Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 762439" data-attributes="member: 32260"><p>I am still working on the <Documents Anti-Exploit> feature.</p><p>In the present form, it is a mix of system-wide and non-system-wide settings, which is too complicated for the simple ON/OFF button. Furthermore, the rest Hard_Configurator ON/OFF settings are system-wide. When the user wants to recover Windows defaults he/she has to use <Restore Windows Defaults> button and additionally log ON to every Administrator account to set <Documents Anti-Exploit> = OFF (also before uninstalling).</p><p></p><p>MS Office restrictions can be introduced in three ways:</p><ol> <li data-xf-list-type="ol"><span style="color: rgb(0, 168, 133)"><strong>System-Wide for all accounts (HKLM Registry Hive) - require Admin Rights.</strong></span></li> <li data-xf-list-type="ol"><span style="color: rgb(85, 57, 130)"><strong>Non-System-Wide Administrator Policies for the current account (HKU\SID Hive) - require Admin Rights.</strong></span></li> <li data-xf-list-type="ol"><strong>Non-System-Wide for the current account (HKU\SID Hive). Those settings overwrite the present settings configured from within MS Office applications.</strong></li> </ol><p>The settings introduced via all 3 ways do not overwrite each other.</p><p>The first two do not also overwrite the actual MS Office settings, cannot be modified from within MS Office applications and cannot be modified by the malware running as standard user.</p><p>All three ways may be useful for the users in different variants.</p><p></p><p>I have an idea of splitting <Documents Anti-Exploit> feature between two applications to properly manage the above and avoid mentioned issues.</p><p></p><p>In Hard_Configurator only System-Wide settings (<span style="color: rgb(0, 168, 133)"><strong>point 1.</strong></span>) will be applied for all accounts (disable/enable VBA interpreter and Adobe Reader XI/DC restrictions). So, there will not be a problem to <Restore Windows Defaults> or uninstall Hard_Configurator. The new option will be added for allowing/blocking the features in the SwitchDefaultDeny application.</p><p>After uninstalling Hard_Configurator, SwitchDefaultDeny application will not be uninstalled - the user still will be able to manage MS Office restrictions for any current account.</p><p></p><p>In SwitchDefaultDeny the new feature will be added: <Document Anti-Exploit for the current account> (see the attachment). This feature is intended (for now) only for MS Office restrictions (Macros in documents, DDE, ActiveX, OLE, PowerPoint Actions, etc.). They will allow four configurable settings: ON1, OFF, ON2, OFF2, and three info-settings: 'Partial', 'Dangerous', '?'.</p><p></p><p>[ATTACH=full]197142[/ATTACH]</p><p></p><p><strong>ON1</strong> - apply MS Office restrictions in HKU\SID Registry Hive (<strong>point 3.</strong>) and delete restrictions introduced via policy reg tweaks (<span style="color: rgb(85, 57, 130)"><strong>point 2.</strong></span>). The ON1 settings overwrite the settings initially introduced when using MS Office applications. But, they can be also modified from within MS Office applications. So, this setting can be useful for advanced users and non-happy-clickers.</p><p></p><p><strong>ON2</strong> - apply MS Office restrictions in HKU\SID Registry Hive via policy reg-tweaks (<span style="color: rgb(85, 57, 130)"><strong>point 2.</strong></span>). This setting can be useful for protecting happy-clickers or inexperienced users, because the settings are locked by administrator.</p><p></p><p><strong>OFF2</strong> - delete all MS Office restrictions introduced via policy reg-tweaks, but do not delete the settings initially introduced when using MS Office applications or via ON1.</p><p></p><p><strong>OFF</strong> - delete all MS Office restrictions, so MS Office is set on default settings.</p><p></p><p>The info settings ('Partial', 'Dangerous', '?') will be displayed when the user applied non-standard settings from within MS Office applications or via an external program.</p><p>For protecting the inexperienced user, <Document Anti-Exploit for the current account> should be set to ON2 on the user account, and then disabled for modification in Hard_Configurator.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 762439, member: 32260"] I am still working on the <Documents Anti-Exploit> feature. In the present form, it is a mix of system-wide and non-system-wide settings, which is too complicated for the simple ON/OFF button. Furthermore, the rest Hard_Configurator ON/OFF settings are system-wide. When the user wants to recover Windows defaults he/she has to use <Restore Windows Defaults> button and additionally log ON to every Administrator account to set <Documents Anti-Exploit> = OFF (also before uninstalling). MS Office restrictions can be introduced in three ways: [LIST=1] [*][COLOR=rgb(0, 168, 133)][B]System-Wide for all accounts (HKLM Registry Hive) - require Admin Rights.[/B][/COLOR] [*][COLOR=rgb(85, 57, 130)][B]Non-System-Wide Administrator Policies for the current account (HKU\SID Hive) - require Admin Rights.[/B][/COLOR] [*][B]Non-System-Wide for the current account (HKU\SID Hive). Those settings overwrite the present settings configured from within MS Office applications.[/B] [/LIST] The settings introduced via all 3 ways do not overwrite each other. The first two do not also overwrite the actual MS Office settings, cannot be modified from within MS Office applications and cannot be modified by the malware running as standard user. All three ways may be useful for the users in different variants. I have an idea of splitting <Documents Anti-Exploit> feature between two applications to properly manage the above and avoid mentioned issues. In Hard_Configurator only System-Wide settings ([COLOR=rgb(0, 168, 133)][B]point 1.[/B][/COLOR]) will be applied for all accounts (disable/enable VBA interpreter and Adobe Reader XI/DC restrictions). So, there will not be a problem to <Restore Windows Defaults> or uninstall Hard_Configurator. The new option will be added for allowing/blocking the features in the SwitchDefaultDeny application. After uninstalling Hard_Configurator, SwitchDefaultDeny application will not be uninstalled - the user still will be able to manage MS Office restrictions for any current account. In SwitchDefaultDeny the new feature will be added: <Document Anti-Exploit for the current account> (see the attachment). This feature is intended (for now) only for MS Office restrictions (Macros in documents, DDE, ActiveX, OLE, PowerPoint Actions, etc.). They will allow four configurable settings: ON1, OFF, ON2, OFF2, and three info-settings: 'Partial', 'Dangerous', '?'. [ATTACH=full]197142[/ATTACH] [B]ON1[/B] - apply MS Office restrictions in HKU\SID Registry Hive ([B]point 3.[/B]) and delete restrictions introduced via policy reg tweaks ([COLOR=rgb(85, 57, 130)][B]point 2.[/B][/COLOR]). The ON1 settings overwrite the settings initially introduced when using MS Office applications. But, they can be also modified from within MS Office applications. So, this setting can be useful for advanced users and non-happy-clickers. [B]ON2[/B] - apply MS Office restrictions in HKU\SID Registry Hive via policy reg-tweaks ([COLOR=rgb(85, 57, 130)][B]point 2.[/B][/COLOR]). This setting can be useful for protecting happy-clickers or inexperienced users, because the settings are locked by administrator. [B]OFF2[/B] - delete all MS Office restrictions introduced via policy reg-tweaks, but do not delete the settings initially introduced when using MS Office applications or via ON1. [B]OFF[/B] - delete all MS Office restrictions, so MS Office is set on default settings. The info settings ('Partial', 'Dangerous', '?') will be displayed when the user applied non-standard settings from within MS Office applications or via an external program. For protecting the inexperienced user, <Document Anti-Exploit for the current account> should be set to ON2 on the user account, and then disabled for modification in Hard_Configurator. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
