Advice Request Using hard_configurator with SysHardener & OSA.

[JiSingh12]

Hi all,

Quick question, as a genuine beginner in security, has anyone attempted to use hard_configurator by @Andy Ful alongside SysHardener & OSA?

I also use Avast Moderate Mode as my AV.

Of course they both are used to harden the OS, however I'm not too sure if they can do different things or are designed to lock down different things to each other, like I said, beginner knowledge right here .

Windows v1809.
Thanks everyone

 

[bribon77]

Thanks friend. I've been thinking about it for a few days. How to use these great programs without any interaction?
Let's see the answers of the Grand Masters of MT.

 

[oldschool]

Hi all,

Quick question, as a genuine beginner in security, has anyone attempted to use hard_configurator by @Andy Ful alongside SysHardener & OSA?

Of course they both are used to harden the OS, however I'm not too sure if they can do different things or are designed to lock down different things to each other, like I said, beginner knowledge right here .

Thanks everyone

OSA is a post-exploitation soft which will mitigate damage. H_C and SH are more similar in that they are both OS hardening apps but I can't specify how they different exactly. I asked about H_C and SysHardener together and based on my technical skill was advised to choose one or the other because of potential conflicts - in case of a problem, a less knowledgeable user may not know which soft is causing it. @Windows_Security is one person to ask but he is an advanced user, so you would be advised to take this into account. That's all I can say based on my experience.

Edit: I should say that I use H_C, Here is what someone explained to me:

(default).
Hard_Configurator vs. SysHardener - If you download and run the application installer (good or bad), then SysHardener settings will mostly allow it to run and you can only pray that if malicious, then it will be stopped by AV. On the contrary, Hard_Configurator settings will block it by default, even when it was safe. The same is true for the executable payload (malware downloaded by exploit). So, using Hard_Configurator is counter-intuitive for most users. They cannot normally install applications (good or bad). If the user wants to run downloaded files, he must use 'Run As SmartScreen" option via right-click Explorer context menu. This triggers the SmartScreen check, so running any installation executable by the user is much safer than with the protection of the standard AV.
After the installation is finished, there is (mostly) no difference between SysHardener and Hard_Configurator, because the folder with installed applications (Program Files or Program Files (x86)) is whitelisted in Hard_Configurator. So, any normally installed application is allowed to run. Of course, the executable payload trying to run silently without the user consent will be still blocked. The payload cannot run from Program Files, because the malware cannot be copied to this folder without the user consent (UAC prompt). Also, the payload cannot be installed into Program Files, because the installation is done via "Run As SmartScreen".
Hard_Configurator & ConfigureDefender - Hard_Configurator restricts software execution (good or bad) and ConfigureDefender makes Windows Defender more suspicious for checked files and can trigger CFA, Network Protection, ASR rules and some other features.

If you are starting to use Hard_Configurator then it would be better to remove all SysHardener tweaks.
If you will use too many tools, then you will be lost, when something will not work properly.
When you will understand well Hard_Configurator, then you can think about using other tools. But, in most cases, they will not be required.

 

[oldschool]

I substantially updated Post #3.

 

[Deleted Member 3a5v73x]

Your answer is there. Discuss - How Paranoid Are You ?

 

[Burrito]

I substantially updated Post #3.

And thanks for that. I'm still trying to get my head around those three capabilities..

 

[vtqhtr413]

The OP isn't asking or doing anything you security nerds haven't asked or done yourself, let her/him explore, experiment and speak with others at that level without a price to pay, leave it alone :emoji_neutral_face:

 

[oldschool]

Hi all,

Quick question, as a genuine beginner in security, has anyone attempted to use hard_configurator by @Andy Ful alongside SysHardener & OSA?

Of course they both are used to harden the OS, however I'm not too sure if they can do different things or are designed to lock down different things to each other, like I said, beginner knowledge right here .

Thanks everyone

You may want to check this thread: Windows 10 - Use Windows 10 build-in (anti)execution options

Especially Post #33, for an example of the complexity involved and to get an idea of what user knowledge is required. I for one could not attempt what @Windows_Security employs on his systems since I lack the knowledge and experience. Reading the whole thread, as well as the H_C and SysHardener threads will help you increase your understanding somewhat. What is also required is knowledge of Windows processes, which is a whole other ballgame.

My suggestion: Pick one of these two apps and have a good trial.

 

[shmu26]

I have used all 3 at the same time. They don't conflict, but they do overlap to a certain extent.
Use one of them, learn it and understand what it can and cannot do, and then add another one if you think it will help you.

OSA is a third party app providing real-time protection, so it will impact performance to some extent. And it can potentially conflict with other software -- most notably, it is not yet compatible with Win 10 1809. But it does some amazing stuff, if you tweak the advanced settings and make custom rules.

SysHardener can be a bit dangerous if you start flipping protections on at whim. It is not easy to get back to your previous system state.

 

[509322]

Providing a list of tweakings really isn't all that well received. In fact, most people do not use tweak lists as a matter of course - because working with a list involves retaining the list. They're not going to copy-paste and keep the list, despite that being as easy as it can get.

@Andy Ful's Hard_Configurator has better help files. Andy went out of his way to fully document everything. So Hard_Configurator is best suited to those that want to learn how the basics of default, native Windows SRP\Default Deny works.

One must use a Standard User Account (Guest Account) to get the most out of Hard_Configurator; sponsors\interpreters are fully accessible and can run in any Admin WIndows account. Therefore, in an Admin Windows account, exploit and post-exploit in-memory attacks are still possible via things such as PowerShell even if the user has disabled sponsors.

Also, Andy put in a means for users to look at a block log (H_C > Tools). This is a critical tool for maximum lockdown configuration while still using the stuff you want to use as well as any kind of troubleshooting. I cannot over-emphasize the importance of a block log.

SRP is not for the uninformed. So the option that provides more infos to the user is the one better suited to those that do not know.

Once you have disabled sponsors, there is little use in having any kind of behavioral monitoring of those sponsors; it is a waste of system resources. It is like blocking cmd.exe from executing, but still creating a firewall block rule for cmd.exe - that kind of stuff is just a waste of effort. It is pointless. However, it still makes sense to block .cmd, .bat file types because cmd.exe is still accessible in the Admin account.

Study. Pay attention. Learn by doing. It will be OK...

 

[509322]

SysHardener can be a bit dangerous if you start flipping protections on at whim. It is not easy to get back to your previous system state.

Why not ? Please explain what happened ?

 

[shmu26]

Why not ? Please explain what happened ?

I personally did not have a problem, but when SysHardener first came out, I saw people posting about issues, and complaining that they could not restore their original system state.
You can restore default Windows settings, whatever that means (this might be different between Win 7 and Win 10, and I don't know if SysHard can differentiate). And you can do a Windows system restore, if you created a restore point. But you can't just press a button and get back your old Windows settings.

 

[shmu26]

Why not ? Please explain what happened ?

If I remember right, some people were saying that their apps and VPNs had connectivity issues. Andreas had to publish a list of all the firewall-related rules that might be causing the problems.

 

[Andy Ful]

Default SysHardener settings are not default Windows settings. So, when the user applied SysHardener once, then he has no easy option to restore Windows Defaults. It can be done, by unchecking some of default SysHardener settings and applying the configuration again. I suggested this and some other improvements to Andreas, maybe some of them will be included in the future version.

I do not recommend to use Hard_Configurator by inexperienced users, except when they want to learn and can ask the experienced ones. The problem with using SysHardener or OSArmor with H_C is related to changing the settings.

Normally H_C can quickly apply very different settings from one configuration to another - there are some predefined configurations and the user can save/load the custom made configurations. This functionality is destroyed when using also SysHardener or OSArmor, because they can still block many settings which were unblocked by the user in H_C. From my experience, using programs with many overlapping capabilities is not especially usable for the inexperienced users and for many advanced users, too.

The advanced user who has the knowledge how to tweak H_C + SysHardener + OSArmor to not overlap, can use it without much problems. Without tweaking, such setup can be also applied by advanced users in the locked system.

 

[509322]

I do not recommend to use Hard_Configurator by inexperienced users, except when they want to learn and can ask the experienced ones. The problem with using SysHardener or OSArmor with H_C is related to changing the settings.

It is not difficult to learn. You made good Help files and Hard_Configurator settings are easy ON\OFF.

The advanced user who has the knowledge how to tweak H_C + SysHardener + OSArmor to not overlap, can use it without much problems. Without tweaking, such setup can be also applied by advanced users in the locked system.

 

[shmu26]

Normally H_C can quickly apply very different settings from one configuration to another - there are some predefined configurations and the user can save/load the custom made configurations. This functionality is destroyed when using also SysHardener or OSArmor, because they can still block many settings which were unblocked by the user in H_C. From my experience, using programs with many overlapping capabilities is not especially usable for the inexperienced users and for many advanced users, too.

A very good point. It can get pretty confusing when you have 3 softs tweaking the same settings. At the end of the day, you don't know what your settings are, or what they were.

 

[509322]

A very good point. It can get pretty confusing when you have 3 softs tweaking the same settings. At the end of the day, you don't know what your settings are, or what they were.

Using H_C, SysHarderner and OSA together should not be done. The uninformed combined use of the three will have a profound unintended consequence = pain.

 

[JiSingh12]

@Andy Ful , @shmu26 , @oldschool , & @Lockdown .

Hi all, just thought id thank all the people who have responded to the thread, i have took into consideration what has been said, and i have realised that as a basic user, i do not have the knowledge to overlap H_C + SysHardener + OSArmor together to make them run without problems. I am more of a simple man who kind of prefers a simple solution which i can leave alone, if that makes sense? OSA was easy as the main config is already set up for you, and so is Syshardener to an extent which i am a fan of. As Andy says, "H_C can quickly apply very different settings from one configuration to another - there are some predefined configurations", but also "This functionality is destroyed when using also SysHardener or OSArmor", so clearly without tweaking i can not get them to co-exist like a happy three way couple which is definitely not in my list of strengths, its more of a threat as i will end up breaking most things, typical of me, lol. But i would like the less restrictive program, and that would be SH if i am correct.

As Shmu said "they do overlap to a certain extent", and i believe that could cause issues or something, and i should learn one of them before moving on to another as he also says, and make sure i understand it properly.

Oldschool gave me a lovely insight into things (Thankyou). He was advised based on his technical skill was advised to choose one or the other because of potential conflicts, and without a shadow of a doubt i can admit i do not have the same technical skill as him, meaning i should probably stick to one . Seeing what @Windows_Security has shown me that it is possible to combine all 3 into a restricted & secure setup, but with trial and error and/or knowledge (and time), but i believe that is all out of my league at the moment, and possibly forever, unless i genuinely start researching and understanding the product a lot lot lot lot more.

Lockdown explained that SUA can help get the most out of H_C but i like my administrative account . He also stated that Andy went out of his way to fully document most if not all things to do with H_C, and so So Hard_Configurator is best suited to those that want to learn how the basics of default, native Windows SRP\Default Deny works, but like i said earlier, i do not think it is the time at the moment, maybe in the future, just dealing with the stress of University atm, giving me a headache 24/7 and i have only just started 2 weeks ago

As a whole, thanks to everyone who genuinely read and replied to the thread, thanks for the insights and the thoughts and the interpretation of how one should go around things, and at the moment i think i will stick to my setup of OSA + SH as it has been working great so far and i do not want to mess it up, but maybe il try OSA and H_C on my next clean install .

(BTW, what do people think is the most secure, deep cleaning and best (but time-efficient and SSD safe) way to fresh install Windows 10?)

 

[509322]

@Andy Ful , @shmu26 , @oldschool , & @Lockdown .i do not think it is the time at the moment, maybe in the future, just dealing with the stress of University atm, giving me a headache 24/7 and i have only just started 2 weeks ago

You are already spending too much time at MT.

 

[JiSingh12]

You are already spending too much time at MT.

Probably, most likely, unintentionally.