Because if I use ChrisTitus Tech WinUtil script or other, that's a problem...
Forced Smart Screen, I don't know... It's better on “ON.” Okay.
Yes, I use MS Office 2019.
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
Forced Smart Screen, I don't know... It's better on “ON.” Okay.
Yes, I use MS Office 2019.
I am not sure if you need it if you use the MD ASR rule "Block untrusted and unsigned processes that run from USB".
You can read the help and decide for yourself.
Why did you disable the MD ASR rules under the "Productivity apps" (they are mainly for MS Office)? Did you have any problems?
I use Office macros regularly, so I kept the ASR “Productivity apps” rules disabled to avoid breaking legitimate macro workflows.
The ASR rule “Block untrusted and unsigned processes that run from USB” is enabled in my setup. I prefer keeping this protection active since I don’t normally execute unknown software directly from removable drives.
SmartScreen is also enabled right now, and the rest of my Defender core protections remain active.
The ASR rule “Block untrusted and unsigned processes that run from USB” is enabled in my setup. I prefer keeping this protection active since I don’t normally execute unknown software directly from removable drives.
SmartScreen is also enabled right now, and the rest of my Defender core protections remain active.
Macros are the weakest point in your security. It would be better to set all those rules to Audit and test the macros that you use.
There is a fair chance that some of the rules can be untouched.
When you save the H_C profile, does it also save the FirewallHardening and ConfigureDefender settings?
Thanks !!
Thanks !!
@pytroman86
I have always used the "Validate Admin Code Signatures" registry key, even before Andy Ful's tool.
In my opinion, setting it to “on” won't cause you any problems, even if you use unsigned software, because you can use H_C to temporarily set it to “off” and then quickly restore it.
A fairly anonymous pop-up message saying “The server returned a reference (at least in my language)” will let you know if you find yourself in the situation I described above.
I have always used the "Validate Admin Code Signatures" registry key, even before Andy Ful's tool.
In my opinion, setting it to “on” won't cause you any problems, even if you use unsigned software, because you can use H_C to temporarily set it to “off” and then quickly restore it.
A fairly anonymous pop-up message saying “The server returned a reference (at least in my language)” will let you know if you find yourself in the situation I described above.
@Andy Ful did not reinvent the wheel, he just makes using of the wheel (most users did not even know it is there) an easy and a rapid process.@pytroman86
I have always used the "Validate Admin Code Signatures" registry key, even before Andy Ful's tool.
In my opinion, setting it to “on” won't cause you any problems, even if you use unsigned software, because you can use H_C to temporarily set it to “off” and then quickly restore it.
A fairly anonymous pop-up message saying “The server returned a reference (at least in my language)” will let you know if you find yourself in the situation I described above.
Not everyone can tinker with registry and GP entries, not to mention "safely".
My humble pov, such tools are one of the major improvements to Windows security not offered by MS.
Last edited:
No, if you mean saving settings into the .hdc file. Only the settings visible in the H_C left and right panels are saved.
FirewallHardening and Configurator are external applications.
You can load/save the FirewallHardening settings via "External BlockList". ConfigureDefender does not have such an option.
Really appreciate everyone sharing their experience here. Reading through this thread helped me better understand how Hard Configurator fits into everyday Windows hardening without breaking usability. Practical feedback like this is what makes forums truly valuable. Thanks!
@Andy Ful In Blocked Sponsers, RUNDLL32 is missing from the list. But when I 'clear all', control panel applets work.
Yes I know shell32 is involved. But where is the H_C Log, it is not mentioned in the general help, and it is not in your directory?
So do you suggest using Clear All for the purpose of using Control Panel Applets ?
<Tools> <Blocked Events / Security Logs>.
There is a chapter about it ( TROUBLESHOOTING ) in the H_C manual.
No.
Control Panel Applets are CPL files executed via Control LOLBin (next RunDLL32 is used).
If you run the CPL applet directly, it should be blocked by <Designsted File Types>.
If you removed the CPL file extension but blocked control.exe, the CPL file will also be blocked.
If you run Control Panel via the system shortcut, the applets should run without H_C blocks.
Last edited:
@Andy Ful I encountered a problem. i had sponsers = 178. Then I unchecked Control. Applied. Then the control panel applets works. ( keyboard, mouse ) Then I went back into Sponsers and checkmarked Control. Applied. And the control panel applets kept on working. I had also clicked on Recommended before (forgot the sequence of events, stupid me. ) Anyways if control is checkmarked, the applets should not work, correct ?
Control Panel works fine with all sponsors blocked and paranoid extensions selected. Access through search in start menu if that makes a difference.
@Zero Knowledge So that means rundll32 is not blocked?
When you run Control Panel via the system shortcut, it is opened by Explorer as a shell folder (control.exe and rundll32.exe are skipped).
You may also like...
-
-
FAI Tells It Like It Is - Microsoft's Wonky Default Deny Roadmaps, Users as Guinea Pigs, "Dilemmas and Paradoxes," and Why SRP Remains King
- Started by ForgottenSeer 114717
- Replies: 44
-
Microsoft testing Windows 11 batch file security improvements- Started by Parkinsond
- Replies: 0
-
CrySome RAT : An Advanced Persistent .NET Remote Access Trojan- Started by Khushal
- Replies: 3
-
