Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 796182" data-attributes="member: 32260"><p><strong>Hardening SysHardener with SRP on SUA.</strong></p><p></p><p><strong>SysHardener is a very capable application, and I usually advise it to the users, because it is the simplest way to block/restrict VBScript, JScript, and PowerShell.</strong></p><p>Other settings can be useful but not so important. SysHardener can also apply 'UAC deny elevation of unsigned' (Only Elevate Executables that are Signed and Validated). Yet, this feature is not especially popular, because it will block most application installers and can block some already installed applications. Several SysHardener settings are Windows defaults - that can be useful when they were changed accidentally or by malicious actions.</p><p></p><p>SysHardener with some additional (non-default) settings for: 'UAC deny elevation of unsigned', PowerShell, remote features, SMBv1, Linux subsystem, REG - JAR - BAT extensions, HomeGroup, BitsAdmin, Regsvr32.exe, and Rundll32.exe, can be a valuable and pretty usable hardening on SUA (fewer UAC bypasses as compared to Admin account). It will be also OK on Admin account, and there is a catch. The section 'Vulnerable Software Tweaks' works well only on Admin account - those tweaks do not work on SUA!</p><p>So, another tool has to be used for hardening those applications on SUA, especially for MS Office and Adobe Acrobat Reader.</p><p></p><p>If one wants to install the new application, then he/she can simply run SysHardener, untick the option 'Only Elevate Executables that are Signed and Validated', apply changes (reboot), make the installation, run SysHaredener again, tick 'Only Elevate Executables that are Signed and Validated', apply changes (reboot). It is simple, but not especially convenient when someone installs applications frequently.</p><p></p><p><strong>But, where is the place for SRP?</strong></p><ol> <li data-xf-list-type="ol"><strong>Add more entries for dangerous file extensions (CHM, CPL, several kinds of shortcuts, etc.). Shortcuts could be whitelisted in some predefined locations (like desktop, Start Menu) and blocked by default in other locations.</strong></li> <li data-xf-list-type="ol"><strong>Block files with double extensions, like: *.docx.exe, *.avi.exe, *.txt.exe, etc.</strong></li> <li data-xf-list-type="ol"><strong>Block powershell.exe and powershell_ise.exe to stop some PowerShell techniques that can bypass Constrained Language mode (this could be done also by non-SRP tweak).</strong></li> <li data-xf-list-type="ol"><strong>Whitelist by default, the script execution (VBScript, JScript) and dangerous file extensions in Windows and Program Files folders.</strong></li> </ol><p><strong>One can additionally disable Remote Registry and Remote Shell, like in H_C (non-SRP tweak).</strong></p><p>Some users would like to block also several sponsors via SRP.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 796182, member: 32260"] [B]Hardening SysHardener with SRP on SUA.[/B] [B]SysHardener is a very capable application, and I usually advise it to the users, because it is the simplest way to block/restrict VBScript, JScript, and PowerShell.[/B] Other settings can be useful but not so important. SysHardener can also apply 'UAC deny elevation of unsigned' (Only Elevate Executables that are Signed and Validated). Yet, this feature is not especially popular, because it will block most application installers and can block some already installed applications. Several SysHardener settings are Windows defaults - that can be useful when they were changed accidentally or by malicious actions. SysHardener with some additional (non-default) settings for: 'UAC deny elevation of unsigned', PowerShell, remote features, SMBv1, Linux subsystem, REG - JAR - BAT extensions, HomeGroup, BitsAdmin, Regsvr32.exe, and Rundll32.exe, can be a valuable and pretty usable hardening on SUA (fewer UAC bypasses as compared to Admin account). It will be also OK on Admin account, and there is a catch. The section 'Vulnerable Software Tweaks' works well only on Admin account - those tweaks do not work on SUA! So, another tool has to be used for hardening those applications on SUA, especially for MS Office and Adobe Acrobat Reader. If one wants to install the new application, then he/she can simply run SysHardener, untick the option 'Only Elevate Executables that are Signed and Validated', apply changes (reboot), make the installation, run SysHaredener again, tick 'Only Elevate Executables that are Signed and Validated', apply changes (reboot). It is simple, but not especially convenient when someone installs applications frequently. [B]But, where is the place for SRP?[/B] [LIST=1] [*][B]Add more entries for dangerous file extensions (CHM, CPL, several kinds of shortcuts, etc.). Shortcuts could be whitelisted in some predefined locations (like desktop, Start Menu) and blocked by default in other locations.[/B] [*][B]Block files with double extensions, like: *.docx.exe, *.avi.exe, *.txt.exe, etc.[/B] [*][B]Block powershell.exe and powershell_ise.exe to stop some PowerShell techniques that can bypass Constrained Language mode (this could be done also by non-SRP tweak).[/B] [*][B]Whitelist by default, the script execution (VBScript, JScript) and dangerous file extensions in Windows and Program Files folders.[/B] [/LIST] [B]One can additionally disable Remote Registry and Remote Shell, like in H_C (non-SRP tweak).[/B] Some users would like to block also several sponsors via SRP. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
