Hard_Configurator - Windows Hardening Configurator

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
On my wife's laptop I have Comodo Firewall (not at paranoid settings), and H_C with a lot of sponsors enabled. I don't hear any complaints, and I see no conflicts.
CFW at non-paranoid settings has two basic weaknesses: the list of approved software and vendors is fallible, and the vulnerable process protection is weak. I solve both problems with H_C.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
H_C is very similar to CF with autosandbox set to Block (no HIPS). But, H_C does not block administrative processes, like Windows updates or system scheduled tasks, and uses forced SmartScreen (instead of File Lookup).
CF can be used in organizations and businesses, because it is stronger against the attacks originated from the local network, especially when those attacks are already elevated.
The advantage of using H_C can be important only in the home environment, because the home users usually do not need the features related to the local network, like SMB protocols, Remote Desktop, Remote Assistance, Remote Shell, Remote Registry, admin scripting, etc. If those features are blocked, then the attack from the local network is hardly possible.
It follows from the above, that in the home environment with H_C settings, the attack via already elevated malware is highly improbable. Any malware must be then originated by the user, so has to initially run not elevated (on Windows Vista and higher versions). Hard_Configurator is made to block such processes (so they cannot also bypass UAC), by using default-deny settings.
 
Last edited:

kylprq

Level 4
Verified
Jul 26, 2018
146
Are you running CFW at CruelSister settings?

yes

But, such CF setup can also break your system or

its true somehow with cs settings broke windows update

On my wife's laptop I have Comodo Firewall (not at paranoid settings), and H_C with a lot of sponsors enabled. I don't hear any complaints, and I see no conflicts.
CFW at non-paranoid settings has two basic weaknesses: the list of approved software and vendors is fallible, and the vulnerable process protection is weak. I solve both problems with H_C.

ı mean this ı wanna use it with cf at cs settings,

i did asked for h_c settings
 
  • Like
Reactions: oldschool

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
ı mean this ı wanna use it with cf at cs settings,

i did asked for h_c settings
I suggest to run H_C at the settings that are recommended for Avast hardened mode/aggressive. There is a special button for this, in the file whitelist section (allow exe and tmp). As Andy said, it is not really needed, but if you want to, that is a good way to do it.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I suggest to run H_C at the settings that are recommended for Avast hardened mode/aggressive. There is a special button for this, in the file whitelist section (allow exe and tmp). As Andy said, it is not really needed, but if you want to, that is a good way to do it.
You can simply load the profile:
WIndows_10_Avast_Hardened_Mode_Aggressive.hdc
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
@Andy Ful - Can you explain this for me please? Is this going to interfere with Windows updates?

I get the feeling sometimes that while EV shows various WD blocks, the operations actually proceed. :unsure:
Atleast WD PUP protection is actually classifying rempl aka forced WU crap as PUPs.
You're better off w/o that forced update feeding program. I always install only offline updates and no microcode patches or any other so called "Enhanced Reliability" thing which will be the main reason Win 10 breaks.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Some people complain after installing Windows Setup Remediations Service in Windows 10, especially on using too much system resources.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Some people complain after installing Windows Setup Remediations Service in Windows 10, especially on using too much system resources.
I think it is basically a tool to help your system get ready for the update to 1809. So users should just go to 1809 already, and get it over with, unless there is a compelling reason not to.
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,759
the results on Malware Hub should be as good as for any decent AV,
Av detects the malicious actions in a smart way:notworthy:
block by default(SRP/comodo sandbox) is just blocking the file and no detection in place.im not saying its bad but we can't compare SRP/comodo sandbox with av because it's not fair. SRP is like you never clicked the file.
I myself like Hard_Configurator and the philosophy behind it:oops:
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
I love H_C.I think it's a great program, it's true that it's different from AV but if you understand it well you don't need AV.
To find out if something is bad or good VT helps. and some on-demand scanners in case you're wrong about something.
 
D

Deleted member 178

AV and SRPs aren't for the same audience anyway.
AVs are generally for average users and those who often install softwares.
SRPs are for skilled users and those with static systems (like in enterprises).

Reason why business versions of AVs like Symantec often includes some SRP-style modules.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Av detects the malicious actions in a smart way:notworthy:
Yes. The AVs are also more universal, because they can be used in ogranizations, too. The H_C settings (for SRP), intentionally do not block administrative processes, so can be a strong protection only in the home environment.

Yet, in my opinion the 'smart way' of most AVs, is adjusted not to home users, but for all users (including organizations and businesses). That is why the AVs do not block some Windows features, which are hard to protect like scripting, remote features, and SMB protocols.
In the home environment the 'smart way' would be blocking by default those features with some exclusions. (y)(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The icons for the new version of H_C:

1547592670409.png
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Stylish! :) What else is new in the the new version?
When installing H_C, the user will be asked to uninstall Bash (Linux subsystem) and PowerShell 2.0. The user will be also asked to make the System Restore Point separately of whitelisting Autoruns entries (useful when roll up software is installed). Those improvements were proposed/discussed by @Lockdown and @shmu26.

I am working/playing for some time with the mix of H_C and SysHardener. It is called Casual User Protection (CUP), and will be similar to the H_C profile for Avast Hardened Aggressive mode (EXE and TMP files allowed). The CUP is similar to the idea of Simple Stupid Security.
Q&A - Simple Stupid Security vs. free AV
For now I plan 5 options:
<SmartScreen>
<Casual User Protection>
<Windows Defender high settings>
<Firewall hardening>
<Blocked Interpreters Log>

The applied restrictions:
  1. SmartScreen set to Block + installation of RunBySmartScreen.
  2. SRP default-deny. Allowed EXE, TMP, and MSI (.msi --> changed file association Msi.Package -> RunBySmartScreen).
  3. Documents Anti-Exploit (blocked macros in MS Office and Adobe Acrobat Reader XI/DC hardening.
  4. Blocked Outbound & Inbound Internet connections for predefined not blocked Interpreters: mshta.exe, hh.exe, mmc.exe, etc. and some other system executables like bitsadmin.exe, etc.
  5. Blocked Outbound & Inbound Internet connections for predefined vulnerable applications: MS Office, Adobe Acrobat Reader, etc.
  6. PowerShell set to Constrained Language Mode (PSLockdown policy) + Blocked script exec + blocked by path powershell.exe and powershell_ise.exe via HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.
  7. Blocked Windows Script Host (registry tweak) + blocked wscript.exe, cscript.exe via 'Image File Execution Options' (for logging).
  8. Blocked: SMB protocols,Remote Desktop, Remote Assistance, Remote Registry, and Remote Shell.
  9. Uninstall PowerShell 2.0 and Bash (if installed).
  10. Change the network profile to Public.
The options 1-7 can be turned ON/OFF without Logging Off.
Points 7-10 and RunBySmartScreen are applied when installing CUP, and set to default Windows settings when uninstalling.
The user can use the last option (<Blocked Interpreters Log>), to check if any Windows script or PowerShell command were blocked. If nothing important is blocked, then the CUP settings can be safely applied.

I am experimenting with CUP - I am not quite sure, if such application will be useful. We will see.
 
Last edited:
F

ForgottenSeer 72227

When installing H_C, the user will be asked to uninstall Bash (Linux subsystem) and PowerShell 2.0. The user will be also asked to make the System Restore Point separately of whitelisting Autoruns entries (useful when roll up software is installed). Those improvements were proposed/discussed by @Lockdown and @shmu26.

I am working/playing for some time with the mix of H_C and SysHardener. It is called Casual User Protection (CUP), and will be similar to the H_C profile for Avast Hardened Aggressive mode (EXE and TMP files allowed). The CUP is similar to the idea of Simple Stupid Security.
Q&A - Simple Stupid Security vs. free AV
For now I plan 5 options:
<SmartScreen>
<Casual User Protection>
<Windows Defender high settings>
<Firewall hardening>
<Blocked Interpreters Log>

The applied restrictions:
  1. SmartScreen set to Block + installation of RunBySmartScreen.
  2. SRP default-deny. Allowed EXE, TMP, and MSI (.msi --> changed file association Msi.Package -> RunBySmartScreen).
  3. Documents Anti-Exploit (blocked macros in MS Office and Adobe Acrobat Reader XI/DC hardening.
  4. Blocked Outbound & Inbound Internet connections for predefined not blocked Interpreters: mshta.exe, hh.exe, mmc.exe, etc. and some other system executables like bitsadmin.exe, etc.
  5. Blocked Outbound & Inbound Internet connections for predefined vulnerable applications: MS Office, Adobe Acrobat Reader, etc.
  6. PowerShell set to Constrained Language Mode (PSLockdown policy) + Blocked script exec + blocked by path powershell.exe and powershell_ise.exe via HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.
  7. Blocked Windows Script Host (registry tweak) + blocked wscript.exe, cscript.exe via 'Image File Execution Options' (for logging).
  8. Blocked: SMB protocols,Remote Desktop, Remote Assistance, Remote Registry, and Remote Shell.
  9. Uninstall PowerShell 2.0 and Bash (if installed).
  10. Change the network profile to Public.
The options 1-7 can be turned ON/OFF without Logging Off.
Points 7-10 and RunBySmartScreen are applied when installing CUP, and set to default Windows settings when uninstalling.
The user can use the last option (<Blocked Interpreters Log>), to check if any Windows script or PowerShell command were blocked. If nothing important is blocked, then the CUP settings can be safely applied.

I am experimenting with CUP - I am not quite sure, if such application will be useful. We will see.
This is Awsome. I would definitely switch with these changes and I could remove syshardener as it will have the benifts of both programs all in one :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top