Hard_Configurator - Windows Hardening Configurator

shmu26 said:
Why on SUA, only VBAOFF? Just curious.
Click to expand...
There are some technical problems with applying HKCU keys from Hard_Configurator, because it is really never running on SUA, but always on Admin account. I solved this problem in version 4.0.0.1.
I chose to push the version 4.0.0.0 with somewhat unfinished <Document Anti-Exploit> feature, because on Windows 10 the VBAOFF + WD ASR + default-deny SRP give the user very strong protection. It is strong, even without VBAOFF feature, but VBA interpreter is so dangerous that some sophisticated malware in the wild could bypass WD ASR + SRP default-deny.
 
  • Like
Reactions: Sunshine-boy, oldschool, harlan4096 and 2 others
Andy Ful said:
There are some technical problems with applying HKCU keys from Hard_Configurator, because it is really never running on SUA, but always on Admin account.
Click to expand...
So if I want those registry tweaks on a SUA, I can change the account to Admin, run HC, and then change it back to SUA?
By the way, I don't know how you even found all those registry entries to tweak. That is mind-boggling.
 
  • Like
Reactions: Andy Ful and oldschool
shmu26 said:
So if I want those registry tweaks on a SUA, I can change the account to Admin, run HC, and then change it back to SUA?
By the way, I don't know how you even found all those registry entries to tweak. That is mind-boggling.
Click to expand...
In the version 4.0.0.0 the tweaks will be always for the Admin account (HKCU Hive) and for all accounts (HKLM Hive) - never mind if H_C is started from SUA or Admin.
I have much time for researching.:giggle:
 
  • Like
Reactions: Gandalf_The_Grey, In2an3_PpG, harlan4096 and 2 others
LDogg said:
@Andy Ful do you have the download link for this at all?

~LDogg
Click to expand...
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
 
  • Like
Reactions: Gandalf_The_Grey, silversurfer, Weebarra and 3 others
Andy Ful said:
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
Click to expand...
Very much appreciated. When running what settings would you recommend for me to use?

~LDogg
 
  • Like
Reactions: Gandalf_The_Grey, Weebarra, shmu26 and 1 other person
LDogg said:
Very much appreciated. When running what settings would you recommend for me to use?

~LDogg
Click to expand...
Please, start with the recommended settings (<Recommended SRP > + <Recommended Restrictions>).
If you will have any questions, then post here, I will help you. Every option has the help file with some instructions.(y)
 
  • Like
Reactions: Gandalf_The_Grey, Weebarra, harlan4096 and 2 others
  • Like
Reactions: Gandalf_The_Grey, Weebarra, harlan4096 and 2 others
Andy Ful said:
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
Click to expand...

Thanks @Andy Ful! I installed over the top of the last version without any issues. (y)
 
  • Like
Reactions: Gandalf_The_Grey, Weebarra, Andy Ful and 3 others
Andy Ful said:
The corrected version 4.0.0.0 can be downloaded from:
AndyFul/Hard_Configurator
The newly compiled installers with the corrected ConfigureDefender are in the above ZIP file. They are analyzed now by Microsoft, Emsisoft, and Symantec. After some hours I send them also to Avast.
Click to expand...

Andy,
This morning Windows Defender update version 1.277.605.0 is tagging your corrected installer, when downloaded with Edge as Trojan:Win32Spursint.F!cl. See attached. NOTE: 1.277.631.0, latest version doing the same.
 

Attachments

  • Annotation.png
    Annotation.png
    31.7 KB · Views: 388
Last edited:
  • Like
Reactions: Gandalf_The_Grey, vtqhtr413, oldschool and 3 others
Reldel1 said:
Andy,
This morning Windows Defender update version 1.277.605.0 is tagging your corrected installer, when downloaded with Edge as Trojan:Win32Spursint.F!cl. See attached. NOTE: 1.277.631.0, latest version doing the same.
Click to expand...
Interesting. I check the submission for the corrected version - stiIl pending.
I tried a minute ago to download and install the corrected version without issues with updated Defender signatures: 1.277.631.0
Very strange. Could someone test it, too.?
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey, vtqhtr413, oldschool and 2 others
@Reldel1,
Could you please check if the detection can be related to your local dynamic signatures, by running the below commandline from c:\Program Files\Windows Defender folder:
MpCmdRun.exe -removedefinitions -dynamicsignatures
and downloading the file again?
 
  • Like
Reactions: vtqhtr413, oldschool and harlan4096
I checked all submissions (Emsisoft, Microsoft, Symantec). The Emsisoft analyst Elise van Dorp is unbeatable, but Symantec is also good - both managed to whitelist the corrected Hard_Configurator executables in some hours.(y):giggle:
 
  • Like
Reactions: Gandalf_The_Grey, vtqhtr413, oldschool and 2 others
The Corrected version of HardConfigurator was also blocked when downloading via Edge using definitions 1.277.592.0 from yesterday morning. Simple enough though I just allowed the download and made an exclusion in defender for the .exe.
 
  • Like
Reactions: vtqhtr413, oldschool and Andy Ful
Andy Ful said:
@Reldel1,
Could you please check if the detection can be related to your local dynamic signatures, by running the below commandline from c:\Program Files\Windows Defender folder:
MpCmdRun.exe -removedefinitions -dynamicsignatures
and downloading the file again?
Click to expand...
Yes, that was the problem, after running commandline I can now download without issue. Your the man,
 
  • Like
Reactions: vtqhtr413, oldschool, Andy Ful and 1 other person

You may also like...