What I meant is that WDAC will be abandoned, the same as Desired State Configuration (DCS).
Some of the team developers left Microsoft and these feature development have essentially come to a stop.
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
Some of the team developers left Microsoft and these feature development have essentially come to a stop.
- Aug 19, 2019
- 1,157
Looks like 6.0.0.1 Beta hasn't been an issue for users. Reverting to MD & Hard_Configurator configuration 
- Aug 19, 2019
- 1,157
Silly question but I installed a game on the D: Partition of my drive (1TB split in two) and I see SRP blocking access. Is the simpliest option to whitelist Launcher.exe or the game folder?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
The simplest solution will always be whitelisting the folder.
- Aug 19, 2019
- 1,157
- Nov 8, 2016
- 574
@Andy Ful this screen is not clear to me. The text seems to indicate that the program may be run (as "the file will be executes from another location without loading dll") but the "run anyway" indicates the opposite (as the the file would be executed without Install by Smartscreen).
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Yes, it should be clearer.
<RUN ANYWAY> means that the file will be run safely without loading some DLLs. In the case when these DLLs are a part of installation, it can fail. The "Warning" informs that one has to be cautious when trying to run the file normally (without using "Install By SmartScreen").
What is your suggestion?
- Nov 8, 2016
- 574
Exactly. I imagined that but i wasn't sure. Maybe because i'm not a native English speaker
Maybe "run with Smart Screen anyway" or " run with Dll restrictions".
Edit: btw, i could use the software that popped up that message worked just fine. It's good to know i could run a questionable program relatively safe.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Exactly. I imagined that but i wasn't sure. Maybe because i'm not a native English speaker
Maybe "run with Smart Screen anyway" or " run with Dll restrictions".
Edit: btw, i could use the software that popped up that message worked just fine. It's good to know i could run a questionable program relatively safe.
It seems that I already solved this problem in RunBySmartscreen, so it can be implemented in H_C:
Last edited:
- Nov 8, 2016
- 574
Truly clear now! Ty @Andy Ful
- Mar 16, 2019
- 3,862
Andy, is it possible to add MOTW to a file without executing it?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Yes. I usually use "Run By SmartScreen" with disconnected Internet. You will see the SmartScreen alert that it cannot access the SmartScreen filter, and then choose "Don't run".
You can also manually add the Alternate Data Stream. Suppose that you want to add MOTW to the file: FIle.exe
1. Create a Zone.txt file with notepad, with the content as follows (fake MOTW):
2. Put the Zone.txt and File.exe to the same folder, for example, folder c:\Zone
3. Open CMD and use the CmdLine:
4. You can test if MOTW has been added by executing the file with a disabled Internet connection.
- Aug 19, 2019
- 1,157
Just an FYI https://hard-configurator.com/ seems to be having secure connection issue. Can't remember who sorts the website out.
**note to self, learn how to do the Spoiler icon thing.
**note to self, learn how to do the Spoiler icon thing.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Yes. Something is probably wrong with SSL certificate. It seems that it has just expired and @askalan has to buy or renew it.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Hard_Configurator ver. 6.0.1.0 beta:
Version 6.0.1.0
Version 6.0.1.0
- Added several file extensions to the <Designated File Types>, mostly for MS Excel Add-ins, Query files, and some legacy file formats.
New default extensions: ACCDA, ACCDU, CSV, DQY, ECF, MDA, PA, PPA, PPAM, RTF, WLL, WWL, XLA, XLAM, XLL, XLM.
New Paranoid extensions: ACCDU, ARJ, BZIP, BZIP2, DOC, ECF, FAT, HWP, IMG, ISO, LHA, NTFS, MCL, PA, PPA, PPT, PPTX, REV, R00, R01, R02, R03, R04, R05, R06, R07, R08, R09, TBZ, TPZ, TXZ, TZ, VHD, VHDX, WLL, WWL, XAR, XIP, XLS, XLSX, XSL, XZ.
Disk image extensions: ISO, IMG, VHDX, can be blocked by SWH settings only if a 3-rd party application is set to open them (and not by Windows built-in handler). - Added new versions of DocumentsAntiExploit, RunBySmartscreen, and FirewallHardening.
- Improved policies for Adobe Acrobat Reader XI/DC.
- Corrected some minor bugs.
- Updated H_C manual and some help files.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,488
Close H_C if running. Run the H_C_6010_beta1.exe via "Install by SmartScreen".
After finishing the update several TXT files are displayed. Read carefully the displayed "Quick Configuration.txt". It includes the actions that should be taken when updating from previous versions.
- Dec 23, 2017
- 15
Developer website:
GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS
GUI to Manage Software Restriction Policies and harden Windows Home OS - AndyFul/Hard_Configuratorgithub.com
The dedicated website (thanks to @askalan):
Hard Configurator
Hard_Configurator was created after a discussion on the below treads:
https://www.wilderssecurity.com/thr...ith-lua-and-srp-even-without-ultimate.232857/
Secure Windows - Software restriction Policies to Windows Home
Windows Pro owner? Use Software Restriction Policies!
Poll - Do you use security reg tweaks?
Run by Smartscreen utility
Microsoft documentation for Software Restriction Policies (July 2021):
https://docs.microsoft.com/en-us/wi...iction-policies/software-restriction-policies
This documentation was made for Windows Server (2012, 2016, 2019, and 2022), but SRP works the same on Windows 7, 8, 8.1, and 10.
What it can do?
This program can configure Windows built-in security to harden the system. When you close Hard_Configurator it closes all its processes. The real-time protection comes from the reconfigured Windows settings. Hard_Configurator can be seen as a Medium Integrity Level smart default-deny setup, which is based on SRP + Application Reputation Service (forced SmartScreen) + Windows hardening settings (restricting vulnerable features).
Hard_Configurator makes changes in Windows Registry to accomplish the tasks enumerated below:
- Enabling Software Restriction Policies (SRP) in Windows Home editions.
- Changing SRP Security Levels, Enforcement options, and Designated File Types.
- Whitelisting files in SRP by path (also with wildcards) and by hash.
- Blocking the vulnerable system executables via SRP.
- Protecting (deny execution) writable subfolders in "C:\Windows" folder (via SRP).
- Restricting shortcut execution to some folders only (via SRP).
- Enabling Windows Defender advanced settings, like PUA protection, ASR rules, Network Protection etc.
- Blocking outbound connections of many LOLBins and user applications.
- Filtering Windows Event Log for blocked outbound connections.
- Protecting against weaponized documents, when MS Office and Adobe Acrobat Reader XI/DC are used to open them.
- Disabling PowerShell script execution (Windows 7+).
- Securing PowerShell by Constrained Language mode (SRP, PowerShell 5.0+)
- Disabling execution of scripts managed by Windows Script Host.
- Removing "Run as administrator" option from the Explorer right-click context menu.
- Forcing SmartScreen check for files without 'Mark Of The Web' (Windows 8+).
- Disabling Remote Desktop, Remote Assistance, Remote Shell, and Remote Registry.
- Disabling execution of 16-bit applications.
- Securing Shell Extensions.
- Disabling SMB protocols.
- Disabling program elevation on Standard User Account.
- Disabling Cached Logons.
- Filtering Windows Event Log for blocked file execution events (Nirsoft FullEventLogView).
- Filtering autoruns from the User Space, and script autoruns from anywhere (Sysinternals Autorunsc).
- Turning ON/OFF all the above restrictions.
- Restoring Windows Defaults.
- Making System Restore Point.
- Using predefined setting profiles for Windows 7, Windows 8, and Windows 10.
- Saving the chosen restrictions as a profile, and restoring when needed.
- Backup management for Profile Base (whitelist profiles and setting profiles).
- Changing GUI skin.
- Updating application.
- Uninstalling application (Windows defaults restored).
Many of the above tasks can be made by using Windows RegEdit. Anyway, with Hard_Configurator, it can be done more quickly and safely.
This program was created for advanced users to secure inexperienced users.
Wasn't aware this specific tool existed. Thanks for the share!
- Jul 21, 2017
- 358
Hi Andy, I installed beta 6.0.1.0 over the top of beta 6.0.0.1. I am running the basic recommended profile. Now i can't open a spreadsheet by double-clicking on it. If i open excel and then open file it works fine. The message i'm getting is:
Please advise how to unlock this.
thanks
Please advise how to unlock this.
thanks
Similar threads
-
- Sticky
