Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I had an update from Tom Tom Home blocked:

The only option to perform this update was switching off Default Deny.
Whitelisting didn't work for me.
How do I whitelist this?
Please use:
<Whitelist By Path> <Add Path*Wildcards> to whitelist the shortcuts. Copy/paste the path:
C:\Users\--------\AppData\Local\TomTom\HOME3\Updates\InstallerUpdater.lnk
Please replace "----------" with your username. (y)
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Please use:
<Whitelist By Path> <Add Path*Wildcards> to whitelist the shortcuts. Copy/paste the path:
C:\Users\--------\AppData\Local\TomTom\HOME3\Updates\InstallerUpdater.lnk
Please replace "----------" with your username. (y)
Whitelisting didn't work for me unfortunately.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
What is the blocked entry now in the Log?
I have the same entry four times in the log:
De beheerder heeft de toegang tot C:\Users\----------\AppData\Local\TomTom\HOME3\Updates\InstallerUpdater.lnk beperkt doordat het niveau van het standaardsoftwarerestrictiebeleid is aangepast.
Unfortunately, I can't retry because I performed the update by switching off default deny after trying four times.
 

FireHammer

Level 10
Verified
Well-known
Aug 27, 2020
446
I just saw a post, that there was a newbie friendly alternative to HardConfigurator, but it was not whitelisted by all AV companies.
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I have the same entry four times in the log:

Unfortunately, I can't retry because I performed the update by switching off default deny after trying four times.
You can test it by running the:
C:\Users\----------\AppData\Local\TomTom\HOME3\Updates\InstallerUpdater.lnk
and looking at the Log for a blocked entry correlated by time. (y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I just saw a post, that there was a newbie friendly alternative to HardConfigurator, but it was not whitelisted by all AV companies.
Yes. It was up to a few days after pushing Simple Windows Hardening 1.0.0.2 until it was whitelisted by Bitdefender.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Thanks I just got the name wrong, sorry, Thanks for the information, should I stick with Syshardener(default settings), It is not like I am an Expert, ha-ha.
Hard to say. SWH settings are stronger but in rare cases, it is required to whitelist some scripts or shortcuts.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
You can test it by running the:
C:\Users\----------\AppData\Local\TomTom\HOME3\Updates\InstallerUpdater.lnk
and looking at the Log for a blocked entry correlated by time. (y)
Of course, stupid me...
And now it works, maybe I forgot to apply settings, don't remember.
No problem anymore (y)
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Excellent. :)
This application is a mystery. Why it uses a shortcut to update???:unsure:
Lazzy/sloppy programming?

This is what C:\Users\----------\AppData\Local\TomTom\HOME3\Updates looks like:
Schermafbeelding 2020-09-17 174045.jpg
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
How to use PowerShell scripts in the H_C Recommended Settings.

Windows system and Hard_Configurator use the below restrictions on PowerShell Scripting:
  1. PowerShell ExecutionPolicy is set to Restricted (default Windows setting)
  2. PowerShell Constrained Language Mode is applied by SRP.
  3. The script blocking policy is applied via the H_C setting <Block PowerShell Scripts> = ON.
Point 3 prevents the user from running manually PowerShell script files from Explorer or desktop (like point 1), but additionally disables running such files via command-line with script interpreters (powershell.exe and powershell_ise.exe).
Points 3 and 1 do not block PowerShell command-lines that do not use script files. Such command-lines are often used in shortcuts and when PowerShell is invoked in non-PowerShell scripts (via Windows Script Host or CMD).

Point 2 allows running PowerShell code, but advanced functions are disabled. These functions are commonly used by malware.

So, what can be done if the user wants to use PowerShell scripting?
The first thing should be removing the PowerShell Execution policy (point 1) and replace it by adding PowerShell script extensions to SRP.

1602360174209.png


1602328243498.png


Next, we must remove the script blocking policy by setting <Block PowerShell Scripts> = OFF.

1602328434839.png


Finally, we should whitelist all PowerShell scripts we want to use.

Now we have a good PowerShell protection which allows running our scripts.
One can also use the <Block PowerShell Scripts> = OFF setting temporarily (to run own scripts) and set it to ON after that.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
How to blacklist a file from a SRP whitelisted folder? In my case the file is inside system32, but it's not on the list of sponsors.
You cannot. The H_C can only block the LOLBins that are on the list of Sponsors. If the LOLBin can make outbound connections, then you can add it manually to the Blocklist in FirewallHardening.(y)
Why do you want to block LOLBins? Do you use the unpatched system/software?
 

nadis

Level 1
Apr 21, 2020
14
Why do you want to block LOLBins?
Just as an additional security step, that's all.

The ability to blacklist specific files or folders should definitely be there, IMO, whether it's for new LOLBins that are not on the list yet, for admin/restrictive purposes or for some other reason.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top