Hard_Configurator - Windows Hardening Configurator

Lovely. I can delete the previous H_C Master from downloads folder now? I just use the Firewall Hardening Tool and was pleased to find it quickly and easily. Had it re-write the rules and everything, and it's set, I checked it.

The only issue and it's a minor one for me: I'm having a little problem dragging the interface around. It will drag but as soon as you release the mouse and then try to grab it again, it doesn't grab. It seems you only get one chance to drag it, two if you're lucky. My mouse is a very basic, cheap one, but I have no issues dragging other windows around. Anyone else?

Edit: There is actually a spot where you can drag the UI consistently but it's just within the frame in the upper left-hand side of the UI. lol! Here, I marked it. Hold the mouse pointer right on the orange border within the area of the two black arrows. Maybe it works this way for everyone? :D

hac2.png

Edit #2: HitmanPro has also cleared Hard_Configurator and Switch DefaultDeny .exes via its cloud. (y) Is it possible, then, that Sophos would also have no problems with these?
 
Last edited:
  • Like
Reactions: Andy Ful, harlan4096, silversurfer and 5 others
Andy Ful said:
computer restart is required to apply the new rules
Click to expand...
Oh that's the reason I guess. I didn't restart the computer.
Andy Ful said:
But, I noticed for the first time that some blocked connections are not logged, if they do not try to send packets.
Click to expand...
Interesting. Is it something that can be fixed?
Andy Ful said:
Thanks. The code was copied from H_C and adjusted to FirewallHardening. I did not notice it.:(
Click to expand...
Haha, it's nice that I noticed and hopefully it's going to be fixed in the next beta :)
 
  • Like
Reactions: Venustus, Protomartyr, Andy Ful and 2 others
SeriousHoax said:
...
Interesting. Is it something that can be fixed?
... :)
Click to expand...
FirewallNoname.png

There are some events logged in the Security Log without the information about the file. They are pretty much useless to FireWall Hardening Log, which is focused on blocking applications. These events can happen if the application does not connect directly but uses other system resources. A similar thing happens when bitsadmin triggers file downloading. In fact, svchost is seen by the firewall and not bitsadmin.
 

Attachments

  • 1583660075421.png
    1583660075421.png
    123.1 KB · Views: 246
  • Like
Reactions: Venustus, Protomartyr, harlan4096 and 2 others
Andy Ful said:
The added rules work for me (computer restart is required to apply the new rules). The rules are added first at the end of the list, but after restarting the computer and running FirewallHardening, the rules are visible in alphabetical order:
View attachment 234544
But, I noticed for the first time that some blocked connections are not logged, if they do not try to send packets.
For example, I added the rules for three email clients (Claws-mail, eM Client, and Postbox). The blocked events for two email clients were added to the Log. But, not for eM Client which was blocked too (I tried to download an attachment without success).
Click to expand...
These blocked connections were not related to FirewallHardening. I repeated the test today and when eM Client tried to connect directly it was blocked by FireWallHardening rule.
emclientlog.png
 
  • Like
Reactions: Venustus, Protomartyr, harlan4096 and 1 other person
@Andy Ful Many thanks for your hard work on beta version 5.0.0.1 and it's manual. (y)
I have installed it with the recommended settings.
ConfigureDefender on High + Controlled Folder Access on.
FirewallHardening at Recomended H_C.
DocumentsAntiExploit MS Office at ON2.
Anything I missed or configured wrong?
Because Bandizip now has advertisements in the free version I switched to Explzh (also keeps MOTW).
Can you add that program to Harden Archivers?
 
  • Like
Reactions: Venustus, Protomartyr, shmu26 and 2 others
Gandalf_The_Grey said:
@Andy Ful Many thanks for your hard work on beta version 5.0.0.1 and it's manual. (y)
I have installed it with the recommended settings.
ConfigureDefender on High + Controlled Folder Access on.
FirewallHardening at Recomended H_C.
DocumentsAntiExploit MS Office at ON2.
Anything I missed or configured wrong?
Because Bandizip now has advertisements in the free version I switched to Explzh (also keeps MOTW).
Can you add that program to Harden Archivers?
Click to expand...
I will look at this app.:)
 
  • Like
  • Thanks
Reactions: Venustus, Protomartyr, shmu26 and 2 others
Gandalf_The_Grey said:
...
I have installed it with the recommended settings.
ConfigureDefender on High + Controlled Folder Access on.
FirewallHardening at Recomended H_C.
DocumentsAntiExploit MS Office at ON2.
...
Click to expand...
Seems good (if you do not use Adobe Acrobat Reader).
 
  • Like
  • Thanks
Reactions: Venustus, Protomartyr, shmu26 and 2 others
There are some good PDF Readers in Microsoft Store:
PDF viewers (all use Appcontainer):
Adobe Reader Touch
Foxit MobilePDF
PDF Viewer Plus, from GSnathan
PDF Reader from Kdan Mobile
Perfect PDF Reader, from soft Xpansion
Xodo PDF Reader & Editor (very fast with big documents)

PDF Reader plugins in web browsers are far more vulnerable to attacks and can help to exploit the web browser.
 
  • Like
  • Thanks
  • Applause
Reactions: Venustus, South Park, Protomartyr and 9 others
Andy Ful said:
There are some good PDF Readers in Microsoft Store:
PDF viewers (all use Appcontainer):
Adobe Reader Touch
Foxit MobilePDF
PDF Viewer Plus, from GSnathan
PDF Reader from Kdan Mobile
Perfect PDF Reader, from soft Xpansion
Xodo PDF Reader & Editor (very fast with big documents)

PDF Reader plugins in web browsers are far more vulnerable to attacks and can help to exploit the web browser.
Click to expand...
Which one do you personally use?
 
  • Like
Reactions: Venustus, Andy Ful, Protomartyr and 3 others
If your priority is security, also check the history of security vulnerabilities before choosing:

Krzysztof Kowalczyk Sumatrapdf security vulnerabilities, CVEs, versions and CVE reports

Krzysztof Kowalczyk Sumatrapdf security vulnerabilities, CVEs, exploits, metasploit modules, vulnerability statistics and list of versions
www.cvedetails.com

Foxitsoftware Foxit Reader security vulnerabilities, CVEs, versions and CVE reports

Foxitsoftware Foxit Reader security vulnerabilities, CVEs, exploits, metasploit modules, vulnerability statistics and list of versions
www.cvedetails.com
 
  • Like
Reactions: Venustus, Protomartyr, DDE_Server and 5 others
SeriousHoax said:
Which one do you personally use?
Click to expand...
I used them all and finally chose the simplest one, which is Adobe Reader Touch. It is not actively developed. It is fast, but not fast as Xodo PDF Reader. I also block the Internet connection to PDF Readers via FirewallHardening tool (desktop applications) or Windows Firewall (UWP apps).

Edit.
Blocking the Internet Access to PRD Reader does not prevent it to open the web browser. This can be prevented by using Exploit Protection to block child processes.
 
Last edited:
  • Like
  • Sad
Reactions: Venustus, harlan4096, Protomartyr and 6 others
  • Like
Reactions: Venustus, harlan4096, Andy Ful and 2 others

You may also like...