Q&A How to whitelist HBit from Simple Windows Hardening ?

EascapenMatrix

Level 1
Thread author
Apr 25, 2022
14
I am unable to use HBit Uninstaller after turning on block unsigned executables on SWH , When I turn the option off it works , is there any way to use it without turning off that option .



I tried whitelisting the path of executable and even the full folder in SWH but unable to stop that issue from occurring again.

1653493838147.png
1653494359454.png
1653494606516.png
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,077
It is related to the option *Elevation of unsigned executables* set to Restricted. This is a non-default setting that should be used when the installed applications are digitally signed or come from Microsoft Store. If not then it is not especially convenient.

1653498150041.png


This Windows UAC feature does not support whitelisting. The blocked executable HiBitUninstaller.exe is blocked because it is unsigned and requires high privileges.
You can whitelist only blocks related to SRP and some blocks related to PowerShell. These blocks can be seen after using <View Blocked Events>.

Edit.
Whitelisting EXE files in SWH is not needed because all EXE files (and also MSI files) are already whitelisted by default. Whitelisting can make sense only for other file types. Before whitelisting it is good to use first the <View Blocked Events> (can save much time and effort).(y)
 
Last edited:

EascapenMatrix

Level 1
Thread author
Apr 25, 2022
14
It is related to the option *Elevation of unsigned executables* set to Restricted. This is a non-default setting that should be used when the installed applications are digitally signed or come from Microsoft Store. If not then it is not especially convenient.

View attachment 266936

This Windows UAC feature does not support whitelisting. The blocked executable HiBitUninstaller.exe is blocked because it is unsigned and requires high privileges.
You can whitelist only blocks related to SRP and some blocks related to PowerShell. These blocks can be seen after using <View Blocked Events>.

Edit.
Whitelisting EXE files in SWH is not needed because all EXE files (and also MSI files) are already whitelisted by default. Whitelisting can make sense only for other file types. Before whitelisting it is good to use first the <View Blocked Events> (can save much time and effort).(y)
Thanks , for the info . I hope that there is any way to whitelist for UAC . No problem !