Hard_Configurator - Windows Hardening Configurator

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
SmartScreen is a very good reputation service (maybe the best available). So, if the file is not malicious and many people choose to install it, then it will be allowed (even when includes adware like in VirusTotal example).
The file was not actually malicious, as far as I can tell, it was one of those "safe" cracks. Not even any adware. Only software piracy.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The file was not actually malicious, as far as I can tell, it was one of those "safe" cracks. Not even any adware. Only software piracy.
Babylon Toolbar browser extension is treated as adware by many vendors. The toolbar, in fact, is not installed due to extension restrictions in modern browsers.
Remove Babylon Toolbar (Removal Instructions)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Babylon Toolbar browser extension is treated as adware by many vendors. The toolbar, in fact, is not installed due to extension restrictions in modern browsers.
Remove Babylon Toolbar (Removal Instructions)
This file was not the terrible toolbar, it was the desktop translation software. But it does try to install a browser extension, to provide one-click translations on web pages..
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It seems that 'forced SmartScreen' feature applied in Hard_Configurator via "Run As SmartScreen" is actually present on Windows 10 (Enterprise ed.) in Windows Defender Application Control. That was my main idea when creating Hard_Configurator. That idea could be accomplished only partially in Windows Home, for applications ran by the user. In Application Control it is the full cloud reputation service (like Avast Aggressive Hardened Mode), so even the dropped/executed payloads are reputation-checked.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It seems that 'forced SmartScreen' feature applied in Hard_Configurator via "Run As SmartScreen" is actually present on Windows 10 (Enterprise ed.) in Windows Defender Application Control. That was my main idea when creating Hard_Configurator. That idea could be accomplished only partially in Windows Home, for applications ran by the user. In Application Control it is the full cloud reputation service (like Avast Aggressive Hardened Mode), so even the dropped/executed payloads are reputation-checked.
If all spawned processes will be checked by reputation service, won't that make program updates almost impossible? They will always have new files.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I think App control is only an anti-EXE.
It is not.
You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them.
.
In addition, you can work from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them.
.

Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules (Windows 10)
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
The file was not actually malicious, as far as I can tell, it was one of those "safe" cracks. Not even any adware. Only software piracy.
Sorry to defend SmartScreen now, but if the crack was clean, there's nothing to worry about and I would even consider that a feature. And if many people want to get this "software", which Kaspersky classifies as "not a virus", then it is also ok here that SmartScreen does not block it.

Remember, it is called "Smart"Screen and not "IBlockACrackBecauseItIsACrack". Smart means not marking everything as a virus, and here this filter has my full respect. It's my favorite software in Windows and I think it's great that @Andy Ful has programmed a backend for configuring it! Thank you!
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
anyway, I'm sure that any hips or Kaspersky App control is better than this.
I would kindly disagree with you, but I am sure we will not quarrel about this.:cool:
Anyway, as you know, I think that SRP is more usable for home users. But for Enterprises, Application Control is better because the people have to use vulnerable applications/services/protocols and there are much more network vulnerabilities. Hard_Configurator settings are designed to prevent the malware infections by forcing the user to execute only safe files and restricting file execution. This can also mitigate many exploits running as standard user (drive-by attacks, PowerShell fileless attacks, etc.). Application Control has additionally to fight even when something was exploited to run the malware with administrative rights.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It is clear that WD Application Control + WD Application Guard is the Microsoft answer to similar solutions in AV suites (Kaspersky, etc.). For example, WD Application Guard can be set to execute only well-known and safe applications like in Kaspersky Trusted Applications mode.
Personally, I can see some similarities with the idea of AppGuard:
  1. restrict execution of scripts, applications, modules
  2. guard the vulnerable applications
WD Application Guard uses Microsoft Hyper-V virtualization technology, so it is actually the stronger solution available on Windows. Also, the native WDAC + WDAG implementation in the OS kernel is most stable and robust.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
D

Deleted Member 3a5v73x

Anyway, as you know, I think that SRP is more usable for home users.
I really appreciate your work mate @Andy Ful , but how is SRP more usable? Why nobody talks about more important factor, that most home users are "click happy" and don't pay attention to any security alerts and if some comes up or "in their face" like Smartscreen alert, they just click yes to get it faster out of their way without reading any information what its for. If family have no one to ask computer help, they have to call someone tech like. And most people 50+ who didn't born with tablets and pc's in their hands, will not do manual way seeking for problem help in Google or MalwareTips example. I can set SRP for my other 5+ family windows systems, but if I wasn't there for them, default-deny would NOT be the best security solution. SRP is best for Business/corp oriented systems where employes are not allowed to install additional programms and just use work oriented applications.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I really appreciate your work mate @Andy Ful , but how is SRP more usable? Why nobody talks about more important factor, that most home users are "click happy" and don't pay attention to any security alerts and if some comes up or "in their face" like Smartscreen alert, they just click yes to get it faster out of their way without reading any information what its for. If family have no one to ask computer help, they have to call someone tech like. And most people 50+ who didn't born with tablets and pc's in their hands, will not do manual way seeking for problem help in Google or MalwareTips example. I can set SRP for my other 5+ family windows systems, but if I wasn't there for them, default-deny would NOT be the best security solution. SRP is best for Business/corp oriented systems where employes are not allowed to install additional programms and just use work oriented applications.
I think Andy meant that SRP is more friendly to home users than WD Application Guard is.

But to address your point more directly, let's say you put SRP on on a novice's computer. He won't even know how to get around it. It takes a certain amount of skill to discover that a right click will give you options to run a file with admin rights. And even if you do that, once you get that smartscreen block, you need to be pretty smart to figure out how to click past it. My Mom would never figure it out, and I don't think my Dad would either, even though he is pretty clever, he is a university professor.
You can also configure smartscreen so that you can't click past it, if you want a more locked down config.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top