Serious Discussion WHHLight - simplified application control for Windows Home and Pro.

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
No, there I do not have this problem:
I will try to reproduce the issue. Can you do a simple test?
  1. Use version 4.0.0.1 and apply DEFAULT settings + REFRRESH.
  2. Next, use the version 4.0.1.0 and apply HIGH settings + REFRESH
  3. Finally, close ConfigureDefender and rerun version 4.0.1.0.
  4. Post the screenshot of the last few ASR rules.
 

Gandalf_The_Grey

Level 81
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084
I will try to reproduce the issue. Can you do a simple test?
  1. Use version 4.0.0.1 and apply DEFAULT settings + REFRRESH.
  2. Next, use the version 4.0.1.0 and apply HIGH settings + REFRESH
  3. Finally, close ConfigureDefender and rerun version 4.0.1.0.
  4. Post the screenshot of the last few ASR rules.
Here is the screenshot:
Schermafbeelding 2024-09-06 195239.jpg
 

Gandalf_The_Grey

Level 81
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
Hi Andy, I get the following error when clicking refresh with the new ConfigureDefender 4.0.1.0:

View attachment 285375

Thanks for the help.
After some additional tests, I confirmed a bug in ConfigureDefender. The new rules can be enabled one by one without using <HIGH>, <INTERACTIVE>, or <MAX> buttons.
The corrected version will be published next week.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
New rules currently work on my Windows 11 Home 23H2 (updated). No need to use Windows Insider.:)
I used ConfigureDefender 4.0.1.0 and set new rules by comboboxes (REFRESH and Windows restart required after changing the settings).
The simplest metod of checking if new rules work is as follows:
  1. Copy regedit.exe from C:\Windows to the Desktop
  2. Run regedit.exe from the Desktop (blocked).
  3. Use <Defender Security Log> from ConfigureDefender to see the blocked event:
Event[0]:
Time Created : 07.09.2024 19:45:49
ProviderName : Microsoft-Windows-Windows Defender
Id : 1122
Message : Funkcja Microsoft Defender Exploit Guard wykonała inspekcję operacji, na którą nie zezwala administrator IT.
Aby uzyskać więcej informacji, skontaktuj się ze swoim administratorem IT.
Identyfikator: C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB <------ the ID of ASR rule "Block use of copied or impersonated system tools"
Godzina wykrycia: 2024-09-07T17:45:49.777Z
Użytkownik: -----------------------------------------------------
Ścieżka: -----------------------------------\regedit.exe
Nazwa procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Docelowy wiersz polecenia "-----------------------------------\regedit.exe"
Nadrzędny wiersz polecenia: "C:\Program Files\totalcmd\TOTALCMD64.EXE"
Plik, którego to dotyczy:
Flagi dziedziczenia: 0x00000000
Wersja analizy zabezpieczeń: 1.417.553.0
Wersja aparatu: 1.1.24070.3
Wersja produktu: 4.18.24070.5
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
Here is the information related to the ASR rule "Block rebooting machine in Safe Mode":

Event[1]:
Time Created : 07.09.2024 19:52:41
ProviderName : Microsoft-Windows-Windows Defender
Id : 1121
Message : Funkcja Microsoft Defender Exploit Guard zablokowała operację, na którą nie zezwala administrator IT.
Aby uzyskać więcej informacji, skontaktuj się ze swoim administratorem IT.
Identyfikator: 33DDEDF1-C6E0-47CB-833E-DE6133960387 <------ the ID of ASR rule "Block rebooting machine in Safe Mode"
Godzina wykrycia: 2024-09-07T17:52:41.980Z
Użytkownik: ----------------------------------------------
Ścieżka: C:\Windows\System32\bcdedit.exe
Nazwa procesu: C:\Windows\System32\cmd[.]exe
Docelowy wiersz polecenia bcdedit /.......................... <-------- I removed the CmdLine
Nadrzędny wiersz polecenia: "C:\WINDOWS\system32\cmd[.]exe"
Plik, którego to dotyczy:
Flagi dziedziczenia: 0x00000000
Wersja analizy zabezpieczeń: 1.417.553.0
Wersja aparatu: 1.1.24070.3
Wersja produktu: 4.18.24070.5
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
Maybe I need new glasses, but can anyone give me the link to where I can download WHH LIGHT:unsure:

I removed the beta build from the GitHub.

The link to the official build is always updated in the OP of this thread:
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
The WHHLight beta, had a minor issue with ConfigureDefender ver. 4010. That version of ConfigureDefender works well but when using <HIGH>, <INTERACTIVE>, or <MAX> buttons, two new ASR rules are not activated. So those rules must be added via combobox settings.
The new WHHLight version 2011 is finished and will be published in one week.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,380
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top