Serious Discussion WHHLight - simplified application control for Windows Home and Pro.

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Why H_C doesn't want to open ?

Did you read the General help in WHHLight?

1706870748752.png


Which application do you want to use?
If your choice is H_C, then run WHHLight and restore Windows defaults (from the Menu). Next, run H_C and configure it. Do not run WHHLight in the future.
If your choice is WHHLight, then run it (it will remove the H_C settings automatically). Do not run H_C in the future.

In theory, one could use both H_C and SWH (I use such a setup in malware testing), but it is unnecessary and would be very inconvenient. For example, your current setup is a mess of SRP and WDAC. The WDAC settings are not visible in H_C. The option <Forced SmartScreen> is OFF, but should be 'Standard User', etc.
 
Last edited:

sypqys

Level 5
Apr 18, 2022
230
Did you read the General help in WHHLight?

View attachment 281323

Which application do you want to use?
If your choice is H_C, then run WHHLight and restore Windows defaults (from the Menu). Next, run H_C and configure it. Do not run WHHLight in the future.
If your choice is WHHLight, then run it (it will remove the H_C settings automatically). Do not run H_C in the future.

In theory, one could use both H_C and SWH (I use such a setup in malware testing), but it is unnecessary and would be very inconvenient. For example, your current setup is a mess of SRP and WDAC. The WDAC settings are not visible in H_C. The option <Forced SmartScreen> is OFF, but should be 'Standard User', etc.

I'm french I don't understand all I thing... But I understand many things... I will try to read ... Thank you !
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
I'm french I don't understand all I thing...

Is this translation OK? :)

Quelle application souhaitez-vous utiliser ?
  • Si votre choix est H_C, exécutez WHHLight et restaurez les paramètres par défaut de Windows (à partir du menu). Ensuite, exécutez H_C et configurez-le. N'exécutez plus WHHLight à l'avenir.
  • Si votre choix est WHHLight, exécutez-le (il supprimera automatiquement les paramètres H_C). N'exécutez pas H_C à l'avenir.

*************************

Incompatibilités logicielles :
  1. WHHLight est une version simplifiée de WindowsHybridHardening. Les deux versions de WindowsHybridHardening partagent certaines ressources et paramètres, elles ne doivent donc pas fonctionner ensemble.
  2. Les paramètres WHHLight SRP peuvent entrer en conflit avec le SRP introduit via l'objet de stratégies de groupe (GPO) disponible dans les éditions Windows Pro, Education et Enterprise. Avant d'utiliser WHHLight, le SRP doit être supprimé du GPO.
  3. WHHLight entrera également en conflit avec tout logiciel utilisant SRP, mais ces applications sont rares (CryptoPrevent, SBGuard, AskAdmin). Avant d'utiliser WHHLight, l'application en conflit doit être désinstallée.
  4. Si l'utilisateur a installé Hard_Configurator (SimpleWindowsHardening), l'application des restrictions WHHLight peut modifier les paramètres. Il n'est donc pas recommandé d'utiliser WHHLight avec Hard_Configurator (SimpleWindowsHardening).
  5. WHHLight n'est pas destiné à fonctionner avec les stratégies AppLocker activées.
 

sypqys

Level 5
Apr 18, 2022
230
Is this translation OK? :)

Quelle application souhaitez-vous utiliser ?
  • Si votre choix est H_C, exécutez WHHLight et restaurez les paramètres par défaut de Windows (à partir du menu). Ensuite, exécutez H_C et configurez-le. N'exécutez plus WHHLight à l'avenir.
  • Si votre choix est WHHLight, exécutez-le (il supprimera automatiquement les paramètres H_C). N'exécutez pas H_C à l'avenir.

*************************

Incompatibilités logicielles :
  1. WHHLight est une version simplifiée de WindowsHybridHardening. Les deux versions de WindowsHybridHardening partagent certaines ressources et paramètres, elles ne doivent donc pas fonctionner ensemble.
  2. Les paramètres WHHLight SRP peuvent entrer en conflit avec le SRP introduit via l'objet de stratégies de groupe (GPO) disponible dans les éditions Windows Pro, Education et Enterprise. Avant d'utiliser WHHLight, le SRP doit être supprimé du GPO.
  3. WHHLight entrera également en conflit avec tout logiciel utilisant SRP, mais ces applications sont rares (CryptoPrevent, SBGuard, AskAdmin). Avant d'utiliser WHHLight, l'application en conflit doit être désinstallée.
  4. Si l'utilisateur a installé Hard_Configurator (SimpleWindowsHardening), l'application des restrictions WHHLight peut modifier les paramètres. Il n'est donc pas recommandé d'utiliser WHHLight avec Hard_Configurator (SimpleWindowsHardening).
  5. WHHLight n'est pas destiné à fonctionner avec les stratégies AppLocker activées.
Many Thanks for all the work for this software and this translation !
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
@Andy Ful Does WHHLight automatically remove Windows hard configurator? Or should I uninstall that first? Forgive my silly question, I just wanted to make sure.

WHHLight does not remove the installation files of H_C - it only removes the H_C restrictions and applies the new ones.
You can uninstall H_C or keep it on disk as well. But I do not recommend running H_C when you use WHHLight, otherwise, you must remember to rerun WHHLight to restore its settings.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
WHHLight does not remove the installation files of H_C - it only removes the H_C restrictions and applies the new ones.
You can uninstall H_C or keep it on disk as well. But I do not recommend running H_C when you use WHHLight, otherwise, you must remember to rerun WHHLight to restore its settings.
Thanks for the reply, Is H_C better or equal to WHHLIGHT?
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
A

Azazel

When Whhfull will be available. Is it gonna be as configurable as Simple Windows Hardening. (eg turn off windows hardening reg tweaks)
 
  • Like
Reactions: Andy Ful

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,867
Hi @Andy Ful! Finally, I made up my lazy mind to try WHHLight yesterday. With SWH configured everything is great as usual but enabling WDAC made my PC really slow at launching most apps including Windows Explorer when it's run for the first time after booting the system. Is this expected with ISG? The time it takes for ISG to verify files is much longer.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Hi @Andy Ful! Finally, I made up my lazy mind to try WHHLight yesterday. With SWH configured everything is great as usual but enabling WDAC made my PC really slow at launching most apps including Windows Explorer when it's run for the first time after booting the system. Is this expected with ISG? The time it takes for ISG to verify files is much longer.

Do you use the default WDAC Whitelist?
ISG can slow launching non-Microsoft applications, but in most cases, it happens when you run the application for the first time. If the application is accepted then it is marked (in the kernel) as OK, and it is not checked again. But, this scenario applies only to the files on the NTFS drives. For example, files on the flash drives (FAT32) are not marked, so they are checked at any time (if launched by the user).
The issue related to Windows Explorer can be somehow rooted in Microsoft Defender. Currently, I test WHHLight with Avast and there are no slowdowns. The issue can be also caused due to interactions with 3rd party security.
Please let me know if you have suggestions about that issue.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
WHHLight vs. SmartScreen bypass via the URL shortcut
(Smart App Control set to OFF)


The bypass was patched by Microsoft a few months ago. The articles refer to the samples haunted before this patch.


Attack flow:
URL shortcut ----> malicious file downloaded without MOTW (SmartScreen bypass) ----> file is executed without SmartScreen check


Without the bypass, the file would be downloaded with MOTW (Mark of the Web), and the file could be executed with SmartScreen check.
It is worth noting, that this bypass is not a bypass of Forced SmartScreen implemented in Hard_Configurator and WHHLight.

In the H_C Recommended Settings, the file will be initially blocked, and the user must use "Install By SmartScreen" to run the downloaded file. But then, the custom MOTW is always added to the file and the file is executed with SmartScreen check.

In WHHLight the file will be executed first without SmartScreen check. However, in WHHLight the SmartScreen is used as a smart whitelisting method for WDAC ISG. So, this SmartScreen bypass will always increase the protection level of WHHLight. The file will be blocked, so the user will apply "Run By SmartScreen" to manually bypass the WDAC ISG block. As in the case of H_C, the MOTW is always added to the file and the file will be checked by SmartScreen.
 
Last edited:
A

Azazel

Would Whh work on Windows 12. They are planning to make C:/Windows immutable (read-only)
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,867
Do you use the default WDAC Whitelist?
ISG can slow launching non-Microsoft applications, but in most cases, it happens when you run the application for the first time. If the application is accepted then it is marked (in the kernel) as OK, and it is not checked again. But, this scenario applies only to the files on the NTFS drives. For example, files on the flash drives (FAT32) are not marked, so they are checked at any time (if launched by the user).
The issue related to Windows Explorer can be somehow rooted in Microsoft Defender. Currently, I test WHHLight with Avast and there are no slowdowns. The issue can be also caused due to interactions with 3rd party security.
Please let me know if you have suggestions about that issue.
Yeah, default whitelists. Is this kernel whitelist removed after a system restart? For me, application startup for non-Microsoft apps is slower after every boot.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top