Not yet.
I plan WHH Full version as a version for Windows 12.
Currently, I do not know exactly which options will be required. The WDAC part of WHHLight will be most probably included.
WHHLight - simplified application control for Windows Home and Pro.
- Thread starter Andy Ful
- Start date
- Featured
Not yet.
I plan WHH Full version as a version for Windows 12.
Currently, I do not know exactly which options will be required. The WDAC part of WHHLight will be most probably included.
I believe not, for most home users their tools are more than sufficient for protection.
@Andy Ful, To maintain uniformity, could you consider applying the same design to all your tools—either a flat design (SWH style) or a regular design (CD style)? 
@Andy Ful, To maintain uniformity, could you consider applying the same design to all your tools—either a flat design (SWH style) or a regular design (CD style)?
Unfortunately, the programming language used in my applications has very limited GUI options. The flat design does not allow lists, so ConfigureDefender and FirewallHardening use a different style compared to WHHLight or SWH.
Is the CD and FH-style design for SWH, WHHL, etc. also not doable?
Technically, it is doable. However, SWH and WHHLight utilize menu buttons/items, which look much better in a flat design. The current design of my applications is the best possible, given the limitations of the programming language.
Didn't know this thread/software existed. Been using SWH for a long time and keeping an eye on updates. But will switch to this now 
Thanks for the great work Andy!
Thanks for the great work Andy!
For my clean install I had to put two powershell scripts on the executable desktop via keyboard shortcuts, they are safe I created them...
But there's something wrong.
How can I authorize some of them despite the scripts being restricted according to WHHLight's basic (Défault) configuration?
I've whitelisted it in SWH but it doesn't work!
it opens a window and closes it, it doesn't apply the script.
Thanks a lot!
But there's something wrong.
How can I authorize some of them despite the scripts being restricted according to WHHLight's basic (Défault) configuration?
I've whitelisted it in SWH but it doesn't work!
it opens a window and closes it, it doesn't apply the script.
Thanks a lot!
Last edited:
There are two general methods to run PS scripts when using WHHLight:
METHOD nr 1
Run WHHLight and temporarily switch OFF SWH restrictions:
Do the scripting job (WHHLight does not restrict scripts).
METHOD nr 2
Set the * PowerShell Restrictions * to Not configured:
In the second case, PowerShell is still restricted by Constrained Language Mode (implemented via SRP) except when the script is whitelisted in SWH.
Constrained Language Mode is also a standard restriction in AppLocker and WDAC (App Control for Business).
*********************************
It is worth mentioning that, except for WHHLight restrictions, PowerShell can be independently restricted by Microsoft Defender ASR rules or FirewallHardening outbound block rules.
Other possibilities, like running from the PowerShell Console or conversion to Batch scripts, will be explained in subsequent posts soon.
Last edited:
thank you!There are two general methods to run PS scripts when using WHHLight:
METHOD nr 1
Run WHHLight and temporarily switch OFF SWH restrictions:
View attachment 289191
Do the scripting job (WHHLight does not restrict scripts).
METHOD nr 2
Set the * PowerShell Restrictions * to Not configured:
View attachment 289192
In the second case, PowerShell is still restricted by Constrained Language Mode (implemented via SRP).
*********************************
It is worth mentioning that, except for WHHLight restrictions, PowerShell can be independently restricted by Microsoft Defender ASR rules or FirewallHardening outbound block rules.
Other possibilities, like running from the PowerShell Console or conversion to Batch scripts, will be explained in subsequent posts soon.
it would have been great if some scripts had been excluded (whitelisted).
They can be whitelisted if you use the second method (I updated my previous post). In the second method, other PS scripts and PS CmdLines are still restricted by Constrained Language Mode. If you additionally use FirewallHardening, those restrictions are very effective.
Last edited:
PowerShell scripting with WHHLight (default settings).
METHOD nr 3 (I often use it in my daily work).
For example:
The PS1 script content copied/pasted into the PowerShell Console
Several alerts: "Cannot invoke method. Method invocation is supported only on core types in this language mode."
Anyway, many administrative scripts will work without any issues, contrary to many advanced fileless malware.
See also:
https://malwaretips.com/threads/gho...o-disable-edrs-in-cryptojacking-attack.131153
https://malwaretips.com/threads/new...isticated-stealth-tactics.126991/post-1064268
https://malwaretips.com/threads/simple-windows-hardening.102265/post-973934
https://malwaretips.com/threads/pub...oit-allows-domain-takeover.108902/post-949930
https://malwaretips.com/threads/windows-defender-disabled-by-malware.107622/post-943709
https://malwaretips.com/threads/git...ike-payload-from-imgur-pic.105965/post-921913
METHOD nr 3 (I often use it in my daily work).
- open the PS1 script in Notepad and copy the whole content,
- open the PowerShell Console (or Terminal), paste the content, and execute.
For example:
The PS1 script content copied/pasted into the PowerShell Console
Several alerts: "Cannot invoke method. Method invocation is supported only on core types in this language mode."
Anyway, many administrative scripts will work without any issues, contrary to many advanced fileless malware.
See also:
https://malwaretips.com/threads/gho...o-disable-edrs-in-cryptojacking-attack.131153
https://malwaretips.com/threads/new...isticated-stealth-tactics.126991/post-1064268
https://malwaretips.com/threads/simple-windows-hardening.102265/post-973934
https://malwaretips.com/threads/pub...oit-allows-domain-takeover.108902/post-949930
https://malwaretips.com/threads/windows-defender-disabled-by-malware.107622/post-943709
https://malwaretips.com/threads/git...ike-payload-from-imgur-pic.105965/post-921913
Last edited:
I'm curious to switch to FirewallHardening after seeing how easy it is to block a lot that could be abused. I've been using Windows Firewall Control for a few years but I must admit that I KNOW that I DON'T KNOW which Windows executables that should be allowed online access. So I guess, that's not very secure. I've added a few apps myself but in FH there are custom rules as well.
(I am NOT the expert on this topic) but I think you can run malwarebytes WFC with AndyFul's FWH -- (if not I have a VM to re-tweak)
You can manually add the LOLBins blocked in FirewallHardening to Windows Firewall Control, or use both FirewallHardening and Windows Firewall Control.
PowerShell scripting with WHHLight (default settings).
METHOD nr 4 - Use BAT script to run PowerShell with Get-Content CmdLine (simple and effective method).
METHOD nr 4 - Use BAT script to run PowerShell with Get-Content CmdLine (simple and effective method).
- Create the Helloworld.bat file with the following content:
Code:powershell Get-Content Helloworld.ps1 | PowerShell.exe -noprofile - Copy this file to the location of your PowerShell script: Helloworld.ps1
- Run the script Helloworld.bat
Last edited:
PowerShell scripting with WHHLight.
METHOD nr 5 - Custom settings
In the above settings, the PowerShell LOLBin is blocked with standard rights, but can be executed without restrictions with Administrator privileges.
So, the scripts can be run with Method 2 and 3 via PowerShell / Terminal (Admin) or with Method 4 (execute BAT script as administrator).
No restrictions means also no Constrained Language Mode.
Because the * SRP Policy Scope * is set to Standard, other types of Windows scripts (.bat, .cmd, .vbs, .js, etc.) are blocked only with standard rights and allowed with Administrator privileges.
METHOD nr 5 - Custom settings
In the above settings, the PowerShell LOLBin is blocked with standard rights, but can be executed without restrictions with Administrator privileges.
So, the scripts can be run with Method 2 and 3 via PowerShell / Terminal (Admin) or with Method 4 (execute BAT script as administrator).
No restrictions means also no Constrained Language Mode.
Because the * SRP Policy Scope * is set to Standard, other types of Windows scripts (.bat, .cmd, .vbs, .js, etc.) are blocked only with standard rights and allowed with Administrator privileges.
Last edited:
Andy, what about account SUA? I tried running all the scripts, but PowerShell blocked them with a warning. "This application has been blocked by the system administrator. Contact the system administrator for more information." I assume this is the SRP Police Scope Standard feature you mentioned, correct? So it will only run on an admin account?
Hello !
I put Rainmeter on, and the shortcuts don't work.
Is this a WHHLight rule?
I can't figure out which one I switched from “High” to “Standard” in SRP Policy Scope (because it seems to be coming from there...) ... What should I do to get these shortcuts to launch?
whitelist?
I put Rainmeter on, and the shortcuts don't work.
Is this a WHHLight rule?
I can't figure out which one I switched from “High” to “Standard” in SRP Policy Scope (because it seems to be coming from there...) ... What should I do to get these shortcuts to launch?
whitelist?
Which scripts? Do you use the default SWH settings?
but PowerShell blocked them with a warning. "This application has been blocked by the system administrator. Contact the system administrator for more information." I assume this is the SRP Police Scope Standard feature you mentioned, correct? So it will only run on an admin account?
I am afraid that PowerShell had nothing to do with those blocks. This warning is related to SRP blocks or Administrator policies.
In the default settings, all scripts in UserSpace are blocked (except those explicitly whitelisted).
Last edited:
You may also like...
-
-
Testing Windows Hybrid Hardening (new hardening application).
- Started by Andy Ful
- Replies: 253
-
Windows 11 Home OEM + Office 2021 Pro Plus OEM Bundle €23.80- Started by Brownie2019
- Replies: 4
-
Soft Organizer Pro from Chemtable for Free - Uninstall applications- Started by BigWrench
- Replies: 9
-
Windows 11 25H2/24H2 get 1000 Hz+ refresh rate support, File Explorer improvements, and more- Started by Parkinsond
- Replies: 9