- Jan 27, 2018
- 1,396
WHHLight - simplified application control for Windows Home and Pro.
- Thread starter Andy Ful
- Start date
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
The full Windows-like-Linux requires also SUPER_SAFE (or TWO_ACCOUNTS) setup and <SWH> = ON. This is an extremely secure setup.
In the light version, we slightly decrease the protection at the post-exploitation stage when replacing the SUPERSAFE_SETUP with the TROUBLE_FREE setup (keeping IAC enabled). Such a setup can be called Windows-that-looks-like-Linux but with weaker protection. To increase the protection level, I recommend using ConfigureDefender (HIGH), FirewallHardening (Recommended H_C), and DocumentsAntiExploit. All of this can be called a Windows-like-Linux light version.
Edit.
One could consider IAC on SUA as a Windows-like-Linux but only for files originating from the Internet Zone (files with MotW). Other requirements add/increase protection for local files (no MotW).
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
WHHLight vs. ViperSoftX campaign
thehackernews.com
Rar folder content
Attack flow:
Torrent link ---> ebook RAR archive ----> user executes Shortcut File ----> cmd[.]exe ----> powershell.exe ----> malicious AutoIt script (AMSI bypass + malicious PowerShell code) ----> payloads decoded/executed -----> Command and Control (C2)
The initial execution of LOLBins cmd[.]exe and powershell.exe does not include malicious commands. The malicious PowerShell code is executed via AutoIt without using powershell.exe and without AMSI support. The connection with the Command and Control (C2) server cannot be prevented by blocking the connections of powershell.exe in the firewall.
WHHLight prevents this malware by blocking the Shortcut File (SWH settings). However, the infection can also be mitigated by applying PowerShell Constrained Language Mode (also included in SWH settings). Like many other info-stealers, this malware decodes payloads using types unsupported in that language mode.
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
ViperSoftX malware evolves, using eBook torrents and CLR integration to evade detection. Learn about its new tactics and how it threatens.
thehackernews.com
Rar folder content
Attack flow:
Torrent link ---> ebook RAR archive ----> user executes Shortcut File ----> cmd[.]exe ----> powershell.exe ----> malicious AutoIt script (AMSI bypass + malicious PowerShell code) ----> payloads decoded/executed -----> Command and Control (C2)
The initial execution of LOLBins cmd[.]exe and powershell.exe does not include malicious commands. The malicious PowerShell code is executed via AutoIt without using powershell.exe and without AMSI support. The connection with the Command and Control (C2) server cannot be prevented by blocking the connections of powershell.exe in the firewall.
WHHLight prevents this malware by blocking the Shortcut File (SWH settings). However, the infection can also be mitigated by applying PowerShell Constrained Language Mode (also included in SWH settings). Like many other info-stealers, this malware decodes payloads using types unsupported in that language mode.
Last edited:
sypqys
Level 5
- Apr 18, 2022
- 202
"Switch Default Deny" or "WHHLight" ?
H_C rules are disabled if I understand if I use WHHLight ?
This tutorial is safe or legit (I guess that yes) ?
sorry if I'm off topic,
I would read this topic and the videos better...
H_C rules are disabled if I understand if I use WHHLight ?
This tutorial is safe or legit (I guess that yes) ?
sorry if I'm off topic,
I would read this topic and the videos better...
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
Yes. It is one of four videos made by me:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
"Switch Default Deny" is a part of the Hard_Configurator installation. So, the question should be:
H_C or WHHLight?
I do not know the answer.
H_C has many configurable options based on SRP, Windows Policies, and Forced SmartScreen. It can work on Windows Vista and later versions.
WHHLight has only a few predefined setups based on SRP, WDAC, SmartScreen, Install App Control, and Windows Policies. It can work on Windows 10 and later versions.
WHHLight uses more Windows built-in security features but fewer configuration options.
H_C is lighter on system resources (mainly allows DLLs). WHHLight uses more resources when WDAC is set to ON or IAC (DLLs are monitored/blocked).
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
Ninite
ninite.com
How does it work?
1. Tick the items you want to install.
2. Press the button < Get Your Ninite >.
Ninite opens a webpage that creates and downloads the installer of all ticked applications.
For example:
ninite.com
3. It is recommended to add the created link to Favorites in the web browser. This link can be used in the future to create an updater.
The good news is that Ninite application installers work with the < WDAC > TWO_ACCOUNTS_SETUP because almost all applications are installed for all users (except the Opera web browser and Discord). So, one can easily update several applications installed via Ninite with a few clicks. The Ninite application updater must be executed from Admin account because it uses the user AppData folder. On SUA some installations can be blocked because the SUA Appdata folder is not whitelisted in TWO_ACCOUNTS_SETUP.
Ninite - Install or Update Multiple Apps at Once
The easiest, fastest way to update or install software. Ninite downloads and installs programs automatically in the background.
ninite.com
How does it work?
1. Tick the items you want to install.
2. Press the button < Get Your Ninite >.
Ninite opens a webpage that creates and downloads the installer of all ticked applications.
For example:
Ninite 7-Zip Audacity CutePDF Dropbox Evernote Everything GIMP Glary ImgBurn Inkscape LibreOffice MusicBee qBittorrent Revo ShareX SumatraPDF TeraCopy Thunderbird VLC WinDirStat WinMerge WinSCP WizTree XnView Zoom Unattended Silent Installer and Upda
Install or update 7-Zip Audacity CutePDF Dropbox Evernote Everything GIMP Glary ImgBurn Inkscape LibreOffice MusicBee qBittorrent Revo ShareX SumatraPDF TeraCopy Thunderbird VLC WinDirStat WinMerge WinSCP WizTree XnView Zoom silently and unattended in the background. Fully automated by Ninite.
ninite.com
3. It is recommended to add the created link to Favorites in the web browser. This link can be used in the future to create an updater.
The good news is that Ninite application installers work with the < WDAC > TWO_ACCOUNTS_SETUP because almost all applications are installed for all users (except the Opera web browser and Discord). So, one can easily update several applications installed via Ninite with a few clicks. The Ninite application updater must be executed from Admin account because it uses the user AppData folder. On SUA some installations can be blocked because the SUA Appdata folder is not whitelisted in TWO_ACCOUNTS_SETUP.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
Post updated and corrected.
UniGetUI
github.com
malwaretips.com
UniGetUI is a promising project that can help install/update many applications simultaneously.
It normally works in real-time but this would be incompatible with WHHLight. One has to reconfigure UniGetUi to work on-demand as follows:
The content of the file MyPackageBundle.json
When applications are installed in %ProgramFiles%, one can execute UniGetUI with Administrator rights using "Run as administrator". This allows completely silent installation/update of many applications - there are no UAC prompts because the application installers are already elevated. This very convenient way of installing/updating many applications is similar to Ninite, but UniGetUI has access to much larger application repositories. Instead of watching the installation progress and clicking UAC alerts many times, one can watch TV or go for a walk.
Do not execute UniGetUI via "Run as administrator" to install/update applications that install in UserSpace (not in %ProgramFiles%), especially when using Standard User Account.
Edit1.
I noticed a bug in UniGetUI. On my computer, I must import the package bundle twice until it properly opens in the application.
Edit2.
Added info about allowing msiexec.exe in FirewallHardening.
UniGetUI
GitHub - marticliment/UniGetUI: UniGetUI: The Graphical Interface for your package managers. Could be terribly described as a package manager manager to manage your package managers
UniGetUI: The Graphical Interface for your package managers. Could be terribly described as a package manager manager to manage your package managers - marticliment/UniGetUI
github.com
New Update - Managing apps with WingetUI
WingetUI 3.0.0 (Stable) Important note: WingetUI will soon become UnigetUI. Please see #1900 for more details Changelog WingetUI has been redesigned entirely. WingetUI is now built with WinUI3 on top of .NET 8. This redesign brings not only a brand new interface, but also an improved backend...
malwaretips.com
UniGetUI is a promising project that can help install/update many applications simultaneously.
It normally works in real-time but this would be incompatible with WHHLight. One has to reconfigure UniGetUi to work on-demand as follows:
- Installation of UniGetUI must be done with < SWH > = OFF in WHHLight. After installation, the autorun entry must be removed:
navigate to the Registry key "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" and remove the value "WingetUI".
Windows restart is required. - UniGetUI must be re-configured to not hide on the System Tray:
Settings >> User interface preferences >> untick "Show UniGetUI on the system tray." - Before running UniGetUI the WHHLight < SWH > must be temporarily switched OFF. This is necessary because UniGetUI uses PowerShell scripts.
- If the FirewallHardening rules are activated, the rule for msiexec.exe must be deactivated because UnuGetUI often uses this LOLBin to download MSI installers from the Internet.
The content of the file MyPackageBundle.json
Code:
{
"export_version": 2,
"packages": [
{
"Id": "Zoom.Zoom",
"Name": "Zoom Workplace",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "XnSoft.XnView.Classic",
"Name": "XnView",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "XMediaRecode.XMediaRecode",
"Name": "XMedia Recode",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "WiseCleaner.WiseDiskCleaner",
"Name": "Wise Disk Cleaner",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "WinSCP.WinSCP",
"Name": "WinSCP",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "WinMerge.WinMerge",
"Name": "WinMerge",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "VideoLAN.VLC",
"Name": "VLC media player",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "JAMSoftware.UltraSearch",
"Name": "UltraSearch",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Ubisoft.Connect",
"Name": "Ubisoft Connect",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "JAMSoftware.TreeSize.Free",
"Name": "TreeSize Free",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "ShareX.ShareX",
"Name": "ShareX",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "RevoUninstaller.RevoUninstaller",
"Name": "Revo Uninstaller",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Piriform.Recuva",
"Name": "Recuva",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Daum.PotPlayer",
"Name": "PotPlayer",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Plex.Plex",
"Name": "Plex",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "AndreWiethoff.ExactAudioCopy",
"Name": "Exact Audio Copy",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "OBSProject.OBSStudio",
"Name": "OBS Studio",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "MusicBee.MusicBee",
"Name": "MusicBee",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Guru3D.Afterburner",
"Name": "MSI Afterburner",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Mozilla.Thunderbird",
"Name": "Mozilla Thunderbird",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Crintsoft.MiniLyrics",
"Name": "MiniLyrics",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Inkscape.Inkscape",
"Name": "Inkscape",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "LIGHTNINGUK.ImgBurn",
"Name": "ImgBurn",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "REALiX.HWiNFO",
"Name": "HWiNFO",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "HiBitSoftware.HiBitUninstaller",
"Name": "HiBit Uninstaller",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Glarysoft.GlaryUtilities",
"Name": "Glary Utilities",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "MarekJasinski.FreeCommanderXE",
"Name": "FreeCommander XE",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Foxit.FoxitReader",
"Name": "Foxit PDF Reader",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "PeterPawlowski.foobar2000",
"Name": "foobar2000",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "FastStone.Viewer",
"Name": "FastStone Image Viewer",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "EpicGames.EpicGamesLauncher",
"Name": "Epic Games Launcher",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "eMClient.eMClient",
"Name": "eM Client",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "EaseUS.TodoBackup",
"Name": "EaseUS Todo Backup Free",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "IObit.DriverBooster",
"Name": "Driver Booster",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Iterate.Cyberduck",
"Name": "Cyberduck",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Audacity.Audacity",
"Name": "Audacity",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "AOMEI.PartitionAssistant",
"Name": "AOMEI Partition Assistant",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "AOMEI.Backupper.Standard",
"Name": "AOMEI Backupper",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "AnyDeskSoftwareGmbH.AnyDesk",
"Name": "AnyDesk",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "AIMP.AIMP",
"Name": "AIMP",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Adobe.CreativeCloud",
"Name": "Adobe Creative Cloud",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Adobe.Acrobat.Reader.64-bit",
"Name": "Adobe Acrobat Reader DC (64-bit)",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "7zip.7zip",
"Name": "7-Zip",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Rainy.Rainlendar.Lite",
"Name": "Rainlendar Lite",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "subhra74.XtremeDownloadManager.Beta",
"Name": "Xtreme Download Manager Beta",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Auslogics.DiskDefrag",
"Name": "Auslogics Disk Defrag",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "WiseCleaner.WiseFolderHider",
"Name": "Wise Folder Hider",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "MirandaIM.MirandaIM",
"Name": "Miranda IM",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Pidgin.Pidgin",
"Name": "Pidgin",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
},
{
"Id": "Oracle.VirtualBox",
"Name": "Oracle VM VirtualBox",
"Version": "",
"Source": "winget",
"ManagerName": "Winget",
"InstallationOptions": {
"SkipHashCheck": false,
"InteractiveInstallation": false,
"RunAsAdministrator": false,
"Architecture": "",
"InstallationScope": "",
"CustomParameters": [],
"PreRelease": false,
"CustomInstallLocation": "",
"Version": ""
},
"Updates": {
"UpdatesIgnored": false,
"IgnoredVersion": ""
}
}
],
"incompatible_packages_info": "Incompatible packages cannot be installed from WingetUI, but they have been listed here for logging purposes.",
"incompatible_packages": []
}When applications are installed in %ProgramFiles%, one can execute UniGetUI with Administrator rights using "Run as administrator". This allows completely silent installation/update of many applications - there are no UAC prompts because the application installers are already elevated. This very convenient way of installing/updating many applications is similar to Ninite, but UniGetUI has access to much larger application repositories. Instead of watching the installation progress and clicking UAC alerts many times, one can watch TV or go for a walk.
Do not execute UniGetUI via "Run as administrator" to install/update applications that install in UserSpace (not in %ProgramFiles%), especially when using Standard User Account.
Edit1.
I noticed a bug in UniGetUI. On my computer, I must import the package bundle twice until it properly opens in the application.
Edit2.
Added info about allowing msiexec.exe in FirewallHardening.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
I posted another example of the UniGetUI package bundle (Microsoft Store UWP apps):
https://malwaretips.com/threads/app...ll-with-smart-app-control.131260/post-1096404
After the installation via UniGetUI on Admin account or Standard User Account, those apps can run and auto-update even when WHHLight is configured in Two_Accounts_Setup. Contrary to desktop applications installed in %ProgramFiles%, UWP apps from the Microsoft Store are installed only for the current user. The advantage is that one does not have to use 3rd party application to update those apps.
https://malwaretips.com/threads/app...ll-with-smart-app-control.131260/post-1096404
After the installation via UniGetUI on Admin account or Standard User Account, those apps can run and auto-update even when WHHLight is configured in Two_Accounts_Setup. Contrary to desktop applications installed in %ProgramFiles%, UWP apps from the Microsoft Store are installed only for the current user. The advantage is that one does not have to use 3rd party application to update those apps.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
WHLight_Package 2.0.0.0 beta
I added the SWH tab, which allows configuring the most important SWH settings.
The option * PowerShell Restrictions * additionally allows blocking the PowerShell interpreter (powershell.exe LOLBin).
There is also a new setting: * User Folders * :
I added the SWH tab, which allows configuring the most important SWH settings.
The option * PowerShell Restrictions * additionally allows blocking the PowerShell interpreter (powershell.exe LOLBin).
There is also a new setting: * User Folders * :
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
ConfiigureDefender included in the new beta has two additional rules that work on Windows 24H2 :
- Mar 29, 2018
- 7,577
Have you tested them?
Looks like the 2nd one is in preview, i.e. alpha or beta
Attack surface reduction rules reference - Microsoft Defender for Endpoint
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
I tested them in July (Insider build). They are included in the WHHLight beta for testing.
Last edited:
- Aug 17, 2014
- 11,043
@Andy Ful you wrote SWH 2.0.0.0 beta for a reason? but it's rather WHH Light (WindowsHybridHardeningLight_2000)
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
@Andy Ful you wrote SWH 2.0.0.0 beta for a reason? but it's rather WHH Light (WindowsHybridHardeningLight_2000)
Yes, it should be WHHLight_Package 2.0.0.0 beta (I corrected the post).
The beta is mentioned only in the name of the package installer. I planned to use the same executables in the next package installer when all features of ConfigureDefender will work also outside the Windows Insider builds.
Last edited:
- Apr 24, 2016
- 7,189
Hi Andy, I get the following error when clicking refresh with the new ConfigureDefender 4.0.1.0:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
Can you run PowerShell?
- Apr 24, 2016
- 7,189
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
Is there a similar issue with the previous version of ConfigureDefender?
- Apr 24, 2016
- 7,189
Similar threads
