Softpedia >Windows >Tweak >System Tweak >Hard_Configurator >  Changelog

Hard_Configurator Changelog

What's new in Hard_Configurator 6.1.1.1

Jul 14, 2023
  • Added support for Windows 11 ver. 22H2
  • Added new setting profiles:
  • Windows_11_SAC_ON_Recommended_Settings.hdc
  • Windows_11_SAC_ON_NoSRP.hdc
  • Added certoc.exe, cipher.exe, pnputil.exe, and scp.exe to the list of blocked sponsors.
  • Added the ONE extension (OneNote document).
  • Removed the OFF2 option in the DocumentsAntiExploit tool. Now, ON2 settings include also all ON1 settings.
  • ON2 settings require resetting (ON2 --> OFF --> ON2) after the current update.
  • Updated H_C manual (info about possible issues related to the activated AppLocker).
  • Corrected some minor bugs.
  • Added a new digital certificate.

New in Hard_Configurator 6.1.1.1 Beta (Apr 7, 2023)

  • Added support for Windows 11 ver. 22H2
  • Added new setting profiles:
  • Windows_11_SAC_ON_Recommended_Settings.hdc
  • Windows_11_SAC_ON_NoSRP.hdc
  • Added certoc.exe, cipher.exe, pnputil.exe, and scp.exe to the list of blocked sponsors.
  • Added the ONE extension (OneNote document).
  • Removed the OFF2 option in the DocumentsAntiExploit tool. Now, ON2 settings include also all ON1 settings.
  • ON2 settings require resetting (ON2 --> OFF --> ON2) after the current update.
  • Updated H_C manual (info about possible issues related to the activated AppLocker).

New in Hard_Configurator 6.0.1.1 (Jul 10, 2022)

  • Djusted the default extensions in <Designated File Types> to those used in Simple Windows Hardening. So, some popular Excel extenions are not blocked in default setup: XLS, XLSX, XLSB, XLSM, XLT, XLTM, XSL.
  • Updated the manual and some help files.
  • Added new option in DocumentsAntiExploit tool to make the configuration of Adobe Acrobat more granular.
  • Added the button <MORE ...><Remove Obsolete Restrictions>.
  • Added a new digital certificate.

New in Hard_Configurator 6.0.1.0 Beta 1 (Jun 1, 2022)

  • Added several file extensions to the <Designated File Types>, mostly for MS Excel Add-ins, Query files, and some legacy file formats
  • New default extensions:
  • ACCDA, ACCDU, CSV, DQY, ECF, MDA, PA, PPA, PPAM, RTF, WLL, WWL, XLA, XLAM, XLL, XLM, XLS, XLSX, XLSB, XLSM, XLT, XLTM, XSL.
  • New Paranoid extensions:
  • ACCDU, ARJ, BZIP, BZIP2, DOC, ECF, FAT, HWP, IMG, ISO, LHA, NTFS, MCL, PA, PPA, PPT, PPTX, REV, R00, R01, R02, R03, R04,
  • R05, R06, R07, R08, R09, TBZ, TPZ, TXZ, TZ, VHD, VHDX, WLL, WWL, XAR, XIP, XLS, XLSX, XSL, XZ.
  • Disk image extensions: ISO, IMG, VHDX, can be blocked by SWH settings only if a 3-rd party application is set to open them (and not Windows built-in File Explorer).
  • Added new versions of DocumentsAntiExploit, RunBySmartscreen and FirewallHardening tools.
  • Improved policies for Adobe Acrobat Reader XI/DC.
  • Corrected some minor bugs.
  • Updated H_C manual and some help files.

New in Hard_Configurator 6.0.0.1 Beta 1 (Feb 12, 2022)

  • Added <Block AppInstaller> option.
  • New FirewallHardening version 2.0.1.1.
  • Added the options to load/save the external BlockLists.
  • Added new LOLBins: bitsadmin.exe (blocked via Exploit Protection), calc, certoc, certreq, cmd, desktopimgdownldr,
  • Dllhost, ExtExport, findstr, ieexec (new path), notepad, pktmon, Register-cimprovider, verclsid, wsl, wuauclt.exe,
  • Xwizard.

New in Hard_Configurator 6.0.0.0 (Dec 10, 2021)

  • Introduced two color-changing buttons When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON Restrictions> change the background color from green to blue
  • Fixed some minor bugs
  • Added fingerexe to blocked sponsors and also to the H_C Enhanced profiles
  • Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, MicrosoftWorkflowCompiler, mscorsvw, ngen, ngentask, vbc
  • Added SLK and ELF file extensions to the default protected extensions in SRP and RunBySmartscreen
  • Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be used especially on the older Windows versions to improve post-exploitation protection on default Admin account This switch should be used only by very experienced users
  • New version of ConfigureDefender:
  • Added some useful information to the Help and manual
  • Added "Send All" setting to Automatic Sample Submission
  • Updated ASR rules (1 new rule added)
  • Added the Warn mode to ASR rules
  • Added INTERACTIVE Protection Level which uses ASR rules set to Warn
  • Added the <Info> button next to the Protection Levels buttons It displays information about which settings are enabled in DEFAULT, HIGH, INTERACTIVE, and MAX Protection Levels
  • Redesigned slightly the layout of the Exploit Guard section
  • Added support for event Id=1120
  • Added CFA setting BDMO = Block Disk Modifications Only - folders will not be protected, but some important disk sectors will be still protected (Id = 1127)
  • Added support for Windows 11

New in Hard_Configurator 5.1.1.2 (Jun 21, 2020)

  • This versin is essentially the same as ver. 5.1.1.1, except that DcumentsAntiExplit tl executable was replaced by its
  • standalne versin. This can matter if after the uninstallatin f H_C the user will want t use DcumentsAntiExplit tl
  • (withut Hard_Cnfiguratr) t harden MS ffice r Adbe Acrbat Reader XI/DC.
  • In the Hard_Cnfiguratr main windw, the versin is still displayed as 5.1.1.1, because the executable is the same as in
  • the ver. 5.1.1.1.

New in Hard_Configurator 5.1.1.1 (Jun 19, 2020)

  • The main differences from the last stable ver. 5.0.0.0 are included in beta versions : 5.0.0.1, 5.0.1.1, and 5.1.1.1.
  • There are some minor changes as compared to the latest beta ver. 5.1.1.1:
  • Executables are signed by the new code signing certificate valid until June 2021.
  • Added the tip text feature for some important buttons in ConfigureDefender, DocumentsAntiExploit and FirewallHardening.
  • Updated versions of ConfigureDefender ver. 3.0.0.1, DocumentsAntiExploit ver. 1.0.1.1, FirewallHardening ver. 2.0.0.0, and
  • RunBySmartScreen 3.1.0.1.

New in Hard_Configurator 5.1.1.1 Beta (May 19, 2020)

  • Fixed the GUI bug related to whitelisting by hash.

New in Hard_Configurator 5.0.1.1 Beta (May 19, 2020)

  • Added the integrity module which can check and solve problems when SRP is tampered by another application.
  • Added a quick method to refresh SRP rules.
  • Added the new setting profile Windows_*_Basic_Recommended_Settings.hdc and included it in Hard_Configurator manual.
  • Removed the "All files" SRP Enforcement setting due to possible incompatibilities with 3rd party security solutions. Furthermore, this setting is not used in Hard_Configurator predefined profiles and it is not well integrated with Recommended Settings on Windows 8+.
  • Improved the SRP rules related to <Update Mode> and <Harden Archivers> (added support for Explzh archiver).
  • Corrected some minor bugs.

New in Hard_Configurator 5.0.0.1 Beta (May 19, 2020)

  • The new version of ConfigureDefender 2.1.1.1. Corrected a bug related to the error when "Defender Security Log" is empty. Removed event Id=1117 from Defender Security Log. Extended the maximal number of entries in the Log to 300. Extended the "Cloud Time Check Limit" in HIGH Protection Level from 10s to 20s.
  • The new version of FirewallHardening 1.0.1.1. Added curl.exe to FirewallHardening LolBins, and curl.exe, certutil.exe to FirewallHardening 'Recommended H_C' rules. Removed the bug related to displaying the last blocked event.
  • The new version of DocumentsAntiExploit tool - improved/corrected the Outlook macro protection.
  • The new version of SwitchDefaultDeny 2.0.0.1 - adjusted to work with <Update Mode>.
  • Changed the name of the H_C option <Run As SmartScreen> to <Forced SmartScreen>.
  • Changed the name "Run As SmartScreen" (of the entry in the Explorer context menu) to "Install By SmartScreen".
  • Added prevention against SmartScreen DLL hijacking (included in "Install By SmartScreen" and "Run By SmartScreen").
  • Added 3 new options <Update Mode>, <Harden Archivers>, and <Harden Email Clients>. The <Update Mode> allows the execution of EXE (TMP) and MSI files in ProgramData and AppData folders, which allows the applications to auto-update without losing much of the H_C protection. These folders are hidden for the users in the Explorer default settings. The <Harden Archivers> and <Harden Email Clients> support the <Update Mode> to prevent bypassing the Hard_Configurator Recommended Settings. The settings <Update Mode> = ON, <Harden Archivers> = ON, and <Harden Email Clients> = ON are added to the H_C Recommended Settings on Windows 8+. The <Update Mode> = ON setting still blocks the EXE (TMP) and MSI files in other folders from UserSpace like: Desktop, Documents, Downloads, Music, Movies, Pictures, non-system partitions, and USB drives. The user has to use "Install By SmartScreen" entry to run standalone application installers.
  • Added some new H_C setting profiles. For example, the Windows_8_Strict_Recommended_Settings and Windows_10_Strict_Recommended_Settings apply for Recommended Settings used in H_C 5.0.0.0 and prior versions, which did not use the <Update Mode> feature.
  • Whitelisted the folder ImplicitAppShortcuts (only for shortcuts).
  • Whitelisted the shortcuts in the user Desktop, when the Desktop location is redirected. This can happen when the user chooses the Desktop backup in OneDrive or manually changes the path to the Desktop. After changing the path to the user Desktop, it is required to sign off from the account or refresh the Explorer. After that, the shortcuts on the Desktop in the new location will be automatically whitelisted.
  • Added to the H_C manual many details related to Recommended Settings and Avast profiles, which can use now the <Update Mode> feature.
  • Added the option to whitelisting globally the MSI files (<Whitelist By Path> "Allow MSI"). In the version 5.0.0.1, this setting is used when the user applies the profile "Windows_10_MT_Windows_Security_hardening.hdc" - both EXE (TMP) and MSI files are allowed. In the old setting profile "Windows_10_MT_Windows_Security_hardening.hdc", only EXE (TMP) files are globally allowed.

New in Hard_Configurator 5.0.0.0 (Aug 22, 2019)

  • Added new version of ConfigureDefender with additional ASR rule: "Block persistence through WMI event subscription".
  • Minor bugs corrected.

New in Hard_Configurator 4.1.1.1 (Aug 22, 2019)

  • Added "Paranoid Extensions" (259 potentially dangerous file type extensions).
  • Added FirewallHardening tool, which blocks by Windows Firewall many LOLBins and allows the user to block any application.
  • Removed explorer.exe paths from FirewallHardening LOLBins on Windows 8 and 8.1., for compatibility with SmartScreen.
  • Two buttons <Recommended SRP> and <Recommended Restrictions> are replaced by one green button <Recommended Settings>.
  • Reorganization of buttons: the violet buttons <Firewall Hardening> and <ConfigureDefender> are now located in the upper part of the
  • main window. The button <No Removable Disks Exec.> was replaced by the new option button <Validate Admin Code Signatures> (see point 7).
  • If Default Deny Protection is turned OFF by 'Switch Default Deny' tool, then "Run By SmartScreen" option is automatically enabled in
  • Explorer context menu. It can be used for installing safely the applications both on Administrator and Standard User type of accounts.
  • Added the option <Validate Admin Code Signatures> which changes the UAC settings to enforce cryptographic signatures on any interactive
  • application that requests elevation of privilege. This setting will prevent the user to run from Explorer the applications which require
  • Administrative rights, but are not digitally signed.
  • Added the profile "Windows_10_MT_Windows_Security_hardening.hdc" which uses the new option <Validate Admin Code Signatures>.
  • The option <Restore Windows Defaults> does restore also Windows Defender defaults and removes FirewallHardening Outbound block rules.
  • All Hard-Configurator native executables are digitally signed by SHA256 certificate (Certum Code Signing CA SHA2).

New in Hard_Configurator 4.0.1.0 (Aug 22, 2019)

  • Added a new version of RunBySmartScreen (minor changes)
  • Added a new version of 7-ZIP.
  • Added more blocked Sponsors (total number 173).
  • Added more blocked Sponsors to Enhanced profiles.
  • Added new icons for H_C executables.
  • Added a new version of ConfigureDefender:
  • Version 2.0.0.1:
  • a) Added icon.
  • b) Added the button <Defender Security Log>, which allows seeing last 200 Windows Defender events.
  • c) Added the splash alert when applying time-consuming features.
  • d) Renamed option "Reporting Level (MAPS membership level)" to "Cloud-delivered Protection".
  • e) Extended the abilities of <REFRESH> button.
  • f) Updated the changes made by Microsoft to allow file & folder exclusions for some additional ASR rules.
  • g) Corrected the issue with closing the application.
  • h) Extended the help.

New in Hard_Configurator 4.0.0.2 (Nov 20, 2018)

  • Corrected the ability to whitelist OneDrive on SUA.
  • Changed the way of using <Refresh Explorer> option to avoid problems on SUA.
  • Added the warning before Hard_Configurator deinstallation, about using DocumentAntiExploit tool.
  • Added the DocumentsAntiExploit tool to the SwitchDefaultDeny application, for managing different MS Office and Adobe Acrobat Reader
  • XI/DC settings on different user accounts.
  • In the 4.0.0.2 version the <Documents Anti-Exploit> option in Hard_Configurator can only change system-wide settings. Non-system-wide
  • Settings are now available only via DocumentsAntiExploit tool.
  • Added IQY and SETTINGCONTENT-MS file extensions to the default list of Designated File Types and to the hardcoded dangerous
  • Extensions in RunBySmartScreen.
  • Improved Shortcut protection.
  • Improved the protection of MS Office and Adobe Acrobat Reader XI/DC applications, against the weaponized documents.
  • Improved 'Run By SmartScreen' with over 250 blocked file extensions (SRP, Outlook Web Access, Gmail, and Adobe Acrobat Reader
  • Attachments blacklists). The extensions BAT, DLL, CMD, JSE, OCX, and VBE are now blocked with notification, instead of beeing checked
  • By SmartScreen. Popular but vulnerable files (RTF, DOC, DOCX, XLS, XLSX, PUB, PPT, PPTX, ACCDB, PDF) related to MS Office and Adobe
  • Reader, are opened with the warning instruction.
  • Changed the names of some buttons in the TOOLS menu:
  • <View Blocked Events> --> <Blocked Events / Security Logs>
  • <Run Autoruns: Scripts/UserSpace> --> <Whitelist Autoruns / View Scripts>
  • Changed 'Allow EXE' option in the <Whitelist by Path> to 'Allow EXE and TMP'. So, both EXE files and TMP files are whitelisted -
  • This option is prepared to work with Avast Hardened Mode Aggressive as default-deny.
  • Corrected the bug with <Update> button (did not work for the 64-bit version).
  • Updated Hard_Configurator manual.

New in Hard_Configurator 4.0.0.0 (Jul 13, 2018)

  • Deinstallation of Hard_Configurator is available only from <Tools> <Uninstall Hard_Configurator>.
  • Added <Documents Ant-Exploit button> to block/unblock active content in MS Office and Adobe Acrobat Reader XI / DC.
  • Added <ConfigureDefender> button to run ConfigureDefender utility (installed with this package).
  • Added <Allow EXE files> button in 'Whitelist By Path' windowThis feature allows all EXE files except ticked in <Block Sponsors>.
  • Added the Avast_Hardened_Mode_Aggressive profile to work with Avast, set to Hardened Aggressive mode
  • Changed the name of the button <Run SRP/Scripts EventLogView> to <View Blocked Events>.
  • Extended the logged events in <View Blocked Events> to include Exploit Guard ASR, Controlled Folder Access, Network Protection, and
  • Defender blocked/audited events.
  • Added some new paths to blacklist writable Windows subfolders.
  • Corrected the whitelisting of OneDrive executables.
  • Added the new versions of: Sysinternals Autoruns, NirSoft FullEventView, and 7-ZIP.
  • .Recommended settings in ver4.0.0.0 are based on <Default Security Level> = 'Disallowed', as compared to <Default Security Level> =
  • 'Basic User' used in the previous versionsThe difference for the user will be visible only with the extended SRP protection for
  • BAT and CMD files.
  • .Added <Update> button to check/install the new Hard_Configurator versions.