy601, simmerskool and 6 others

You may also like...