Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Andy Ful
Your "devotion" to your project is admirable. The level of customer care service is at an excellent level. It's incredible that it's free. I'd be willing to pay for it.
Thanks. I used many applications for free, so I would like to keep the H_C also free with the help of MT members.:)(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It would be awesome if the following Windows features can be added to your tool:
Memory integrity (HVCI) - can be configured with registry
This feature will block many drivers. The user cannot also use virtual machines (VirtualBox, VMware, etc.). It can be easily turn ON from the Windows Security Center (it is part of Core isolation). It requires hardware support.
The user cannot also use virtual machines. It can be easily turn ON from the Windows Security Center (it is part of Core isolation). It requires hardware support. There were serious issues reported.
enable sandboxing for Windows Defender Antivirus
It is not finished. Why doesn't Microsoft turned it ON by default? It is so important for security.
enforce DEP (Data Execution Prevention) for all processes and not only for system which is default.
This setting can break many 32-bit applications. For 64-bit applications, DEP is turned ON by default on Windows 10. It can be easily turned ON (for concrete application) from the Windows Security Center (Windows Defender Exploit Protection).

So, I will wait until these features will be more mature or less problematic. (y)
It is probable that some of them will be included in WD Tamper protection, and then I will not include these features in H_C.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I wonder if this 1year old "unpredictable and exotic bug" issue is fixed.
I think so. The problem is that Windows 10 security evolves too quickly. Even without these low-level security features, there are still problems with Windows Updates.
Anyway, all Core Isolation features are important in enterprises. For example, System Guard Secure Launch is directed to protect the system against abused firmware drivers, because they are not protected by standard security solutions.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Andy Ful did you plan to disable the Windows internal EFS feature do to the new ransomware?
...
I do not know. If this feature is not required then it should be disabled.
But, this feature does not work on Windows Home (EFS service is disabled by default) and most AVs including WD will detect this method very soon. It will not be especially popular in widespread attacks. Furthermore, the H_C Recommended Settings already prevents ransomware delivery or execution.
This service can be used by some applications that encrypt files/folders so I am not sure if it would be safe to disable it.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
It would be fine if the website could work on mobile devices too, but it is probably not a big issue because H_C does not support mobile devices. That is why no one reported such a problem until now. :)
Btw, I have 3rd party scripts disabled and when I load the site it doesn't show anything for about 10 seconds everytime I load the page but if I enable the script it loads instantly. Is this what google shamelessly does to amp sites when the script is disabled? I may have read somewhere a year ago about this 10 seconds delay. I can understand images not loading since the script is blocked but the 10 seconds delay is bad.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Btw, I have 3rd party scripts disabled and when I load the site it doesn't show anything for about 10 seconds everytime I load the page but if I enable the script it loads instantly. Is this what google shamelessly does to amp sites when the script is disabled? I may have read somewhere a year ago about this 10 seconds delay. I can understand images not loading since the script is blocked but the 10 seconds delay is bad.
The browser probably does not recognize that the script is blocked and give it some time to load. I think that there is an option somewhere in the browser that allows the website to load without waiting for scripts.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
The browser probably does not recognize that the script is blocked and give it some time to load.
Yes you're right. Just now I found another example and it only happens to sites which are dependent on cdn.ampproject.org so based on AMP of google. Some sites gives a warring like this but note on your site.
1.PNG

Anyway, no problem.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Yes you're right. Just now I found another example and it only happens to sites which are dependent on cdn.ampproject.org so based on AMP of google. Some sites gives a warring like this but note on your site.
View attachment 232802
Anyway, no problem.
I think that @askalan, who is the creator of the H_C website, knows the details of the blocked script.:)(y)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
H_C in any predefined profile (except All_OFF) blocks shortcuts in UserSpace (also for USB drives), except some whitelisted locations on hard disk like Desktop, Start Menu, etc.
Shortcuts are blocked when SRP is set properly:
  1. <(Re)Install SRP> = Installed
  2. LNK extension is on <Designated File Types>
  3. <Default Security Level> = Disallowed
  4. <Enforcement> = Skip Dlls (also All Files)
  5. <More SRP ...> <Protect Shortcuts> = ON
People who do not like default-deny setup can use the predefined profile: Windows_10_MT_Windows_Security_hardening
which works similarly to SysHardener settings, but additionally block shortcuts, more file extensions, and some dangerous sponsors (mshta.exe, mstsc.exe, wmic.exe).
If the user needs to run unsigned applications with elevation or install/update unsigned applications, then the option <Validate Admin C.S.> must be set to OFF.

You may be sure that shortcuts are blocked by creating a shortcut on USB drive (or anywhere in the UserSpace) and trying to run it.
This is a little late, but I think I figured out why SRP wasn't working on the wife's laptop. There is a user account on that computer that is a member of Microsoft Family. You already told me that Microsoft Family interferes with SRP.
 

RKRN3

Level 3
Verified
Well-known
Sep 6, 2019
122
Yes you're right. Just now I found another example and it only happens to sites which are dependent on cdn.ampproject.org so based on AMP of google. Some sites gives a warring like this but note on your site.
View attachment 232802
Anyway, no problem.
You can use this extension to bypass AMP sites and open the full site.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
This is a little late, but I think I figured out why SRP wasn't working on the wife's laptop. There is a user account on that computer that is a member of Microsoft Family. You already told me that Microsoft Family interferes with SRP.
Yes, and SRP will not work even If you would remove this account. I tried this and the only method is refreshing the Windows.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Yes, and SRP will not work even If you would remove this account. I tried this and the only method is refreshing the Windows.
That's not always necessary. I fixed it one time just by removing the user from Microsoft family.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top