New Update Simple Windows Hardening

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
It seems that finally, the new digital certificate has gained a sufficient reputation in SmartScreen, so SimpleWindowsHardening is accepted when downloading it via Edge (SmartScreen + PUA enabled).:)
 
  • Like
  • Applause
Reactions: Stopspying, jerzy601, Jan Willy and 8 others
aldist

aldist

Level 2
Jul 22, 2020
59
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
 
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,596
aldist said:
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
Click to expand...
Running both at the same time was not a good idea either.
 
  • Like
Reactions: Protomartyr, Stopspying, JasonUK and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
aldist said:
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
Click to expand...
The intention of SWH is to make some hardening without using the H_C. The hardening is simple because it is done without asking the user about things that should be done anyway.
Most users who wants to harden the system will prefer this way, as compared to seeing unnecessary alerts.

You probably think that SWH can be used by inexperienced users. This might support your wishes about some more alerts. But, in my opinion, any sensible hardening should be done by (semi)advanced users (like many MT members). It can be useful on the computers of inexperienced users, but the configuration and occasional maintenance should be done by (semi)advanced user.

SWH does not break the H_C rules, but simply applies the settings similar to H_C's Basic Recommended Settings - all whitelisted entries are not changed.
 
Last edited:
  • Like
  • +Reputation
Reactions: Protomartyr, Stopspying, jerzy601 and 5 others
mazskolnieces

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
Andy Ful said:
But, in my opinion, any sensible hardening should be done by (semi)advanced users (like many MT members). It can be useful on the computers of inexperienced users, but the configuration and occasional maintenance should be done by (semi)advanced user.
Click to expand...

That is not a realistic scenario. Most people do not have some youngster or acquaintance that is acting as the family sysadmin with ongoing maintenance. Not only that, you are assuming that these "advanced" users will get things right, when more often than not they don't get it right.

"Advanced" users doing stuff for inexperienced users might be a phenomena amongst a very limited number of security forum members families and friends, but it is not a wider user-land trend. The impression I get from reading some of the posts here is 16 year olds doing stuff on mummy and daddy's systems or trying to do it for grandma only to have her so confused she cannot use the security or the system. Grandpa is pretty smart. He just stays away from all of it.

Ask @Evjl's Rain about his experience with all of this.
 
aldist

aldist

Level 2
Jul 22, 2020
59
oldschool said:
Running both at the same time was not a good idea either.
Click to expand...
In other words, just to see what the SWH menu looks like, should I deinstall H_C? And if I have NotePad ++ installed, then I shouldn't launch AkelPad Portable? :rolleyes:
Andy Ful said:
The intention of SWH is to make some hardening without using the H_C.
Click to expand...
Did I talk about their simultaneous use? I just want to see what the menu looks like.
Andy Ful said:
The hardening is simple because it is done without asking the user about things that should be done anyway.
Most users who wants to harden the system will prefer this way, as compared to seeing unnecessary alerts.
Click to expand...
Let me disagree with you. The vast majority of users will find it helpful to see a warning If you click Yes, the SRP hardening will be made immediately and without warning. Otherwise, click No to exit.
This will not affect simplicity in any way. It's not Windows 10, which decides for the user.
 
J

JasonUK

Level 5
Apr 14, 2020
240
The SWH manual does, to be fair, clearly state (Quick Configuration & Apply Basic Recommended Settings sections) that restrictions are automatically configured/applied when SWH is run. The opening post of this thread does too. Options can be toggled on/off or windows defaults reapplied easily enough. If someone wants to have a look at SWH there's plenty of screenshots available and it's easy enough to save H_C profile / reset H_C to Windows default if you wanted to try SWH out. Both programs change windows settings so you wouldn't layer them or other similar programs over each other unless you were prepared for potential conflicts/settings being overridden.

SWH is very straightforward to use IMHO. I found H_C was above my competence level :)
 
Last edited:
  • Like
Reactions: Protomartyr, SeriousHoax, Stopspying and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
mazskolnieces said:
That is not a realistic scenario. Most people do not have some youngster or acquaintance that is acting as the family sysadmin with ongoing maintenance.
Click to expand...
Most people do not harden Windows and should not do it. That is why I insist that basic hardening should be done by (semi)advanced users and serious hardening by advanced users. There are people who can do it and doing it via SWH is safer (also more convenient) than hardening by using reg tweaks. Many of such people can be family administrators (If they want).
mazskolnieces said:
"Advanced" users doing stuff for inexperienced users might be a phenomena amongst a very limited number of security forum members families and friends, but it is not a wider user-land trend.
Click to expand...
That is right. Is not it obvious?:unsure:
The wider user-land trend is a standard AV on default settings.(y)
 
Last edited:
  • Like
  • +Reputation
Reactions: Digmor Crusher, Protomartyr, SeriousHoax and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
aldist said:
I just want to see what the menu looks like.
Click to expand...
Please, look into the SWH manual.
Generally, I can advise you to read the application manual or available information about security-related stuff before running it. If the manual is too long or too complex, then do not use the application. In the case of SWH, nothing really happened, but you can be really surprised/disappointed when running other security stuff.

aldist said:
Let me disagree with you. The vast majority of users will find it helpful to see a warning If you click Yes, the SRP hardening will be made immediately and without warning. Otherwise, click No to exit.
This will not affect simplicity in any way. It's not Windows 10, which decides for the user.
Click to expand...
I understand your point and I am sorry. I do not sell my applications, so they are made most convenient for people who want to use them, at the expense of people who only want to look at them. In my opinion, adding the alert you have proposed is unnecessary for the first group.
 
Last edited:
  • Like
  • +Reputation
Reactions: Protomartyr, SeriousHoax, [correlate] and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
aldist said:
In other words, just to see what the SWH menu looks like, should I deinstall H_C?
...
Click to expand...
You have the luck that SWH is based on H_C and I made them compatible. So, you do not need to uninstall the H_C. Please, look into the SWH manual about details and post here if you have some questions.:) (y)
You can simply save your H_C settings (<Save Profile>) and recover them easily (<Load Profile>). If you use the Recommended Settings then simply press <Recommended Settings>.
SWH does not change ConfigureDefender settings or FirewallHardening settings. Both SWH and H_C share the whitelisted entries in SRP.
 
Last edited:
  • Like
Reactions: shmu26, Protomartyr, [correlate] and 4 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,596
aldist said:
In other words, just to see what the SWH menu looks like,
Click to expand...
In other words, this is what a curious user could do:
JasonUK said:
The SWH manual does, to be fair, clearly state (Quick Configuration & Apply Basic Recommended Settings sections) that restrictions are automatically configured/applied when SWH is run. The opening post of this thread does too. Options can be toggled on/off or windows defaults reapplied easily enough. If someone wants to have a look at SWH there's plenty of screenshots available and it's easy enough to save H_C profile / reset H_C to Windows default if you wanted to try SWH out. Both programs change windows settings so you wouldn't layer them or other similar programs over each other unless you were prepared for potential conflicts/settings being overridden.
Click to expand...
 
  • Like
Reactions: Digmor Crusher, [correlate], Protomartyr and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
aldist said:
Simple Windows Hardening is this not what it was announced as a Casual User Protection? Or hasn't there been an CUP release yet?
Click to expand...
CUP has not been released yet. It will probably look like:

CUP5.png


CUP4.png


Similar to SWH but it will allow downloading predefined setting profiles:
SRP Level 0 - 3 (default allow, globally allowed EXE/MSI, EXE/MSI allowed in ProgramData and AppData, EXE/MSI blocked).
SWH restrictions are similar to CUP with SRP Level 1 and 0 Sponsors.
I will finish it this year.
 
  • Like
  • Wow
Reactions: Protomartyr, harlan4096, silversurfer and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Semlr said:
I tried to use it, but got an error message:
View attachment 244996

Any suggestions?
It is a fresh virtual machine, running the latest Windows 10.

Best regards
Click to expand...
Thanks for reporting. It looks like some kind of incompatibility with Autoit - probably related to the virtual machine.
Did anyone had this issue on the real system? I tried to reproduce this issue on my Windows Pro ver. 2004 compilation 19041.388, but SWH works without any issues.:unsure:
 
  • Like
Reactions: [correlate], Protomartyr, oldschool and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
@Semlr,
Could you please test if this issue is also present for some other applications:
github.com

Hard_Configurator/Hard_Configurator_setup_5.1.1.2.exe at master · AndyFul/Hard_Configurator

GUI to Manage Software Restriction Policies and harden Windows Home OS - Hard_Configurator/Hard_Configurator_setup_5.1.1.2.exe at master · AndyFul/Hard_Configurator
github.com github.com
github.com

ConfigureDefender/H_C_HardeningTools.zip at master · AndyFul/ConfigureDefender

Utility for configuring Windows 10 built-in Defender antivirus settings. - ConfigureDefender/H_C_HardeningTools.zip at master · AndyFul/ConfigureDefender
github.com github.com
Thank you.

What version of a virtual machine do you use?
 
  • Like
Reactions: [correlate], Protomartyr, Gandalf_The_Grey and 1 other person

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,430
Hard_Configurator Tools
South Park
South Park
Gandalf_The_Grey
    • Like
    • Hundred Points
New Update Patch Tuesday update (KB5041571) hits Copilot+ PCs running Windows 11 24H2
Replies
0
Views
293
Windows 11
Gandalf_The_Grey
Gandalf_The_Grey
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,111
Hard_Configurator Tools
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top