Serious Discussion WHHLight - simplified application control for Windows Home and Pro.

[Andy Ful]

I would not consider it accidental; AMSI-related DLL was blocked for more than one AV, Avast-AVG, K, and I am not sure for SEP also or not.

Accidental = Microsoft wanted to block another DLL with the same internal name.

 

[Andy Ful]

For robust AV such as K, only using script rules by AppLocker will be sufficient.

It will be sufficient for MT members, but probably not for children or happy clickers. Furthermore, one cannot use Group Policies to configure AppLocker on Windows Home editions. Scripting protection in AppLocker includes only Windows Script Host (VBScript, JScript), PowerShell, and Batch scripts.
For more comprehensive protection, one can use Smart App Control or SWH settings in WHHLight.. For example, SWH settings can block shortcuts, and this can prevent most attacks via flash drives and many dangerous fileless attacks.

 

[Parkinsond]

It will be sufficient for MT members, but probably not for children or happy clickers. Furthermore, one cannot use Group Policies to configure AppLocker on Windows Home editions. Scripting protection in AppLocker includes only Windows Script Host (VBScript, JScript), PowerShell, and Batch scripts.
For more comprehensive protection, one can use Smart App Control or SWH settings in WHHLight. can block shortcuts, and this can prevent most attacks via flash drives and many dangerous fileless attacks.

For me, WHHLight is much better than SAC; includes software restriction policy which encompass LNK (not covered by WDAC, may be by SAC when has MoTW) and can whitelist path (no available for SAC).

 

[Andy Ful]

For me, WHHLight is much better than SAC;...

SAC is simpler, WHHLight is more configurable.

 

[Parkinsond]

SAC is simpler, WHHLight is more configurable.

Simplicity that obstructs usability; I prefer WHHLight.

 

[Andy Ful]

Simplicity that obstructs usability; I prefer WHHLight.

So do I. However, many people can still prefer SAC.

 

[rashmi]

What is WHHFull, as mentioned in the help files, GitHub, and various posts here?

 

[dronefox1166]

WindowsHybridHardening Light (WHHLight)
(post updated in Jun 2025)

WHHLight ver. 2.0.0.3
https://github.com/AndyFul/Hard_Con...dowsHybridHardening/WHHLight_Package_2003.exe

WHHLight webpage:
https://github.com/AndyFul/Hard_Configurator/tree/master/WindowsHybridHardening

View attachment 280817

Windows Hybrid Hardening Light (WHHLight) is a simplified configurator of the Windows built-in application control features. It works on Windows 10 and 11 to support antivirus and prevent malware. WHHLight is a hybrid of Windows built-in security layers: SmartScreen, Install App Control, Software Restriction Policies (SRP), and Windows Defender Application Control (WDAC). After the initial configuration, WHHLight can be closed, and all protection comes from the Windows built-in features. It works well with any antivirus.
There is no need to use Microsoft Defender, but it can be recommended with ConfigureDefender settings.

WHHLight is adjusted to the home environment. SRP is still the best Windows built-in solution at home to prevent attack vectors via scripts, shortcuts, and other files with active content. WDAC is the best prevention against malicious EXE, DLL, and MSI files.

Some important post-exploitation mitigations of vulnerable applications (MS Office, Adobe Acrobat Reader, etc.) can be configured via DocumentsAntiExploit, FirewallHardening, and ConfigureDefender (tools included in the WHHLight installation package). The ConfigureDefender tool can be used only when Microsoft Defender real-time protection is enabled.

WARNING!
WHHLight is an advanced tool for home Administrators. Please read the help info about available options to avoid an overkill setup.


Recommended Applications (work well with highly restricted WHHLight setups).
Some desktop applications can be troublesome when using WHHLight in the SUPER_SAFE or TWO_ACCOUNTS setup. This problem can be solved by using automated installations/updates such as Ninite, UniGetUI, or Microsoft Store (GET delivery method):
https://malwaretips.com/threads/whh...-for-windows-home-and-pro.128274/post-1095580
https://malwaretips.com/threads/whh...-for-windows-home-and-pro.128274/post-1096262
https://malwaretips.com/threads/app...l-with-smart-app-control.131260/post-1096404/

Spoiler: Videos

Why I have this version and not the last ?

 

[Parkinsond]

What is WHHFull, as mentioned in the help files, GitHub, and various posts here?

It is an extended version of WHHLight.

Spoiler: WHHFull

 

[Andy Ful]

What is WHHFull, as mentioned in the help files, GitHub, and various posts here?

It is an unfinished project. I planned to add some advanced options, such as blocking LOLBins, etc.

 

[Andy Ful]

Why I have this version and not the last ?

The package version is 2.0.0.3. The application version is 2.0.0.2.

 

[dronefox1166]

The package version is 2.0.0.3. The application version is 2.0.0.2.

View attachment 289060

Thanks !

 

[piquiteco]

It is an extended version of WHHLight.

Wow, this version would be complete, it has 3 switches and drop menu for SmartScreen for Explorer to turn on and off. @Andy Ful is always innovating with his tools. It would certainly be a lot of work for him to finish this project as it is an extended version of WHHLight. All the tools Andy has developed are great, starting with H_C.

 

[Andy Ful]

Wow, this version would be complete, it has 3 switches and drop menu for SmartScreen for Explorer to turn on and off. @Andy Ful is always innovating with his tools. It would certainly be a lot of work for him to finish this project as it is an extended version of WHHLight. All the tools Andy has developed are great, starting with H_C.

Thanks.
My problem is as follows: Do people at home need something more complex than WHHLight?

 

[Parkinsond]

Thanks.
My problem is as follows: Do people at home need something more complex than WHHLight?

May be adding script rules to WDAC module for those who wish to use it without the SWH component.

 

[Andy Ful]

May be adding script rules to WDAC module for those who wish to use it without the SWH component.

Why should you use worse protection instead of better protection (at home)?

 

[Parkinsond]

Why should you use worse protection instead of better protection (at home)?

I am afraid MS might disable software restriction policy in the near future.

 

[Andy Ful]

I am afraid MS might disable software restriction policy in the near future.

Not on Windows 10 and 11. Anyway, if it happens, WHHLight will be updated soon enough.

 

[rashmi]

It is an unfinished project. I planned to add some advanced options, such as blocking LOLBins, etc.

@Parkinsond posted a few screens of WHHF. Is it available to test?

 

[Parkinsond]

@Parkinsond posted a few screens of WHHF. Is it available to test?

Just reposting; they were posted earlier on this thread by the developer @Andy Ful .