Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
@Andy Ful

I was reading Windows Ten Forums and I found a thread that was discussing the fact that MS is no longer developing SRP and at some point they are planning to remove those features entirely at some point. I couldn't find any other info on the matter, but was wondering if you heard this as well? It looks like they want people to use Applocker and WDAC instead of the built in SRP. I guess if this is true, H_C may be limited down the road. I am sure you can still do an SRP via other 3rd party apps (granted not using built in settings), but it won't be the same as what H_C can do currently.
We discussed it in the middle of the 2018 year. Microsoft officially announced that SRP will not be further developed. It means that there will not be the new SRP improvements, and MS will focus on the new features like WD Application Control, WD Application Guard, etc. It does not mean that SRP will be throw out from Windows (it still works in the upcoming Windows ver. 1903). There are some other features in Windows which are not developed for years, like CMD and Windows Script Host, but are continued because of compatibility.
SRP is used in organizations for years, so it will not be easy to remove it from Windows. Yet, Windows 10 is quickly evolving too, so you never know what will happen for sure. We will see.
 
F

ForgottenSeer 72227

We discussed it in the middle of the 2018 year. Microsoft officially announced that SRP will not be further developed. It means that there will not be the new SRP improvements, and MS will focus on the new features like WD Application Control, WD Application Guard, etc. It does not mean that SRP will be throw out from Windows (it still works in the upcoming Windows ver. 1903). There are some other features in Windows which are not developed for years, like CMD and Windows Script Host, but are continued because of compatibility.
SRP is used in organizations for years, so it will not be easy to remove it from Windows. Yet, Windows 10 is quickly evolving too, so you never know what will happen for sure. We will see.

Thanks @Andy Ful

Ya I assumed that it would be hard for them to remove, but with all the things they are introducing (sandboxing, tamper protection, the new browser extension, etc...), you can see that they are slowly positioning themselves to pull the plug if you will. The question that remains is when?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
Thanks @Andy Ful

Ya I assumed that it would be hard for them to remove, but with all the things they are introducing (sandboxing, tamper protection, the new browser extension, etc...), you can see that they are slowly positioning themselves to pull the plug if you will. The question that remains is when?
Who knows?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Thanks @Andy Ful

Ya I assumed that it would be hard for them to remove, but with all the things they are introducing (sandboxing, tamper protection, the new browser extension, etc...), you can see that they are slowly positioning themselves to pull the plug if you will. The question that remains is when?
As you mentioned, they are developing WD Application Control and WD Application Guard , and they are gradually making these features available on non-Enterprise editions of Windows. My crystal ball predicts that we will have a bigger and better SRP by the time that the old SRP is de-activated.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
As you mentioned, they are developing WD Application Control and WD Application Guard , and they are gradually making these features available on non-Enterprise editions of Windows. My crystal ball predicts that we will have a bigger and better SRP by the time that the old SRP is de-activated.
Yes, I am waiting...:giggle:
If this will not happen, then probably, I will use Excubits drivers with Admin Bypass:unsure:.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Yes, I am waiting...:giggle:
If this will not happen, then probably, I will use Excubits drivers with Admin Bypass:unsure:.
After playing around with Excubits Bouncer for a few days, it seems to me that it has the same problem with whitelisting dll paths that SRP has. Specific paths often don't work. However, the log tells you faithfully when a dll is blocked, so you can widen out the path to make it work.

Bouncer seems to affect system performance a bit, maybe because of the dll monitoring.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
After playing around with Excubits Bouncer for a few days, it seems to me that it has the same problem with whitelisting dll paths that SRP has. Specific paths often don't work. However, the log tells you faithfully when a dll is blocked, so you can widen out the path to make it work.

Bouncer seems to affect system performance a bit, maybe because of the dll monitoring.
If I correctely remember, Bouncer (like SRP) cannot block .NET DLLs (Fides can).
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
If I correctely remember, Bouncer (like SRP) cannot block .NET DLLs (Fides can).
Right. But when Fides blocks, it is absolute. So when you apply this to powershell, it means no powershell at all, even when the OS or trusted software wants to run it for maintenance purposes, even when run with system privileges.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
... or will not leave Windows 7, which is not the purpose of MS.:unsure:
Nope, I think you are wrong there. MS wants those on 7 that are left behind because they are about to pay a huge amount for them to receive security update. That amount is a lot more than the one for xp.
Windows 7 is not something we should discuss anymore. It's about to die and will stay on the ventilator for a few more years and then only crazy people will use it.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
Nope, I think you are wrong there. MS wants those on 7 that are left behind because they are about to pay a huge amount for them to receive security update. That amount is a lot more than the one for xp.
Windows 7 is not something we should discuss anymore. It's about to die and will stay on the ventilator for a few more years and then only crazy people will use it.
We agree. I did not say that they will not leave Windows 7 after a few years, but rather in the period of about 3 years. MS will probably extend the Windows 7 support for Enterprises, but also wants them to use Windows 10 as soon as possible. Yet, I do not think that MS wants organizations to 'keep Windows 7 and pay forced tribute'. Organizations are known from not updating the systems even when they could do it for free.
Anyway, all of this is pure speculation. The most important thing will be, if SRP will not conflict with some new security features in the future Windows 10 versions. If not, then SRP can last for a long time (for compatibility), as CMD, Windows Script Host, WMI, SMB, etc.
The paradox could be when MS would remove SRP, which increases security, and would keep CMD, Windows Script Host, WMI, SMB which are used commonly by the malc0ders.:(
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
For now, SRP is the optimal background for H_C settings. But, in the future, I could probably adopt Bouncer + Fides (demo) in H_C, and the users would not see any difference. I think, that I could also use MemProtect to accomplish a kind of memory sandbox. But first, let's allow MS to improve Windows security, and we will see...
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
Can you handle shortcuts that way?
AFAIK you can do powershell constricted language and documents anti-exploit without SRP support.
What features might be problematic?
Shortcuts and other dangerous file extensions can be blocked/whitelisted by using Fides via blocking read access. I do not know if Fides uses Admin Bypass feature, but this will not be an important difference. There should not be any serious problems with using Bouncer + Fides as a background for H_C.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Shortcuts and other dangerous file extensions can be blocked/whitelisted by using Fides via blocking read access. I do not know if Fides uses Admin Bypass feature, but this will not be an important difference. There should not be any serious problems with using Bouncer + Fides as a background for H_C.
While we are on the subject of Bouncer, let's say you were a paranoid, and you wanted to add lol bins to the CMDBLACKLIST that are not on the sponsors list of H_C for whatever reason. Which ones would you add?
The only one that jumps to my mind is rundll32.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
When i looked at the "Designated File Types" i got confused. The order ist Z>A. No clue if there is a reason for that but as a novice user i was expecting A>Z and was confused when i was searching for stuff in that list. Like a telephone book suddenly starting with Z and now my alphabet is totaly messed up :D
How about that the button called "Gui Skin" changes to "Gui Skin 2", "Gui Skin3" and so on when pressed? Since some look a bit alike it's easier to remember 5 and 8 look good than counting my keypresses for both.

What does the "*" mean in the blocked sponsors list? In the help file i found no mention of the "*" under "block sponsor" section. If some files are marked special through a "*" im curios and want to know why :D
 

Attachments

  • Untitled - Copy.jpg
    Untitled - Copy.jpg
    141.8 KB · Views: 340
  • Untitled12 - Copy.png
    Untitled12 - Copy.png
    55.2 KB · Views: 398
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
When i looked at the "Designated File Types" i got confused. The order ist Z>A. No clue if there is a reason for that but as a novice user i was expecting A>Z and was confused when i was searching for stuff in that list. Like a telephone book suddenly starting with Z and now my alphabet is totaly messed up :D
You were probably confused for 2 seconds. :giggle:
How about that the button called "Gui Skin" changes to "Gui Skin 2", "Gui Skin3" and so on when pressed? Since some look a bit alike it's easier to remember 5 and 8 look good than counting my keypresses for both.
It can be done in the future.
What does the "*" mean in the blocked sponsors list? In the help file i found no mention of the "*" under "block sponsor" section. If some files are marked special through a "*" im curios and want to know why :D
The asterisk is the usual wildcard (see the H_C FAQ).(y)
 

iTech

New Member
Mar 25, 2019
4
I have hard_configurator version 4.2 on Windows 10 but 'Configure defender' and 'Run As Smartscreen' feature is not applicable on the tool .
is there any setting that I have to enable to turn on the feature?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top