Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 792071" data-attributes="member: 32260"><p>When installing H_C, the user will be asked to uninstall Bash (Linux subsystem) and PowerShell 2.0. The user will be also asked to make the System Restore Point separately of whitelisting Autoruns entries (useful when roll up software is installed). Those improvements were proposed/discussed by [USER=56349]@Lockdown[/USER] and [USER=37647]@shmu26[/USER].</p><p></p><p>I am working/playing for some time with the mix of H_C and SysHardener. It is called Casual User Protection (CUP), and will be similar to the H_C profile for Avast Hardened Aggressive mode (EXE and TMP files allowed). The CUP is similar to the idea of Simple Stupid Security.</p><p><a href="https://malwaretips.com/threads/simple-stupid-security-vs-free-av.88193/" target="_blank">Q&A - Simple Stupid Security vs. free AV</a></p><p>For now I plan 5 options:</p><p><SmartScreen></p><p><Casual User Protection></p><p><Windows Defender high settings></p><p><Firewall hardening></p><p><Blocked Interpreters Log></p><p></p><p>The applied restrictions:</p><ol> <li data-xf-list-type="ol">SmartScreen set to Block + installation of RunBySmartScreen.</li> <li data-xf-list-type="ol">SRP default-deny. Allowed EXE, TMP, and MSI (.msi --> changed file association Msi.Package -> RunBySmartScreen).</li> <li data-xf-list-type="ol">Documents Anti-Exploit (blocked macros in MS Office and Adobe Acrobat Reader XI/DC hardening.</li> <li data-xf-list-type="ol">Blocked Outbound & Inbound Internet connections for predefined not blocked Interpreters: mshta.exe, hh.exe, mmc.exe, etc. and some other system executables like bitsadmin.exe, etc.</li> <li data-xf-list-type="ol">Blocked Outbound & Inbound Internet connections for predefined vulnerable applications: MS Office, Adobe Acrobat Reader, etc.</li> <li data-xf-list-type="ol">PowerShell set to Constrained Language Mode (PSLockdown policy) + Blocked script exec + blocked by path powershell.exe and powershell_ise.exe via HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.</li> <li data-xf-list-type="ol">Blocked Windows Script Host (registry tweak) + blocked wscript.exe, cscript.exe via 'Image File Execution Options' (for logging).</li> <li data-xf-list-type="ol">Blocked: SMB protocols,Remote Desktop, Remote Assistance, Remote Registry, and Remote Shell.</li> <li data-xf-list-type="ol">Uninstall PowerShell 2.0 and Bash (if installed).</li> <li data-xf-list-type="ol">Change the network profile to Public.</li> </ol><p>The options 1-7 can be turned ON/OFF without Logging Off.</p><p>Points 7-10 and RunBySmartScreen are applied when installing CUP, and set to default Windows settings when uninstalling.</p><p>The user can use the last option (<Blocked Interpreters Log>), to check if any Windows script or PowerShell command were blocked. If nothing important is blocked, then the CUP settings can be safely applied.</p><p></p><p>I am experimenting with CUP - I am not quite sure, if such application will be useful. We will see.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 792071, member: 32260"] When installing H_C, the user will be asked to uninstall Bash (Linux subsystem) and PowerShell 2.0. The user will be also asked to make the System Restore Point separately of whitelisting Autoruns entries (useful when roll up software is installed). Those improvements were proposed/discussed by [USER=56349]@Lockdown[/USER] and [USER=37647]@shmu26[/USER]. I am working/playing for some time with the mix of H_C and SysHardener. It is called Casual User Protection (CUP), and will be similar to the H_C profile for Avast Hardened Aggressive mode (EXE and TMP files allowed). The CUP is similar to the idea of Simple Stupid Security. [URL='https://malwaretips.com/threads/simple-stupid-security-vs-free-av.88193/']Q&A - Simple Stupid Security vs. free AV[/URL] For now I plan 5 options: <SmartScreen> <Casual User Protection> <Windows Defender high settings> <Firewall hardening> <Blocked Interpreters Log> The applied restrictions: [LIST=1] [*]SmartScreen set to Block + installation of RunBySmartScreen. [*]SRP default-deny. Allowed EXE, TMP, and MSI (.msi --> changed file association Msi.Package -> RunBySmartScreen). [*]Documents Anti-Exploit (blocked macros in MS Office and Adobe Acrobat Reader XI/DC hardening. [*]Blocked Outbound & Inbound Internet connections for predefined not blocked Interpreters: mshta.exe, hh.exe, mmc.exe, etc. and some other system executables like bitsadmin.exe, etc. [*]Blocked Outbound & Inbound Internet connections for predefined vulnerable applications: MS Office, Adobe Acrobat Reader, etc. [*]PowerShell set to Constrained Language Mode (PSLockdown policy) + Blocked script exec + blocked by path powershell.exe and powershell_ise.exe via HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\. [*]Blocked Windows Script Host (registry tweak) + blocked wscript.exe, cscript.exe via 'Image File Execution Options' (for logging). [*]Blocked: SMB protocols,Remote Desktop, Remote Assistance, Remote Registry, and Remote Shell. [*]Uninstall PowerShell 2.0 and Bash (if installed). [*]Change the network profile to Public. [/LIST] The options 1-7 can be turned ON/OFF without Logging Off. Points 7-10 and RunBySmartScreen are applied when installing CUP, and set to default Windows settings when uninstalling. The user can use the last option (<Blocked Interpreters Log>), to check if any Windows script or PowerShell command were blocked. If nothing important is blocked, then the CUP settings can be safely applied. I am experimenting with CUP - I am not quite sure, if such application will be useful. We will see. [/QUOTE]
Insert quotes…
Verification
Post reply
Top