Using Hard_Configurator in HARDENEDmode with ConfigureDefender in HIGHEST protection on Windows10

Product name
Hard_Configurator (get it on GitHub https://github.com/AndyFul/Hard_Configurator)
Installation (rating)
5.00 star(s)
User interface (rating)
4.00 star(s)
Accessibility notes
Color scheme of the buttons is .... well ....colorful like Andy Ful
Performance (rating)
5.00 star(s)
Core Protection (rating)
5.00 star(s)
Additional Protection notes
Windows Defender in default settings scored a 100% protection at AV-Comparatives in latest Real-World Protection tests (https://www.av-comparatives.org/tests/real-world-protection-test-february-march-2019-factsheet/) and a 6 out of 6 score in latest AV-TEST (https://www.av-test.org/en/antivirus/home-windows/windows-10/february-2019/microsoft-windows-defender-4.18-190516/), so how well will this hardened setup with highest protection perform? My bet: better than any top tier Antivirus solutions!
Positives
    • Freeware
    • Low impact on system resources
    • Easy to use
    • Simple and non-intrusive
    • Strong and reliable protection
    • Detects or blocks in the wild malware
    • Excellent scores in independent tests
    • Features you can't get elsewhere for free
    • Multi-layer protection approach
Negatives
    • Clumsy or awkward interface (UI)
Time spent using product
Computer specs
Asus Transformer with Intel Atom Z3740 @ 1,33 Ghz 2 GB RAM memory, 32 GB SSD and 64 GB SD-card
Recommended for
  1. All types of users
  2. Multi-user devices
  3. Financial banking or trading
  4. Low spec PCs
Overall rating
5.00 star(s)

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Andy Ful is it possible to only disable windows remote desktop or do something to allow for example AnyDesk?
I was wrong. AnyDesk installs its own version of Remote Desktop service named: 'AnyDesk Service'. So it should work with disabled Windows built-in remote features.
The same is probably true for TeamViewer.(y)
 

camo7782

Level 4
Verified
Apr 29, 2019
168
Thanks for a nice review.:giggle:
Although I have to add some corrections.

[...]

The closest to @Windows_Security proposition with allowed EXE files, would be the profile in attachment, which I named: Windows_Security_hardening.hdc.txt (download - delete .txt - load to H_C - enjoy).:giggle:
The attachment is identical to the one in the first post from @Windows_Security was it updated? I do not see any difference..
 
  • Like
Reactions: Andy Ful and shmu26

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
I used same settings which I figured out when Vista was introduced. @Andy Ful was so nice to develop a program with GUI so people did not have to hack the registry. These made the free Windows OS security features accessible to many more security enthousiast. This knowledge rewards him the master title san.

Andy-San also researched and updated the software policies for all/current Windows OS versions AND added Windows Defender and Rich Document (containing scripts/macros) protection (and Windows Firewall to follow). These enduring efforts granted him the other master title Sensei.

Obviously I copied the corrections of Andy Sensei San in my post. :)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I used same settings which I figured out when Vista was introduced. @Andy Ful was so nice to develop a program with GUI so people did not have to hack the registry. These made the free Windows OS security features accessible to many more security enthousiast. This knowledge rewards him the master title san.

Andy-San also researched and updated the software policies for all/current Windows OS versions AND added Windows Defender and Rich Document (containing scripts/macros) protection (and Windows Firewall to follow). These enduring efforts granted him the other master title Sensei.

Obviously I copied the corrections of Andy Sensei San in my post. :)
You must have Samurai roots for sure. :giggle:
I like sensei:
214705
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Here is a simple method to use H_C with UAC setting 'Only elevate executables that are signed and validated'.
Normally with this setting, the user cannot run H_C executable because it is not digitally signed and will be blocked while trying to elevate.
But, it can be done by running first the elevated command prompt with a command line to start H_C. Simply create the shortcut on the Desktop with the below command line:

For Windows 64-bit:
Code:
C:\Windows\System32\cmd.exe /c start c:\Windows\Hard_Configurator\Hard_Configurator(x64).exe

For Windows 32-bit:
Code:
C:\Windows\System32\cmd.exe /c start c:\Windows\Hard_Configurator\Hard_Configurator(x86).exe

Now the shortcut should be executed by using the usual "Run as administrator" option from the Explorer context menu, and this will also run H_C.:giggle: (y)

Please note, that Windows_Security profile is for the Admin account, and Standard User Account is additionally restricted to disable elevation of all user programs, so command prompt will not be allowed to elevate (and H_C will not be executed anyway).
If someone wants to use these shortcuts on SUA, then the below option must be set:
<More ...> <Disable Elevation on SUA> = OFF
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Here is a simple method to use H_C with UAC setting 'Only elevate executables that are signed and validated'.
Normally with this setting, the user cannot run H_C executable because it is not digitally signed and will be blocked while trying to elevate.
But, it can be done by running first the elevated command prompt with a command line to start H_C. Simply create the shortcut on the Desktop with the below command line:

For Windows 64-bit:
Code:
C:\Windows\System32\cmd.exe /c start c:\Windows\Hard_Configurator\Hard_Configurator(x64).exe

For Windows 32-bit:
Code:
C:\Windows\System32\cmd.exe /c start c:\Windows\Hard_Configurator\Hard_Configurator(x86).exe

Now the shortcut should be executed by using the usual "Run as administrator" option from the Explorer context menu, and this will also run H_C.:giggle: (y)

Please note, that Windows_Security profile is for the Admin account, and Standard User Account is additionally restricted to disable elevation of all user programs, so command prompt will not be allowed to elevate (and H_C will not be executed anyway).
If someone wants to use these shortcuts on SUA, then the below option must be set:
<More ...> <Disable Elevation on SUA> = OFF
Thanks for the great idea!
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
I tried a similar command line to start FirewallHardening.exe, it also works successfully (y)
Code:
C:\Windows\System32\cmd.exe /c start c:\Windows\Hard_Configurator\FirewallHardening(x64).exe
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Wait a minute... if I enable 'Only elevate executables that are signed and validated' then I can't right-click a file and use Run As Smartscreen, correct?
Okay, my bad. I tried it on a file that is not signed. It still seems to work on signed files.
Yes, when using the H_C Recommended settings, you can run only signed executables in this way (via Run As SmartScreen from Explorer context menu). That is why the UAC setting 'Only elevate executables that are signed and validated', was not implemented in H_C. This would block the execution of unsigned application installers, which is unnecessary because they are elevated only after SmartScreen check. I do not think this UAC setting useful with H_C Recommended settings.

With H_C Windows_Security profile, you can run additionally the unsigned executables if they do not need to elevate. This profile does not require whitelisting applications in UserSpace, so it is easier to manage.
It is worth to remember that the UAC setting 'Only elevate executables that are signed and validated', will block application updates if the updater is not digitally signed and requires admin rights.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I do not think this UAC setting useful with H_C Recommended settings.
Yeah, I see what you mean. It is not an absolute block (it can be easily bypassed by elevated command prompt), and we have Run As SmartScreen, which is pretty reliable for unsigned files, so this UAC setting is probably more trouble than it's worth, with H_C Recommended settings.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top