New Update Testing Windows Hybrid Hardening (new hardening application).

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
7,893
Some conclusions about WHHLight with Smart App Control.

1701462897442.png


Surprisingly, SAC in Evaluate mode can impact the behavior of WDAC policies used in WHHLight. Without WHHLight, SAC in Evaluate mode does not block anything but asks the Microsoft Cloud about the file reputation, and writes it into the Event Log. It looks like the external (non-SAC) policies that use the ISG option can use that information, just like in the case of SmartScreen.
One of the differences between SAC and SmartScreen is that SAC allows digitally signed files with unknown reputations, and SmartScreen mostly blocks such files.
 
Last edited:

Reldel1

Level 2
Verified
Jun 12, 2017
50
Some conclusions about WHHLight with Smart App Control.

View attachment 279959

Surprisingly, SAC in Evaluate mode can impact the behavior of WDAC policies used in WHHLight. Without WHHLight, SAC in Evaluate mode does not block anything but asks the Microsoft Cloud about the file reputation, and writes it into the Event Log. It looks like the external (non-SAC) policies that use the ISG option can use that information, just like in the case of SmartScreen.
One of the differences between SAC and SmartScreen is that SAC allows digitally signed files with unknown reputations, and SmartScreen mostly blocks such files.
So, at this point a user of WHH is better protected turning off active SAC achieved from a clean install of Windows 11 and then applying WDAC and SmartScreen protection of WHH?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
7,893
So, at this point a user of WHH is better protected turning off active SAC achieved from a clean install of Windows 11 and then applying WDAC and SmartScreen protection of WHH?

It is hard to say if there is any significant difference in the protection of WHHLight + SAC ON compared to WHHLight (default Whitelist) + SAC OFF. The first is not as preventive as the second but will stop most attacks at the later infection stage. If you like to seek any advantage, then the setup with SAC OFF can be more usable for some users due to whitelisting. However, the SAC ON setup can be more usable for people who install digitally signed applications.
Anyway, WHHLight in Super_Safe or Two_Accounts setup can be stronger at home (at the cost of some usability).
 
Last edited:

skiper

Level 1
Apr 6, 2021
14
When < SWH > and < WDAC > switches are ON, the restrictions are similar to the H_C Windows_10_Recommended_Enhanced settings, but additionally, the DLLs are blocked.
When the %ProgramData%, %LocalAppData, and user AppData folders are removed from the WDAC Whitelist, the restrictions are similar to the H_C Windows_10_Strict_Recommended_Enhanced settings, but additionally, the DLLs are blocked.

I see that WHHLight set this way offers better protection than H_C Windows_10_Strict_Recommended_Enhanced. I tried H_C Windows_10_Strict_Recommended_Enhanced and had no additional problems compared to H_C Recommended Settings.

So I thought I'd try something even better. If it behaves much like H_C Windows_10_Strict_Recommended_Enhanced it may be a solution.
I have some questions.

1. In order to activate SUPER_SAFE SETUP do I have to clear the whole WDAC Whitelist?

2. With such a configuration will the operating system (windows/edge updates) continue to be automatic? Will the manual update be only for Third-party apps? To know in advance what I'm getting into. :)

3. I will use it on my admin account with CD MAX, is FirewallHardening LOLBins and Documents_AntiExploit still necessary?

4. Is SUPER_SAFE SETUP like a default-deny from H_C?

Congratulations for the application! I like that it is very compact, and you can adjust the protection level very easily from the WDAC Whitelist. In H_C I was lucky with the profiles, otherwise when I saw so many options I was sweating. :)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
7,893
1. In order to activate SUPER_SAFE SETUP do I have to clear the whole WDAC Whitelist?

Yes.

2. With such a configuration will the operating system (windows/edge updates) continue to be automatic? Will the manual update be only for Third-party apps? To know in advance what I'm getting into. :)

Yes.
Very popular 3rd party applications can often auto-update, too.

3. I will use it on my admin account with CD MAX, is FirewallHardening LOLBins and Documents_AntiExploit still necessary?

FirewallHardening and DocumentsAntiExploit are not necessary, but your system will be cleaner with them. The SUPER_SAFE setup will mitigate some malware at the later infection stage.

4. Is SUPER_SAFE SETUP like a default-deny from H_C?

Yes, it is similar to the settings profile H_C Windows_10_Strict_Recommended_Enhanced.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top