New Update Simple Windows Hardening

[Moonhorse]

ransomoff had this extension blocking ability , but they took it off for further develop wich is sad

I guess i give this a go anytime soon, maybe it might be bit painfull whitelisting specific games, but only hurts once

 

[Andy Ful]

ransomoff had this extension blocking ability , but they took it off for further develop wich is sad

I guess i give this a go anytime soon, maybe it might be bit painfull whitelisting specific games, but only hurts once

Most games should install/run/update without whitelisting. From my experience, some blocks are expected if the application uses .bin or .dat files (and scripts of course). The less-painful method is simply whitelisting the game folder.

 

[ashledombos]

Hello @Andy Ful and all the MalwareTips team.
Thanks for this software, especially for making it FOSS. The only equivalent I knew util recently was Simple SRP, but it's getting outdated.
Amongst several environments I have to manage, I have a FabLab which needs to be set up automatically (thanks to Samba 4 GPO and WAPT, a Python suite for deploying software). The idea is to activate it by default, but let local admin be quite autonomous with the tools (it's a FabLab, so they must also put their hands under the hood).
So I let a copy of SWH on the local storage, but, as mentioned, would like it to be enabled by default. I was wondering if there was an argument (switch) to execute the program silently (or at least to close the windows immediately)

 

[Andy Ful]

...
So I let a copy of SWH on the local storage, but, as mentioned, would like it to be enabled by default. I was wondering if there was an argument (switch) to execute the program silently (or at least to close the windows immediately)

I am not sure if I understand you correctly. The SWH is required to be run only once and then you can close it. After that, SWH is not required - the real-time protection comes from Windows native processes. You can run SWH again if you want to adjust/switch OFF/switch ON/remove the settings.
Most SSRP configs apply restrictions on EXE and MSI files, so you have to pay attention to these files, because they are not restricted in SWH. The configs similar to those used in SSRP can be applied via Hard_Configurator (Strict or Recommended settings).

 

[ashledombos]

The SWH is required to be run only once and then you can close it. After that, SWH is not required - the real-time protection comes from Windows native processes. You can run SWH again if you want to adjust/switch OFF/switch ON/remove the settings.

Yes I understood that, in fact I just wanted to know if there was a way to execute "run/activate then close HSW" in a single command line. Sorry for not having been clear!

 

[Andy Ful]

Yes I understood that, in fact I just wanted to know if there was a way to execute "run/activate then close HSW" in a single command line. Sorry for not having been clear!

Understand. No, it is not possible. In this way, the attacker could use it as LOLBin to remove silently some advanced SRP settings or advanced Hard_Configurator settings.

 

[ashledombos]

Thank you for your reply, this indeed makes sense.

 

[Andy Ful]

I am working now to make SWH fully compatible with standalone RunBySmartScreen. The new version will be uploaded in a few days.

 

[Andy Ful]

Simple Windows Hardening ver. 1.0.0.2
https://github.com/AndyFul/Hard_Con... Windows Hardening/SimpleWindowsHardening.exe

Only some minor improvements. This version should work well with RunBySmartscreen, FirewallHardening, ConfigureDefender, and DocumentsAntiExploit tools. These portable standalone tools are available as H_C_HardeningTools:
https://github.com/AndyFul/ConfigureDefender/blob/master/H_C_HardeningTools.zip

 

[brigantes]

Simple Windows Hardening ver. 1.0.0.2
https://github.com/AndyFul/Hard_Con... Windows Hardening/SimpleWindowsHardening.exe

Only some minor improvements. This version should work well with RunBySmartscreen, FirewallHardening, ConfigureDefender, and DocumentsAntiExploit tools. These portable standalone tools are available as H_C_HardeningTools:
https://github.com/AndyFul/ConfigureDefender/blob/master/H_C_HardeningTools.zip

This is sooooo amazing. Other vendors should follow your style of simplicity instead of product bloat and weakness.

 

[Andy Ful]

This is sooooo amazing. Other vendors should follow your style of simplicity instead of product bloat and weakness.

Ha, ha. This simplicity is mostly to the credit of MT members. I have a rather twisted kind of simplicity that can be seen in Hard_Configurator.

 

[Decopi]

Hi @Andy Ful !

Firstly, thank you for your great work... kudos! Please, allow me a question:

I'm not a WD' defender user, for long time I used all kind of tweaks (I can't remember all of them), and I believe WD is totally disabled on my Windows10. But for unknown reasons, smartscreen seems to be active in my system (at TaskManager I can see the exe process working), however for years I saw zero smartscreen alerts. Well, for bad or for good, this is my WD' current situation : )

In the other hand (and one of the reasons I disabled WD), I have CruelComodo (I tested it several times, and never had a problem in the last years). I disabled UAC, because is not fully compatible with CruelComodo. But I use SysHardener because is compatible with CruelComodo, because is "plug-and-play" (doesn't need a tutorial), and mainly because SysHardener hasn't negative impact in my hardware.

In this context above, I wonder if you (please) can help me, about what software I can use from your GitHub' repo, but compatible with CruelComodo + Syshardener + No WD + No UAC.

Thank you in advance!

 

[Andy Ful]

...
In this context above, I wonder if you (please) can help me, about what software I can use from your GitHub' repo, but compatible with CruelComodo + Syshardener + No WD + No UAC.
...

If you like it and there are no problems, then just keep the above setup.

 

[Decopi]

If you like it and there are no problems, then just keep the above setup.

Thanks for the replay, but my question remains: Is there any software in your repo, compatible with my current context? Thanks again.

 

[Andy Ful]

Thanks for the replay, but my question remains: Is there any software in your repo, compatible with my current context? Thanks again.

Simple Windows Hardening, DocumentsAntiExploit, RunBySmartScreen (If your SmartScreen works). I do not know which of them is trusted in the CF file lookup.

 

[Decopi]

Thanks @Andy Ful . I'll test everything.
PS: You may want to know, of course it might be a false positive, but Cylance blocks your H_C_HardeningTools.zip . At virustotal, a total of 7 engines (including Bitdefender) detected something in same file: VirusTotal

 

[Andy Ful]

Thanks @Andy Ful . I'll test everything.
PS: You may want to know, of course it might be a false positive, but Cylance blocks your H_C_HardeningTools.zip . At virustotal, a total of 7 engines (including Bitdefender) detected something in same file: VirusTotal

Interesting. It is Bitdefender's false positive. I have to investigate why it is so.

Edit.
Sample sent to whitelisting. We will see the effect after some days.

 

[blackice]

Interesting. It is Bitdefender's false positive. I have to investigate why it is so.

Edit.
Sample sent to whitelisting. We will see the effect after some days.

Bitdefender always quarantines your tools when it runs an initial scan. I just add an exception and move on, apologies for not giving you a heads up. It’s happened with Sophos as well, but that was many months ago. I figured a lot of AVs did since it touches WD settings.

 

[Decopi]

Now 11 engines detected something (including Bitdefender, Emsisoft, Qihoo etc): VirusTotal

 

[harlan4096]

Not regally 11 engines, half are 1 BD + 5 clones