New Update Testing Windows Hybrid Hardening (new hardening application).

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Some conclusions about WHHLight with Smart App Control.

1701462897442.png


Surprisingly, SAC in Evaluate mode can impact the behavior of WDAC policies used in WHHLight. Without WHHLight, SAC in Evaluate mode does not block anything but asks the Microsoft Cloud about the file reputation, and writes it into the Event Log. It looks like the external (non-SAC) policies that use the ISG option can use that information, just like in the case of SmartScreen.
One of the differences between SAC and SmartScreen is that SAC allows digitally signed files with unknown reputations, and SmartScreen mostly blocks such files.
 
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: sypqys, ZeroDay, silversurfer and 6 others
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Andy Ful said:
Some conclusions about WHHLight with Smart App Control.

View attachment 279959

Surprisingly, SAC in Evaluate mode can impact the behavior of WDAC policies used in WHHLight. Without WHHLight, SAC in Evaluate mode does not block anything but asks the Microsoft Cloud about the file reputation, and writes it into the Event Log. It looks like the external (non-SAC) policies that use the ISG option can use that information, just like in the case of SmartScreen.
One of the differences between SAC and SmartScreen is that SAC allows digitally signed files with unknown reputations, and SmartScreen mostly blocks such files.
Click to expand...
So, at this point a user of WHH is better protected turning off active SAC achieved from a clean install of Windows 11 and then applying WDAC and SmartScreen protection of WHH?
 
  • Like
Reactions: [correlate], silversurfer, simmerskool and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Reldel1 said:
So, at this point a user of WHH is better protected turning off active SAC achieved from a clean install of Windows 11 and then applying WDAC and SmartScreen protection of WHH?
Click to expand...

It is hard to say if there is any significant difference in the protection of WHHLight + SAC ON compared to WHHLight (default Whitelist) + SAC OFF. The first is not as preventive as the second but will stop most attacks at the later infection stage. If you like to seek any advantage, then the setup with SAC OFF can be more usable for some users due to whitelisting. However, the SAC ON setup can be more usable for people who install digitally signed applications.
Anyway, WHHLight in Super_Safe or Two_Accounts setup can be stronger at home (at the cost of some usability).
 
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, [correlate], silversurfer and 3 others
S

skiper

Level 1
Apr 6, 2021
16
Andy Ful said:
When < SWH > and < WDAC > switches are ON, the restrictions are similar to the H_C Windows_10_Recommended_Enhanced settings, but additionally, the DLLs are blocked.
When the %ProgramData%, %LocalAppData, and user AppData folders are removed from the WDAC Whitelist, the restrictions are similar to the H_C Windows_10_Strict_Recommended_Enhanced settings, but additionally, the DLLs are blocked.
Click to expand...

I see that WHHLight set this way offers better protection than H_C Windows_10_Strict_Recommended_Enhanced. I tried H_C Windows_10_Strict_Recommended_Enhanced and had no additional problems compared to H_C Recommended Settings.

So I thought I'd try something even better. If it behaves much like H_C Windows_10_Strict_Recommended_Enhanced it may be a solution.
I have some questions.

1. In order to activate SUPER_SAFE SETUP do I have to clear the whole WDAC Whitelist?

2. With such a configuration will the operating system (windows/edge updates) continue to be automatic? Will the manual update be only for Third-party apps? To know in advance what I'm getting into. :)

3. I will use it on my admin account with CD MAX, is FirewallHardening LOLBins and Documents_AntiExploit still necessary?

4. Is SUPER_SAFE SETUP like a default-deny from H_C?

Congratulations for the application! I like that it is very compact, and you can adjust the protection level very easily from the WDAC Whitelist. In H_C I was lucky with the profiles, otherwise when I saw so many options I was sweating. :)
 
  • Like
Reactions: kylprq, simmerskool and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
skiper said:
1. In order to activate SUPER_SAFE SETUP do I have to clear the whole WDAC Whitelist?
Click to expand...

Yes.

skiper said:
2. With such a configuration will the operating system (windows/edge updates) continue to be automatic? Will the manual update be only for Third-party apps? To know in advance what I'm getting into. :)
Click to expand...

Yes.
Very popular 3rd party applications can often auto-update, too.

skiper said:
3. I will use it on my admin account with CD MAX, is FirewallHardening LOLBins and Documents_AntiExploit still necessary?
Click to expand...

FirewallHardening and DocumentsAntiExploit are not necessary, but your system will be cleaner with them. The SUPER_SAFE setup will mitigate some malware at the later infection stage.

skiper said:
4. Is SUPER_SAFE SETUP like a default-deny from H_C?
Click to expand...

Yes, it is similar to the settings profile H_C Windows_10_Strict_Recommended_Enhanced.
 
  • Like
  • Thanks
Reactions: [correlate], simmerskool, vtqhtr413 and 2 others
South Park

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
Thanks, Andy, for your work on these projects. I'm currently testing WHH 1011 with default settings (SWH only) on my old W10 laptop. I'm also using C_D on Interactive and Firewall Hardening with default rules. So far, so good.

I use many portable apps, most (but not all) of which are signed. My question to whomever is using WHHL: Would activating WDAC likely create more FP's than benefits for someone like me? I'm careful about running new programs and am willing to accept the modest number of FP's I already get from WD. Thanks in advance.
 
  • Like
Reactions: vtqhtr413, oldschool, simmerskool and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
South Park said:
Thanks, Andy, for your work on these projects. I'm currently testing WHH 1011 with default settings (SWH only) on my old W10 laptop. I'm also using C_D on Interactive and Firewall Hardening with default rules. So far, so good.

I use many portable apps, most (but not all) of which are signed. My question to whomever is using WHHL: Would activating WDAC likely create more FP's than benefits for someone like me? I'm careful about running new programs and am willing to accept the modest number of FP's I already get from WD. Thanks in advance.
Click to expand...
From the help included with WHH:
1708762888952.png

See points 4 and 5.
I have added my folder with portable applications to the whitelist and have no issues.
 
  • Like
  • Thanks
Reactions: oldschool, South Park, simmerskool and 3 others

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
329
Views
36,641
Hard_Configurator Tools
Andy Ful
Andy Ful
lokamoka820
    • Like
Serious Discussion Can WHHLight be used with other AVs, or it is related to Microsoft Defender?
Replies
10
Views
765
General Security Discussions
Andy Ful
Andy Ful
Shadowra
    • Like
    • +Reputation
    • Applause
App Review Webroot SecureAnywhere 2024 (With WHHLight & Wihout WHHLight)
Replies
14
Views
1,194
Video Reviews - Security and Privacy
Shadowra
Shadowra

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top