Serious Discussion WHHLight - simplified application control for Windows Home and Pro.

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,210
sypqys said:
Why H_C doesn't want to open ?
Click to expand...

Did you read the General help in WHHLight?

1706870748752.png


Which application do you want to use?
If your choice is H_C, then run WHHLight and restore Windows defaults (from the Menu). Next, run H_C and configure it. Do not run WHHLight in the future.
If your choice is WHHLight, then run it (it will remove the H_C settings automatically). Do not run H_C in the future.

In theory, one could use both H_C and SWH (I use such a setup in malware testing), but it is unnecessary and would be very inconvenient. For example, your current setup is a mess of SRP and WDAC. The WDAC settings are not visible in H_C. The option <Forced SmartScreen> is OFF, but should be 'Standard User', etc.
 
Last edited:
  • +Reputation
  • Like
Reactions: simmerskool, Gandalf_The_Grey and sypqys
sypqys

sypqys

Level 3
Apr 18, 2022
141
Andy Ful said:
Did you read the General help in WHHLight?

View attachment 281323

Which application do you want to use?
If your choice is H_C, then run WHHLight and restore Windows defaults (from the Menu). Next, run H_C and configure it. Do not run WHHLight in the future.
If your choice is WHHLight, then run it (it will remove the H_C settings automatically). Do not run H_C in the future.

In theory, one could use both H_C and SWH (I use such a setup in malware testing), but it is unnecessary and would be very inconvenient. For example, your current setup is a mess of SRP and WDAC. The WDAC settings are not visible in H_C. The option <Forced SmartScreen> is OFF, but should be 'Standard User', etc.
Click to expand...

I'm french I don't understand all I thing... But I understand many things... I will try to read ... Thank you !
 
  • Like
Reactions: simmerskool, Gandalf_The_Grey and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,210
sypqys said:
I'm french I don't understand all I thing...
Click to expand...

Is this translation OK? :)

Quelle application souhaitez-vous utiliser ?
  • Si votre choix est H_C, exécutez WHHLight et restaurez les paramètres par défaut de Windows (à partir du menu). Ensuite, exécutez H_C et configurez-le. N'exécutez plus WHHLight à l'avenir.
  • Si votre choix est WHHLight, exécutez-le (il supprimera automatiquement les paramètres H_C). N'exécutez pas H_C à l'avenir.

*************************

Incompatibilités logicielles :
  1. WHHLight est une version simplifiée de WindowsHybridHardening. Les deux versions de WindowsHybridHardening partagent certaines ressources et paramètres, elles ne doivent donc pas fonctionner ensemble.
  2. Les paramètres WHHLight SRP peuvent entrer en conflit avec le SRP introduit via l'objet de stratégies de groupe (GPO) disponible dans les éditions Windows Pro, Education et Enterprise. Avant d'utiliser WHHLight, le SRP doit être supprimé du GPO.
  3. WHHLight entrera également en conflit avec tout logiciel utilisant SRP, mais ces applications sont rares (CryptoPrevent, SBGuard, AskAdmin). Avant d'utiliser WHHLight, l'application en conflit doit être désinstallée.
  4. Si l'utilisateur a installé Hard_Configurator (SimpleWindowsHardening), l'application des restrictions WHHLight peut modifier les paramètres. Il n'est donc pas recommandé d'utiliser WHHLight avec Hard_Configurator (SimpleWindowsHardening).
  5. WHHLight n'est pas destiné à fonctionner avec les stratégies AppLocker activées.
 
  • Like
  • +Reputation
Reactions: Jonny Quest, Shadowra, simmerskool and 2 others
sypqys

sypqys

Level 3
Apr 18, 2022
141
Andy Ful said:
Is this translation OK? :)

Quelle application souhaitez-vous utiliser ?
  • Si votre choix est H_C, exécutez WHHLight et restaurez les paramètres par défaut de Windows (à partir du menu). Ensuite, exécutez H_C et configurez-le. N'exécutez plus WHHLight à l'avenir.
  • Si votre choix est WHHLight, exécutez-le (il supprimera automatiquement les paramètres H_C). N'exécutez pas H_C à l'avenir.

*************************

Incompatibilités logicielles :
  1. WHHLight est une version simplifiée de WindowsHybridHardening. Les deux versions de WindowsHybridHardening partagent certaines ressources et paramètres, elles ne doivent donc pas fonctionner ensemble.
  2. Les paramètres WHHLight SRP peuvent entrer en conflit avec le SRP introduit via l'objet de stratégies de groupe (GPO) disponible dans les éditions Windows Pro, Education et Enterprise. Avant d'utiliser WHHLight, le SRP doit être supprimé du GPO.
  3. WHHLight entrera également en conflit avec tout logiciel utilisant SRP, mais ces applications sont rares (CryptoPrevent, SBGuard, AskAdmin). Avant d'utiliser WHHLight, l'application en conflit doit être désinstallée.
  4. Si l'utilisateur a installé Hard_Configurator (SimpleWindowsHardening), l'application des restrictions WHHLight peut modifier les paramètres. Il n'est donc pas recommandé d'utiliser WHHLight avec Hard_Configurator (SimpleWindowsHardening).
  5. WHHLight n'est pas destiné à fonctionner avec les stratégies AppLocker activées.
Click to expand...
Many Thanks for all the work for this software and this translation !
 
  • Like
Reactions: Jonny Quest, simmerskool, Gandalf_The_Grey and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,210
ZeroDay said:
@Andy Ful Does WHHLight automatically remove Windows hard configurator? Or should I uninstall that first? Forgive my silly question, I just wanted to make sure.
Click to expand...

WHHLight does not remove the installation files of H_C - it only removes the H_C restrictions and applies the new ones.
You can uninstall H_C or keep it on disk as well. But I do not recommend running H_C when you use WHHLight, otherwise, you must remember to rerun WHHLight to restore its settings.
 
  • Like
  • +Reputation
  • Thanks
Reactions: ZeroDay, Gandalf_The_Grey, ErzCrz and 2 others
ZeroDay

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Andy Ful said:
WHHLight does not remove the installation files of H_C - it only removes the H_C restrictions and applies the new ones.
You can uninstall H_C or keep it on disk as well. But I do not recommend running H_C when you use WHHLight, otherwise, you must remember to rerun WHHLight to restore its settings.
Click to expand...
Thanks for the reply, Is H_C better or equal to WHHLIGHT?
 
  • Like
Reactions: sypqys, simmerskool and Andy Ful
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,027
  • Like
  • Thanks
Reactions: sypqys, simmerskool, Andy Ful and 2 others
Azazel

Azazel

Level 6
Jun 15, 2023
267
When Whhfull will be available. Is it gonna be as configurable as Simple Windows Hardening. (eg turn off windows hardening reg tweaks)
 
  • Like
Reactions: Andy Ful
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,656
Hi @Andy Ful! Finally, I made up my lazy mind to try WHHLight yesterday. With SWH configured everything is great as usual but enabling WDAC made my PC really slow at launching most apps including Windows Explorer when it's run for the first time after booting the system. Is this expected with ISG? The time it takes for ISG to verify files is much longer.
 
  • Like
Reactions: simmerskool, silversurfer, Gandalf_The_Grey and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,210
SeriousHoax said:
Hi @Andy Ful! Finally, I made up my lazy mind to try WHHLight yesterday. With SWH configured everything is great as usual but enabling WDAC made my PC really slow at launching most apps including Windows Explorer when it's run for the first time after booting the system. Is this expected with ISG? The time it takes for ISG to verify files is much longer.
Click to expand...

Do you use the default WDAC Whitelist?
ISG can slow launching non-Microsoft applications, but in most cases, it happens when you run the application for the first time. If the application is accepted then it is marked (in the kernel) as OK, and it is not checked again. But, this scenario applies only to the files on the NTFS drives. For example, files on the flash drives (FAT32) are not marked, so they are checked at any time (if launched by the user).
The issue related to Windows Explorer can be somehow rooted in Microsoft Defender. Currently, I test WHHLight with Avast and there are no slowdowns. The issue can be also caused due to interactions with 3rd party security.
Please let me know if you have suggestions about that issue.
 
Last edited:
  • Like
  • +Reputation
Reactions: SeriousHoax, simmerskool, silversurfer and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,210
WHHLight vs. SmartScreen bypass via the URL shortcut
(Smart App Control set to OFF)

The bypass was patched by Microsoft a few months ago. The articles refer to the samples haunted before this patch.
malwaretips.com

Malware News - New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a...
malwaretips.com malwaretips.com


Attack flow:
URL shortcut ----> malicious file downloaded without MOTW (SmartScreen bypass) ----> file is executed without SmartScreen check

Without the bypass, the file would be downloaded with MOTW (Mark of the Web), and the file could be executed with SmartScreen check.
It is worth noting, that this bypass is not a bypass of Forced SmartScreen implemented in Hard_Configurator and WHHLight.

In the H_C Recommended Settings, the file will be initially blocked, and the user must use "Install By SmartScreen" to run the downloaded file. But then, the custom MOTW is always added to the file and the file is executed with SmartScreen check.

In WHHLight the file will be executed first without SmartScreen check. However, in WHHLight the SmartScreen is used as a smart whitelisting method for WDAC ISG. So, this SmartScreen bypass will always increase the protection level of WHHLight. The file will be blocked, so the user will apply "Run By SmartScreen" to manually bypass the WDAC ISG block. As in the case of H_C, the MOTW is always added to the file and the file will be checked by SmartScreen.
 
Last edited:
  • Like
  • +Reputation
Reactions: toto_10, silversurfer, simmerskool and 3 others
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,656
Andy Ful said:
Do you use the default WDAC Whitelist?
ISG can slow launching non-Microsoft applications, but in most cases, it happens when you run the application for the first time. If the application is accepted then it is marked (in the kernel) as OK, and it is not checked again. But, this scenario applies only to the files on the NTFS drives. For example, files on the flash drives (FAT32) are not marked, so they are checked at any time (if launched by the user).
The issue related to Windows Explorer can be somehow rooted in Microsoft Defender. Currently, I test WHHLight with Avast and there are no slowdowns. The issue can be also caused due to interactions with 3rd party security.
Please let me know if you have suggestions about that issue.
Click to expand...
Yeah, default whitelists. Is this kernel whitelist removed after a system restart? For me, application startup for non-Microsoft apps is slower after every boot.
 
Last edited:
  • Like
Reactions: silversurfer, simmerskool, Gandalf_The_Grey and 1 other person

Similar threads

Andy Ful
New Update Testing Windows Hybrid Hardening (new hardening application).
    • +Reputation
    • Like
    • Applause
Replies
253
Views
23,142
Hard_Configurator Tools
South Park
South Park
Andy Ful
Guide | How To Easy Application Control on Windows
    • Like
    • Thanks
    • Hundred Points
Replies
19
Views
1,237
Guides - Privacy & Security Tips
Andy Ful
Andy Ful
SpyNetGirl
Serious Discussion Why do you use obsolete security technologies such as SRP?
    • Like
    • Applause
    • Thanks
Replies
7
Views
643
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top