- Mar 29, 2018
- 7,698
ConfigureDefender and all of Andy's apps are available separately, e.g. Document Anti-Exploit, etc.I have Hard_Configurator mainly for ConfigureDefender,
ConfigureDefender and all of Andy's apps are available separately, e.g. Document Anti-Exploit, etc.I have Hard_Configurator mainly for ConfigureDefender,
I let Andy answer that, but again this does nothing for you when you don't have Adobe reader and MS Office installed.I had no alerts. If I don't have Adobe or Office installed, should the GUI still open?
Yes.I had no alerts. If I don't have Adobe or Office installed, should the GUI still open?
I appreciate it very much. Thank you @Andy FulSimple Windows Hardening manual:
https://github.com/AndyFul/Hard_Con...rdening/Simple Windows Hardening - Manual.pdf
It is recommended in the below cases:@Andy Ful is the standalone Documents Anti Exploit needed when using Simple Windows Hardening?
Okay, a short while ago I started using this software program ...
Now till yesterday there where no problems between it and other software. Well there still is not a real problem, what I discovered is actually more annoying then a problem.
I use Soft Organizer PRO ( A GoTD from last year. ) and it has a lifetime license. ( But no upgrades as is often the case with GoTD's. )
This is it's website: Soft Organizer 8.18 - Free Program Uninstallation Utility (chemtable.com)
I really like Soft Organizer for installing and de-installing software. It simple works the best in my opinion. Today I had to de-install and re-install PrivaZer for some reason, so I tried to start up Soft Organizer PRO ... but Simple Windows hardening stopped it from starting up. Now Simple Windows Hardening has a whitelist option, so I added Soft Organizer to the Whitelist. ( Both by folder and after that by file, I even tried both at once? ) But Simple Windows Hardening still does not allow Soft Organizer to start ... even though I can use Soft Organizer to install software without a problem?
Now I can temporarily stop SWH and then restart it after de-installing a piece of software ( Which I did for PrivaZer today. ) but I am not sure why SWH still does not allow me to start Soft Organizer PRO after I placed it on the Whitelist? ( Am I doing something wrong here? ) And yeah there are other software programs that can help with de-installing software ... like Revo-Uninstaller, BC Uninstaller and IOBit Uninstaller to name a few. But in my opinion none of those are able to remove remaining traces of software as good as Soft Organizer can after de-installing a piece of software. ( Especially not when you installed that software with Soft Organizer before. )
Is there any one who has an idea about this annoying thing I mentioned above?
HI,Okay, a short while ago I started using this software program ...
Now till yesterday there where no problems between it and other software. Well there still is not a real problem, what I discovered is actually more annoying then a problem.
I use Soft Organizer PRO ( A GoTD from last year. ) and it has a lifetime license. ( But no upgrades as is often the case with GoTD's. )
This is it's website: Soft Organizer 8.18 - Free Program Uninstallation Utility (chemtable.com)
I really like Soft Organizer for installing and de-installing software. It simple works the best in my opinion. Today I had to de-install and re-install PrivaZer for some reason, so I tried to start up Soft Organizer PRO ... but Simple Windows hardening stopped it from starting up. Now Simple Windows Hardening has a whitelist option, so I added Soft Organizer to the Whitelist. ( Both by folder and after that by file, I even tried both at once? ) But Simple Windows Hardening still does not allow Soft Organizer to start ... even though I can use Soft Organizer to install software without a problem?
Now I can temporarily stop SWH and then restart it after de-installing a piece of software ( Which I did for PrivaZer today. ) but I am not sure why SWH still does not allow me to start Soft Organizer PRO after I placed it on the Whitelist? ( Am I doing something wrong here? ) And yeah there are other software programs that can help with de-installing software ... like Revo-Uninstaller, BC Uninstaller and IOBit Uninstaller to name a few. But in my opinion none of those are able to remove remaining traces of software as good as Soft Organizer can after de-installing a piece of software. ( Especially not when you installed that software with Soft Organizer before. )
Is there any one who has an idea about this annoying thing I mentioned above?
Thank you for testing it out.HI,
There is no need to whitelist the Application executables (*.exe and *.dll files) because they are already allowed by SWH. If the Application is blocked then another file (required by the application) is probably blocked by SWH. The details should be visible when you look into the log of blocked events (the blue <View Blocked Events> button).
Whitelisting the Application folder (like you did) can usually solve the blocking issue.
I installed the Soft Organizer 8.18. The installation was done without a problem. I can start the application without any whitelisting and successfully uninstalled 2 applications without any problem (no whitelisting required). Please post the info from the log of <View Blocked Events> .
I will also install Privazer soon, to see if it can be an issue.
Please look into the SWH manual (Windows Hardening, pages 8-9)How many scenarios are blocked if I only use the Windows Hardening part of SWH and block MSHTA.exe with my firewall?
Yes. Windows Script Host and PowerShell scripts can also be blocked (by Administrator Policies) when setting *Admin Windows Script Host* and *Admin PowerShell Scripts* to Restricted. So, this will enhance the protection of most AVs. But, these options and all others available via <Windows Hardening> do not use SRP, so the blocked files cannot be whitelisted. If @Morro would use these settings he could not start Soft Organizer via AppLaunch.vbs .I've read page 8-9. Most scenarios use Windows Script Host and PowerShell Scripts; Windows Hardening in SWH restrict those Scripts. So my antivirus protection would be enhanced just by using Windows Hardening. Am I right?
I Installed & configured Privazer 4.0.17 and made a disk clean up. I noticed that Privazer did also run the Windows built-in cleanup application. After the cleanup, Soft Organizer stopped working properly - I could not use it via the icon from the taskbar notification area. But, I still could use it from the desktop. Uninstalled Privazer without problems. No whitelisting required. After reinstalling Soft Organizer it works properly.
The blocked entry is a VBS script (blocked by SRP). This file is absent in my installation probably because it is a free version.
PS.
You can edit your post and remove the blocked path (for privacy).
After researching the recent development of attacks via weaponized documents I must change my recomendation for using the DocumentsAntiExploit tool. In the last year, the attack techniques not related to VBA macros became more and more popular, especially in weaponized Excel documents. These techniques are not well detected by AVs and not fully covered by AMSI and ASR rules in WD. So, I recommend using DocumentsAntiExploit tool with ON2 setting to enhance the protection of MS Office.It is recommended in the below cases:
The standalone Documents Anti-Exploit does not disable VBA for MS Office applications, but only in MS Office documents. It also applies some additional policies that can protect the user when ASR rules are not enabled.
- MS Office version is installed which is not supported by Microsoft and WD ASR rules are not enabled.
- The MS Office hardening from SWH is too restrictive and cannot be applied.
I'm using SWH. Is DocumentsAntiExploit tool in SWH? I thought I saw it inside SWH. Or needs to be used independently. If it's the latter where to download the standalone version? BTW, what is ON2?After researching the recent development of attacks via weaponized documents I must change my recomendation for using the DocumentsAntiExploit tool. In the last year, the attack techniques not related to VBA macros became more and more popular, especially in weaponized Excel documents. These techniques are not well detected by AVs and not fully covered by AMSI and ASR rules in WD. So, I recommend using DocumentsAntiExploit tool with ON2 setting to enhance the protection of MS Office.