Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Lenny_Fox" data-source="post: 953367" data-attributes="member: 82776"><p>This weekend I replaced the desktop of an aunt from Windows7 to Windows10. Because NVT SysHardener is not maintained I decided to use Hard_Configurator to replace SysHardener with following settings:</p><p></p><p><strong>Default allow SRP with some hardening:</strong></p><p>- blocking scripts sponsors</p><p>- protecting Windows folders</p><p>- documents Anti-Exploit (VBA)</p><p>- protect mail clients</p><p>- harden SMB</p><p>- elevate only signed programs</p><p>- disable Windows Script</p><p>- block powershell scripts</p><p></p><p><strong>Additional manual hardening</strong></p><p>Furthermore I disabled command and scripts with registry editor. I also disable mshta.exe by enabling all possible Exploit Protections in MD app& browser control plus I enable code integrity guard for Explorer and Edge. In the Firewall rules I enable blocking all sponsors except explorer.exe (I thought that Explorer needs outbound connection for smart screen?). I also set Configure_Defender on Max.</p><p></p><p><strong>Question to [USER=32260]@Andy Ful[/USER]</strong></p><p>Would you please make disabling commands and scripts an extra option in the MORE ... (right column hardening of H_C). By hiding this in the MORE hardening options, you could set it default to enabled. I know disabling command should only be done on a Vanilla Windows10 install (no need for third party to enable stuff through commands). I have disabled cmd.exe since Microsoft replaced it as default command shell (<a href="https://support.microsoft.com/en-us/windows/powershell-is-replacing-command-prompt-fdb690cf-876c-d866-2124-21b6fb29a45f" target="_blank">link</a>).</p><p></p><p></p><p>P.S.</p><p>I always install a cheap digital license Office Home&Student version. MD with the ASR rules enabled by ConfigureDefender is in my opinion the best anti-virus for use with M$Office.</p></blockquote><p></p>
[QUOTE="Lenny_Fox, post: 953367, member: 82776"] This weekend I replaced the desktop of an aunt from Windows7 to Windows10. Because NVT SysHardener is not maintained I decided to use Hard_Configurator to replace SysHardener with following settings: [B]Default allow SRP with some hardening:[/B] - blocking scripts sponsors - protecting Windows folders - documents Anti-Exploit (VBA) - protect mail clients - harden SMB - elevate only signed programs - disable Windows Script - block powershell scripts [B]Additional manual hardening[/B] Furthermore I disabled command and scripts with registry editor. I also disable mshta.exe by enabling all possible Exploit Protections in MD app& browser control plus I enable code integrity guard for Explorer and Edge. In the Firewall rules I enable blocking all sponsors except explorer.exe (I thought that Explorer needs outbound connection for smart screen?). I also set Configure_Defender on Max. [B]Question to [USER=32260]@Andy Ful[/USER][/B] Would you please make disabling commands and scripts an extra option in the MORE ... (right column hardening of H_C). By hiding this in the MORE hardening options, you could set it default to enabled. I know disabling command should only be done on a Vanilla Windows10 install (no need for third party to enable stuff through commands). I have disabled cmd.exe since Microsoft replaced it as default command shell ([URL='https://support.microsoft.com/en-us/windows/powershell-is-replacing-command-prompt-fdb690cf-876c-d866-2124-21b6fb29a45f']link[/URL]). P.S. I always install a cheap digital license Office Home&Student version. MD with the ASR rules enabled by ConfigureDefender is in my opinion the best anti-virus for use with M$Office. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
