Hard_Configurator - GUI to Manage Software Restriction Policies and harden Windows Home OS

Discussion in 'other anti-malware software' started by mood, Nov 20, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,928
    Hard_Configurator_#1.png Hard_Configurator_#4.png Hard_Configurator_#5.png Hard_Configurator_#2.png
    Hard_Configurator makes changes in Windows Registry to accomplish the tasks enumerated below:
    1. Enabling Software Restriction Policies in Windows Home editions.
    2. Changing SRP Security Levels, Enforcement options, and Designated File Types.
    3. Whitelisting files in SRP by path (also with wildcards) and by hash.
    4. Blocking vulnerable system executables via SRP (Bouncer black list).
    5. Protecting (deny execution) writable subfolders in "C:\Windows" folder (via SRP).
    6. Restricting shortcut execution to some folders only (via SRP).
    7. Enabling Windows Defender advanced settings, like PUA protection, ASR rules, Network Protection etc.
    8. Protecting against weaponized documents, when MS Office and Adobe Acrobat Reader XI/DC are used to open them.
    9. Enabling "Run as administrator" for MSI files.
    10. Disabling PowerShell script execution (Windows 7+).
    11. Securing PowerShell by Constrained Language mode (SRP, PowerShell 5.0+)
    12. Disabling execution of scripts managed by Windows Script Host.
    13. Removing "Run As Administrator" option from the Explorer right-click context menu.
    14. Forcing SmartScreen check for files without 'Mark Of The Web' (Windows 8+).
    15. Disabling Remote Desktop, Remote Assistance, Remote Shell, and Remote Registry.
    16. Disabling execution of 16-bit applications.
    17. Securing Shell Extensions.
    18. Disabling SMB protocols.
    19. Disabling program elevation on Standard User Account.
    20. Disabling Cached Logons.
    21. Forcing Secure Attention Sequence before User Account Control prompt.
    22. Filtering Windows Event Log for blocked file execution events (Nirsoft FullEventLogView).
    23. Filtering autoruns from the User Space, and script autoruns from anywhere (Sysinternals Autorunsc).
    24. Enabling&Filtering Advanced SRP logging.
    25. Turning ON/OFF all above restrictions.
    26. Restoring Windows Defaults.
    27. Making System Restore Point.
    28. Using predefined setting profiles for Windows 7, Windows 8, and Windows 10.
    29. Saving the chosen restrictions as a profile, and restoring when needed.
    30. Backup management for Profile Base (whitelist profiles and setting profiles).
    31. Changing GUI skin.
    32. Updating application.
    33. Uninstalling application (Windows defaults restored).
    Current version: Hard_Configurator ver. 4.0.0.2 (November 19, 2018)
    Website
    What's New
    Version 4.0.0.2
    1. Corrected the ability to whitelist OneDrive on SUA.
    2. Changed the way of using <Refresh Explorer> option to avoid problems on SUA.
    3. Added the warning before Hard_Configurator deinstallation, about using DocumentAntiExploit tool.
    4. Added the DocumentsAntiExploit tool to the SwitchDefaultDeny application, for managing different MS Office and Adobe Acrobat Reader
    XI/DC settings on different user accounts.
    5. In the 4.0.0.2 version the <Documents Anti-Exploit> option in Hard_Configurator can only change system-wide settings. Non-system-wide
    settings are now available only via DocumentsAntiExploit tool.
    6. Added IQY and SETTINGCONTENT-MS file extensions to the default list of Designated File Types and to the hardcoded dangerous
    extensions in RunBySmartScreen.
    7. Improved Shortcut protection.
    8. Improved the protection of MS Office and Adobe Acrobat Reader XI/DC applications, against the weaponized documents.
    9. Improved 'Run By SmartScreen' with over 250 blocked file extensions (SRP, Outlook Web Access, Gmail, and Adobe Acrobat Reader
    attachments blacklists). The extensions BAT, DLL, CMD, JSE, OCX, and VBE are now blocked with notification, instead of beeing checked
    by SmartScreen. Popular but vulnerable files (RTF, DOC, DOCX, XLS, XLSX, PUB, PPT, PPTX, ACCDB, PDF) related to MS Office and Adobe
    Reader, are opened with the warning instruction.
    10. Changed the names of some buttons in the TOOLS menu:
    <View Blocked Events> --> <Blocked Events / Security Logs>
    <Run Autoruns: Scripts/UserSpace> --> <Whitelist Autoruns / View Scripts>
    11. Changed 'Allow EXE' option in the <Whitelist by Path> to 'Allow EXE and TMP'. So, both EXE files and TMP files are whitelisted -
    this option is prepared to work with Avast Hardened Mode Aggressive as default-deny.
    12. Corrected the bug with <Update> button (did not work for the 64-bit version).
    13. Updated Hard_Configurator manual.
    Note: Hard_Configurator includes the tool ConfigureDefender (Utility for configuring Windows 10 built-in Defender antivirus settings)
     
    Last edited: Nov 20, 2018
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,107
    Location:
    UK
    Are the defender settings for win10? I don't remember seeing them in win7 gui.
     
  3. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    882
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,107
    Location:
    UK
    Thanks azure
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,191
    Location:
    U.S.A. (South)
    Appreciate this. Thanks
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.