Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I updated to the new version, updated settings and firewall rules, and restarted. Similarly to when I installed the beta, the system crashed within one minute, with this error message:

View attachment 261519

I clean reinstalled 5.1.1.2, which I will probably use indefinitely, since my laptop seems to not get along with a setting in the newer versions.
I am sorry, it seems that there is some hidden incompatibility. How did you recover the system functionality after the crash? Could you boot into Safe Mode?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Can v.6 be installed over top of 5 ?

Or can v.5 profile be imported into 6 and work properly ?

Please, use the Update button from the H_C GUI. After updating the previous settings will not be changed.
The new settings can be added manually or by applying: H_C Recommended Settings + FirewallHardening H_C Recommended + ConfigureDefender HIGH (INTERACTIVE or MAX settings). The finger.exe is automatically added to Blocked Sponsors when loading the Recommended_Enhanced setting profile.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
I am sorry, it seems that there is some hidden incompatibility. How did you recover the system functionality after the crash? Could you boot into Safe Mode?
The display crashed (went to black) and restarted itself, so I uninstalled H_C 6 at that time. When I installed it, I didn't update it with the "update" button, but instead ran the .exe and installed over 5.1.1.2. Do you think I would get better results if I updated it with the "update" button?
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
SUMo indicates there is an updated Documents Anti-Exploit tool v2.0.0.0 but I still have v1.0.1.1 after unzipping latest H_C Hardening Tools - unless I missed a later version?
 
  • Like
Reactions: Nevi and Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
SUMo indicates there is an updated Documents Anti-Exploit tool v2.0.0.0 but I still have v1.0.1.1 after unzipping latest H_C Hardening Tools - unless I missed a later version?
I updated the H_C Hardening Tools a few days ago to include Documents Anti-Exploit tool v2.0.0.0.
But, the ver. 2.0.0.0 is required only to work flawlessly with installed H_C. Without H_C the functionality is the same.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The display crashed (went to black) and restarted itself, so I uninstalled H_C 6 at that time. When I installed it, I didn't update it with the "update" button, but instead ran the .exe and installed over 5.1.1.2. Do you think I would get better results if I updated it with the "update" button?
There would be no difference. There is no need to use ver. 6.0.0.0 except if you want to use the new ConfigureDefender (Warn settings for ASR rules). Bearing in mind your problems with the new version, you can simply use the standalone ConfigureDefender and rename/copy/replace the ConfigureDefender binary in the H_C (ConfigureDefender_x64.exe or ConfigureDefender_x86.exe).
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
There would be no difference. There is no need to use ver. 6.0.0.0 except if you want to use the new ConfigureDefender (Warn settings for ASR rules). Bearing in mind your problems with the new version, you can simply use the standalone ConfigureDefender and rename/copy/replace the ConfigureDefender binary in the H_C (ConfigureDefender_x64.exe or ConfigureDefender_x86.exe).
Thanks. That's what I'll do.
 
  • Like
Reactions: Andy Ful

Sadekatwan

New Member
Oct 31, 2021
1
Hard_Configurator ver. 6.0.0.0 (stable):

Changelog (changes from ver. 5.1.1.2):
  1. Introduced two color-changing buttons. When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON Restrictions> change the background color from green to blue.
  2. Fixed some minor bugs.
  3. Added finger.exe to blocked sponsors and also to the H_C Enhanced profiles.
  4. Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, Microsoft.Workflow.Compiler, mscorsvw, ngen, ngentask, vbc.
  5. Added SLK and ELF file extensions to the default protected extensions in SRP and RunBySmartscreen.
  6. Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be used especially on the older Windows versions to improve post-exploitation protection on default Admin account. This switch should be used only by very experienced users.
  7. New version of ConfigureDefender:
    - Added some useful information to the Help and manual.
    - Added "Send All" setting to Automatic Sample Submission.
    - Updated ASR rules (1 new rule added).
    - Added the Warn mode to ASR rules.
    - Added INTERACTIVE Protection Level which uses ASR rules set to Warn.
    - Added the <Info> button next to the Protection Levels buttons. It displays information about which
    settings are enabled in DEFAULT, HIGH, INTERACTIVE, and MAX Protection Levels.
    - Redesigned slightly the layout of the Exploit Guard section.
    - Added support for event Id=1120.
    - Added CFA setting BDMO = Block Disk Modifications Only - folders will not be protected, but some
    important disk sectors will be still protected (Id = 1127).
  8. Added support for Windows 11.
I am seeing repeated warnings from the H_C and I don't use any other SRP applications
 

Attachments

  • Imagepipe_0.jpg
    Imagepipe_0.jpg
    35.4 KB · Views: 163
  • Like
Reactions: Gandalf_The_Grey

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I am seeing repeated warnings from the H_C and I don't use any other SRP applications

This option is shown when H_C is run normally (without "-p" switch). It detects SRP enforcement which restricts all users including administrators. It can block processes with high privileges. Such enforcement can be leftover of the application that silently used SRP or can be caused by using GPO. This enforcement can be also applied by running H_C with "-p" switch.
What option do you choose when seeing this alert?
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Are command lines for running H_C in the help files? I looked. Maybe I missed them.
The possibility of using "-p" switch is explained in the H_C manual (Enforcement for 'All users' ...) and in the changelog.(y)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I am working on some improvements in FirewallHardening.

1636370782364.png


  1. Added bitsadmin.exe to the BlockList. Its standard job cannot be blocked by Windows Firewall (uses BITS service). Windows Firewall can block Bitsadmin connections if it is abused by code injection and malicious code calls home by using other methods (non-BITS). But, I have never seen/heard about such malware - all use the standard Bitsadmin job to download malware.
    FirewallHardening will prevent the execution of bitsadmin.exe by using Exploit Protection, so both standard and abused Bitsadmin will not work.
  2. Added <Load> and <Save> buttons. They can be used to save, load, update the BlockList.

The events related to bitsadmin.exe can be visible in FirewallHardening Log:

1636371300732.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top