Andy Ful

Level 60
Verified
Trusted
Content Creator
ransomoff had this extension blocking ability , but they took it off for further develop wich is sad

I guess i give this a go anytime soon, maybe it might be bit painfull whitelisting specific games, but only hurts once(y)
Most games should install/run/update without whitelisting. From my experience, some blocks are expected if the application uses .bin or .dat files (and scripts of course). The less-painful method is simply whitelisting the game folder.
 

ashledombos

New Member
Hello @Andy Ful and all the malwaretips team.
Thanks for this software, especially for making it FOSS. The only equivalent I knew util recently was Simple SRP, but it's getting outdated.
Amongst several environments I have to manage, I have a FabLab which needs to be set up automatically (thanks to Samba 4 GPO and WAPT, a Python suite for deploying software). The idea is to activate it by default, but let local admin be quite autonomous with the tools (it's a FabLab, so they must also put their hands under the hood).
So I let a copy of SWH on the local storage, but, as mentioned, would like it to be enabled by default. I was wondering if there was an argument (switch) to execute the program silently (or at least to close the windows immediately)
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
...
So I let a copy of SWH on the local storage, but, as mentioned, would like it to be enabled by default. I was wondering if there was an argument (switch) to execute the program silently (or at least to close the windows immediately)
I am not sure if I understand you correctly. The SWH is required to be run only once and then you can close it. After that, SWH is not required - the real-time protection comes from Windows native processes. You can run SWH again if you want to adjust/switch OFF/switch ON/remove the settings.
Most SSRP configs apply restrictions on EXE and MSI files, so you have to pay attention to these files, because they are not restricted in SWH. The configs similar to those used in SSRP can be applied via Hard_Configurator (Strict or Recommended settings).
 
Last edited:

ashledombos

New Member
The SWH is required to be run only once and then you can close it. After that, SWH is not required - the real-time protection comes from Windows native processes. You can run SWH again if you want to adjust/switch OFF/switch ON/remove the settings.
Yes I understood that, in fact I just wanted to know if there was a way to execute "run/activate then close HSW" in a single command line. Sorry for not having been clear!
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
Yes I understood that, in fact I just wanted to know if there was a way to execute "run/activate then close HSW" in a single command line. Sorry for not having been clear!
Understand. No, it is not possible. In this way, the attacker could use it as LOLBin to remove silently some advanced SRP settings or advanced Hard_Configurator settings.
 

Andy Ful

Level 60
Verified
Trusted
Content Creator

brigantes

Level 1
Simple Windows Hardening ver. 1.0.0.2
https://github.com/AndyFul/Hard_Con... Windows Hardening/SimpleWindowsHardening.exe

Only some minor improvements. This version should work well with RunBySmartscreen, FirewallHardening, ConfigureDefender, and DocumentsAntiExploit tools. These portable standalone tools are available as H_C_HardeningTools:
https://github.com/AndyFul/ConfigureDefender/blob/master/H_C_HardeningTools.zip
This is sooooo amazing. Other vendors should follow your style of simplicity instead of product bloat and weakness.
 

Decopi

Level 3
Hi @Andy Ful !

Firstly, thank you for your great work... kudos! Please, allow me a question:

I'm not a WD' defender user, for long time I used all kind of tweaks (I can't remember all of them), and I believe WD is totally disabled on my Windows10. But for unknown reasons, smartscreen seems to be active in my system (at TaskManager I can see the exe process working), however for years I saw zero smartscreen alerts. Well, for bad or for good, this is my WD' current situation : )

In the other hand (and one of the reasons I disabled WD), I have CruelComodo (I tested it several times, and never had a problem in the last years). I disabled UAC, because is not fully compatible with CruelComodo. But I use SysHardener because is compatible with CruelComodo, because is "plug-and-play" (doesn't need a tutorial), and mainly because SysHardener hasn't negative impact in my hardware.

In this context above, I wonder if you (please) can help me, about what software I can use from your GitHub' repo, but compatible with CruelComodo + Syshardener + No WD + No UAC.

Thank you in advance!
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
Thanks @Andy Ful . I'll test everything.
PS: You may want to know, of course it might be a false positive, but Cylance blocks your H_C_HardeningTools.zip . At virustotal, a total of 7 engines (including Bitdefender) detected something in same file: VirusTotal
Interesting. It is Bitdefender's false positive. I have to investigate why it is so.

Edit.
Sample sent to whitelisting. We will see the effect after some days.
 
Last edited:

blackice

Level 27
Verified
Interesting. It is Bitdefender's false positive. I have to investigate why it is so.

Edit.
Sample sent to whitelisting. We will see the effect after some days.
Bitdefender always quarantines your tools when it runs an initial scan. I just add an exception and move on, apologies for not giving you a heads up. It’s happened with Sophos as well, but that was many months ago. I figured a lot of AVs did since it touches WD settings.
 
Top