GUI to manage Software Restriction Policy (SRP) and harden Windows
Hard_Configurator is the lightest solution, because it does not burden the system with any new processes, drivers, services, or scheduled tasks. Its protection works by means of built-in Windows policies stored in the Windows registry, but readily visible and manageable by the user through the Hard_Configurator GUI. Such a setup is highly compatible with Windows systems and various antivirus protections. It does not cause issues with Windows updates or system scheduled tasks, since the relevant policies do not restrict processes initiated at system level.
Hard_Configurator has a special module for configuring advanced Windows Defender settings, via the ConfigureDefender application. They are especially useful in preventing advanced exploits of Microsoft Office applications and Adobe applications. Even if the user does not use Windows Defender, he can still benefit greatly from the Documents Anti-exploit settings, which block all macros and other active content in documents, when opened in Microsoft Office or in Adobe applications.
This type of default-deny setup can be used by anyone who desires a higher level of security. It is especially useful for the protection of casual computer users. Hard_Configurator may be used to configure the computer systems of family members and friends. The initial configuration often requires some whitelisting, which should preferably be done by an advanced user, and then users of all levels will benefit from the resulting protection. There is a special default-deny profile that can be used to work with Avast antivirus set to Hardened Aggressive mode. This setup is very convenient for casual users in their typical daily computer use.