The program does not make an uninstaller.

There is an uninstall from the "Tools" button, but I don't fully understand this dialog:

It seems to imply values will be overwritten with defaults if I click Yes.

I don't want anything whatsoever to be changed. I just want to uninstall Hard_Configurator.

Can I just delete the Hard_Configurator directory in the Windows folder?

Are there any other directories, settings, or registry keys to get rid of?

In order to evaluate Hard_Configurator I installed v7.0 on a Win10 system.

Why does it install into C:\Windows directory? This could be dangerous

I miss an uninstall entry

I miss a portable package which can be installed to e.g. D:\tools\config\HardConfigurator\

This software is really great, I use it daily, and I've also recommended it wholeheartedly in my security guide on my website.

However, a feature that could really improve this software is a GUI for managing the shell extensions (after enabling Shell Extension Security), kind of like the SRP whitelist GUI.

It'd be nice if it would list all existing Shell Extensions, and an option to move them in or out of the Approved list. It's kind of tedious to do it manually, and this would entice more people to use that feature.

If SmartScreen is disabled, Hard Configurator enables it when it's launched. This occurs even if 'Forced SmartScreen' is set to 'OFF'.

Very easy to reproduce this one. Clean install 22H2 (specifically build 22621.xxx), install Hard_Configurator, try to apply SRP, relog/restart and you'll notice that it doesn't actually work. Easy way to find out is to block a sponsor and try to execute said sponsor.

This can be fixed if you apply SRP through group policy, delete the group policy SRP and then re-install SRP in Hard_Configurator, but it doesn't always work.

This started happening as of update 6.0.1.1. A fix would be appreciated.

Hey i really love this software but i have a question,
Can you (please) tell me where i can found the name of the "GPO" version of these settings.
Because on my own computer it work but i would like (one i have configured it successfully on home windows deploy it to "pro" version of windows through GPO, and some settings of Defender and hard configurator is hard to find in the Gpedit.msc)

if it's already in it sorry i don't have finded it.
Thanks

Andy

I have an old laptop which due to driver issues would not update to latests Windows10. The Windows10 version I am using is 21H1 which reaches end of service in december.

You once mentioned (on MalwareTips) that you were also looking at Windows Application Control, but I have not seen this dripping through in one of your excellent free programs.

I used the WDAC policy toolkit on Github to create a WDAC "signed and reputable mode" policy and deployed it using Powershell. I also used SimpleWindowsHardening to block risky file extensions and added through a registry hack the Microsoft Recommended Block rules to SRP (not in WDAC, so they are blocked in user mode only).

Because Microsoft also mentioned in the media that they will not update Mocrosoft Defender on end-of-service Windows 10 OS versions, I switched to a free antivirus. When I run MSINFO32 I stll see that WDAC is applied (using another AV), so it seems to work ok with third-party AV's.

So here is my request to you

Would it be an option to include the most relaxed WDAC-policy (allow signed and reputable) to SimpleWindowsHardening?

I realize your time is limited, but I think above use-case is not exceptional, there must be more people having old hardware on which the latest Windows OS does not run.

As far as I understood the new 'Smart App Control' feature uses the same database as WDAC 'signed and reputable' policy, so it seems that Microsoft thinks it is ready for every day use.

Regards

Kees1958

What should this even be? This is not valid code, its just a number.

Reply from false positive report:
"

Hello,

Thank you for reporting this.

Our virus specialists have confirmed that this detection is indeed correct due to lack of compliance with our clean software policy.

You can find further details in the following article: Avast Clean Guidelines.

With regards,

Avast Customer Care

"

Hi Andy, I have a request to get lolbins rules in firewall tools, I want to be able to import or at least have WFC recognized, because I found that WFC can't recognize rules imported by Firewall tools and create allow rules repeatedly, This also causes rules that should be blocked to lose their effect.

Hi,

Does <Add Folder> include all sub-folders and all files? For example, if I install MSYS2 in C:\msys64 and add the path with <Add Folder>, I still have to add C:\msys64\usr\bin\bash.exe with <Add File> in order to use msys2/mingwXX.

Edit: I have blocked sponsor bash.exe - the reason for the above behavior.

I attached my config - config.zip. I have only one user profile.

It seems the default deny config and whitelist isn't quite appropriate setup for environment where Visual Studio/Intel OneApi is used. I added to whitelist C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022\Visual Studio Tools\VC so I can use the MSVC tools with x64 Native Tools Command Prompt for VS 2022. Cmd window is opening but with the following This program is blocked by group policy. For more information, contact your system administrator. [vcvarsall.bat] Environment initialized for: 'x64' When I check the log to see what is blocked - Access to C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe has been restricted by your Administrator by location with policy rule {1016bbe0-a716-428b-822e-5e544b6a3100} placed on path powershell.exe. If I run as Administrator x64 Native Tools Command Prompt for VS 2022 everything seems ok. But I don't want to compile/build with Admin privileges. What would be your recommendation for such setup? A profile like Windows_10_MT_Windows_Security_hardening.hdc?

Edit: Above related - I have to remove powershell.exe and reg.exe from the blocked sponsors if I want to build as regular user (without admin privileges). Any way for example, to have blocked sponsor powershell.exe and run a .bat file that calls powershell.exe (whitelist ?)?

Is there a current, up to date H_C source code available?
The one on here seems to be from 2 years ago.

I got two blocks after enabling WDAC. The first one is wsl, which you already explained to me that it is blocked by design. But I have no idea where the second block is coming from.

`******** WDAC blocked events for EXE and DLL files ********
***********************************************************




Event[0]:
Event Id = 3077
Local Time:  2024/04/08 19:58:55
Attempted Path = C:\Windows\System32\wsl.exe
Parent Process = C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu_2204.3.49.0_x64__79rhkp1fndgsc\ubuntu.exe
PolicyName = UserSpace Lock
UserWriteable = false


***********************************************************
***********************************************************


Event[1]:
Event Id = 3077
Local Time:  2024/04/08 19:56:10
Attempted Path = C:\Windows\System32\wsl.exe
Parent Process = C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu_2204.3.49.0_x64__79rhkp1fndgsc\ubuntu.exe
PolicyName = UserSpace Lock
UserWriteable = false


***********************************************************
***********************************************************


Event[2]:
Event Id = 3077
Local Time:  2024/04/08 19:42:22
Attempted Path = C:\Windows\SysWOW64\wbem\WMIC.exe
Parent Process = C:\Windows\SysWOW64\cmd.exe
PolicyName = UserSpace Lock
UserWriteable = false


***********************************************************
***********************************************************`

Logoff is not alway necessary to activate SRP.
I would suggest to disable and enable SRP on applying changes - that usually does the job...

Edition Windows 11 Pro Insider Preview
Version 22H2
OS build 25131.1000
Experience Windows Feature Experience Pack 1000.25131.1000.0

I personally have no idea what could be causing this, even when disabling a specific policy which could be causing this (User Account Control: Admin Approval Mode for the built-in administrator account), nothing executes. Just says that I don't have permission on the built-in administrator account (the only administrator account on my system right now).

hello it would be nice to publish the exe in release like that we can watch for release only (for update), since we don't oppen it every day github will warn to go the hard configurator to do the update

Thanks

A useful one this time. I've noticed that the blocked sponsors list in H_C does not encompass every executable that Microsoft has marked as unsafe in their recommended block rules.

It'd be nice to have an option to add and select any executable or DLL you want and add it as an item blocked by SRP. This could be helpful if new exploits or vulnerable executables emerge and you want to block them to be safe, without having to wait for an update to the blocked sponsors list.

Perhaps add a "Custom Block List" option under the Whitelist options in Hard_Configurator, which opens a new window similar to the whitelists, detailing all the items blocked by the user. This would also be a good addition to my security guide and I would be able to easily have people block vulnerable executables, whereas right now I can't do that without complications.

A good example of a harmful executable would be sethc.exe, which allows for a privilege escalation exploit on the lock screen. If this executable were to be blocked using the custom feature described above, this wouldn't be an issue. But right now, sethc is nowhere to be seen in the Blocked Sponsors list... therefore I once again request the addition of this feature.

There is an issue when I try to edit existing entries with the same name. They show up only once.

This can happen when you're trying to move form Restric'tor to H_C...

And edtiting (e.g. change name) inside the Whitelist would be great...

It would add additional securtiy if there is a Blacklist...

There are a lot of %windir% directories where users can write and execute...

It would be a great enhancement to have a blacklist an an auto add writeable (for everyone) folders automatically. (as it is in Restric'tor)

Path examples:
C:\WINDOWS\debug\WIA C:\WINDOWS\Hard_Configurator\Tools C:\WINDOWS\Registration\CRMLog C:\WINDOWS\servicing\Packages C:\WINDOWS\servicing\Sessions C:\WINDOWS\System32\Com\dmp C:\WINDOWS\System32\FxsTmp C:\WINDOWS\System32\spool\drivers\color C:\WINDOWS\System32\spool\PRINTERS C:\WINDOWS\System32\spool\SERVERS C:\WINDOWS\System32\Tasks C:\WINDOWS\System32\Tasks_Migrated C:\WINDOWS\SysWOW64\Com\dmp C:\WINDOWS\SysWOW64\FxsTmp C:\WINDOWS\SysWOW64\Tasks C:\WINDOWS\Tasks C:\WINDOWS\Temp

VirusTotal results:

H_C_6010_beta1.exe
Hard_Configurator_setup_6.0.0.0-RSLOAD.NET-.exe

VBA32: Backdoor.Bladabindi
Threat Type: Trojan, password-stealing virus, banking malware, spyware.