Hard_Configurator - GUI to Manage Software Restriction Policies and harden Windows Home OS

Discussion in 'other anti-malware software' started by guest, Nov 20, 2018.

  1. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    @Sampei Nihira

    Also remember that M$ itself has been completely silent about this experimental feature since it was originally announced. I found it to be resource-intensive and no longer use it. My opinion is that Andy made H_C to easily implement proven features, not experimental ones. :thumb:
     
    Last edited: Dec 4, 2019
  2. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    It doesn't seem to me like you say:


    Immagine.jpg

    https://www.microsoft.com/security/...-defender-antivirus-can-now-run-in-a-sandbox/

    I believe that the benefits are acceptable compared to a possible incompatibility.
     
  3. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    @Sampei Nihira I'm not saying it isn't useful, but rather that Andy probably won't implement a feature that is experimental (or at least not fully rolled out to Windows Home users) into H_C. The source you cite is M$'s original announcement of this feature, now over 1 year old, with no follow-up other than the introduction of Tamper Protection.
     
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    :thumb:

    ____________________________________________________________________

    In the external "Firewall Hardening" module, does anyone use the LOLBins rules?
     
  5. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Yes, Sampei Nihira, I use the Firewall Hardening program. I enabled LOLBins and the Recommended H_C rules, as well as enabled logging via the user interface. I've had several installations of Windows 2004 Insider builds, so as a precaution, I've re-enabled the rules in case they were negated. It's a one-time set-up, it seems.

    This wonderful program has blocked many, many outbound requests, specifically by Edge.old, without breaking any functionality. I'm not an advanced user, however. Perhaps someone else can offer more detailed info. :)
     
  6. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    I have used them without any problems. They are recommended if using a default allow profile like Windows_10_ MT_Windows_Security profile.
     
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    But the warning pop-up seems to recommend only one set of enabled rules:

    Immagine.jpg

    So the LOLBins rules or the Recommended H_C rules?
     
  8. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Last edited: Dec 10, 2019
  9. Tyreman

    Tyreman Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    145
    Location:
    Cambridge Ontario,Canada
    Last edited: Dec 26, 2019
  10. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    the latest version seam to behave fine, but I had a version from June 2019 and when I enabled SRP, first my start button would stop functioning, then at restart and after logon my screen went black and no task bar as well, which is a typical SRP anomaly, but even disabling SRP didn't do the trick to fix PC, even after disabling all keys in registry and resetting policy, perhaps because it was held hostage by HC
    something to keep in mind to be extra careful when enabling SRP on HC
    besides that I thinks that HC is more user friendly than Simple Software Restriction Policy
     
  11. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I am sure Andy could troubleshoot that pesky problem you had, but just out of curiosity, what laptop were you using? A few of them have special instructions as regards H_C, if I remember right.
     
  12. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    do you have a link to these instructions, they may come in handy
    I had an Asus
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
  14. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    next time I have a problem I will contact him, lost 6 hours and could not believe my removing of srp artifacts didn't do the trick, even did the sticky keys hack, tried to make a second account (to no avail SRP affected all accounts and would not let me make one via net command), then removed all SRP rules and restarted GPO to default (force update of gpo was frozen), the PC just refused to heal with all tricks and file removals I found on google to unblock SRP after it has been messed up
     
    Last edited: Dec 28, 2019
  15. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    336
    @lucd From memory: When I used and older version of H_C it was important in which order you activated stuff. I didn't read the warning choose the wrong order and messed all up. Can't thank macrium reflect enough (they even got a free version) because backups saves a lot of time if things went wrong. Redeployed backup and 5 mins later read the warning/instructions and it worked.
     
  16. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,571
    I am thinking about trying Hard Configurator on my rarely used Laptop that I just upgraded (Clean Install) from Windows 8.0 to Windows 10 Pro 64 bit.

    Some Questions:

    1. What would be the recommended settings to have decent protection with minimal risk of blocking legitimate applications? I would like to use Appguard Solo instead, but would like to use a free alternative to Appguard Solo.

    2. I use ESET NOD32 (Latest Version). Does ESET NOD32 work OK with Hard Configurator? Any special settings?

    3. How are Windows Updates handled with Hard Configuration? Are special Hard Configurator settings needed?

    4. Do I need to prevent Windows 10 Pro 64 bit from 'Automatically' installing updates? Only download and install Windows Updates when Hard Configurator is turned off?

    5. Is Hard Configurator compatible with Sandboxie? Any special settings needed?

    Thanks in Advance.
     
  17. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    I'd like to switch from OS Armor to H_C, which is still actively supported, so I'm particularly interested in your replies to questions 1, 3 and 4 above. Thanks in advance, guys and gals.:)
     
  18. Tyreman

    Tyreman Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    145
    Location:
    Cambridge Ontario,Canada
    When I used the whole app
    I ran it at default settings for configure defender and sometimes high
    I had the green button for software policies at recommended settings never higher
    Also I used the firewall rules but not the adobe rule set
    Was never blocked from Windows updates or any apps I have when on default for config defender or software policies at recommended even with firewall rules
    Sandboxie couldn't tell you on that
     
    Last edited: Dec 30, 2019
  19. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    OK, thanks, @Tyreman I will dump OS Armor, download H_C and start with default settings.
     
  20. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    1. use the "recommended h_c" preset and you'll be fine. ag is a must have sw for every security enthusiast but it requires a certain level of understanding and knowledge (expertise) as to how to apply proper mitigations and config on your sys.

    2. no special settings are required. 32 will run fine. h_c is not a resident sw with its own sys level driver(s), just an interface for win mitigations and configs.

    3. see #2.

    4. never defer updates, unless they're optional. you can't turn h_c on/off. once you apply the settings, changes go in effect. you can always undo them/revert back to default, though i recommend you to back up your sys before using it for the worst case scenario.

    5. no idea. you should ask andy_ful himself @mt or elam about that.
     
  21. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    0 The best place to get answers is on the dev's own thread https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/

    1 It installs with recommended settings.
    2 I use it with ESET, no prob
    3 Windows updates do not conflict, no special settings needed
    4 ditto
    5 If you run executables inside a sandbox, you will need to whitelist them. Otherwise, it is compatible with SBIE. I use it with SBIE (but on my system, I have SBIE set just to sandbox flash drives, since they are the prime source of malware in my household).
     
  22. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    @TheKid7 there is a "Switch Default-Deny" button to turn off SRP.
    Log off required after loading a profile, and then go into effect.
     
  23. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    i think it's pretty clear what i mean:
    "you can't turn h_c on/off" meaning "it's not a sw by itself that has its own sys level resident driver, it's not an active sw, just a passive interface for windows' native mitigation mechanisms."

    and

    "once you apply the settings, changes go in effect" meaning "you don't need to do anything extra and it won't be running in real time. you apply the preset and it's done."
     
  24. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    @Buddel
    I am not by any means a security geek or expert but OS armor is protected by kernel level driver, while H_C would sit in ring 3 where software is, both focus on LOLBINS but HC would assume you are using windows firewall (since edits are done via advanced firewall interface), why not use both with SRP rules as last after all trusted programmes are installed, there are not known hacks against OSA made public, while there are quite a lot vs SRP (dunno to what extend HC can prevent them but it stops some connections of lolbins so.. its not the same as typical SRP manual editing)

    thanks @Freki123, I looked for several solutions and found aomei backupper but never actually backed up anything yet and dunno if its good or not (is macrium better?), I need it to be done via usb after all is messed up. Unfortunately on the lap booting from usb was not possible, safe mode was not an option either, and the only option was returning to default state (wipe all files), on regular PC that would be easy, I just stick to the rule of having all files on external drives (at least 2-3 for same files), so host is just an empty shell, no damage done just few hours of work
     
    Last edited: Dec 31, 2019
  25. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    336
    Sorry for short of topic:
    @lucd I can only tell you about macrium because I never used aomei. I can say that I did lots of backup redeploys (atleast 60++) and they all worked for me. You can create a boot cd, usb stick or let macrium create a boot menu entry. I never cared about windows integrated backup mechanic or safe mode I just booted the reflect rescue media and used my backup.
    Since I use the paid version there are some minor differences to the free version but most important stuff is still in.
    https://www.macrium.com/reflectfree

    For more question better ask the experts in the macrium thread.
    https://www.wilderssecurity.com/threads/macrium-reflect.356309/page-319
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.