Hardentools for disabling some risky features

Discussion in 'other anti-malware software' started by ichito, Mar 1, 2017.

  1. ichito

    ichito Registered Member

    https://github.com/securitywithoutborders/hardentools

    "Here is the list of features that Hardentools disables when you press that button:
    1. Disables Windows Scripting Host.
    2. Disables AutoRun and AutoPlay.
    3. Disables powershell.exe, powershell_ise,exe, and cmd.exe execution via Windows Explorer.
    4. Disables Microsoft Office Macros.
    5. Disables Microsoft Office OLE object execution.
    6. Disables Microsoft Office ActiveX.
    7. Disables JavaScript in PDF documents in Acrobat Reader.
    8. Disables the execution of objects embedded in PDF documents."
    https://www.ghacks.net/2017/02/24/hardentools-make-windows-more-secure-by-disabling-features/

    They said that author is Claudio Guarnieri (Cuckoo Sandbox)
    https://www.security.nl/posting/505...ws?channel=rssThu, 23 Feb 2017 14:17:00 0100
     
    Last edited: Mar 1, 2017
    ichito, Mar 1, 2017
    #1
  2. TairikuOkami

    TairikuOkami Registered Member

    I wonder, how does it disable cmd.exe, if it is via DisableCMD, good luck installing Windows Updates and other stuff, basically crippling Windows.
     
    TairikuOkami, Mar 1, 2017
    #2
  3. guest

    guest Guest

    Not via DisableCMD, but via "DisallowRun"
    Code:
    /*
Disables Powershell and cmd.exe
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
 "DisallowRun"=dword:00000001
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
 "1"="powershell_ise.exe"
 "2"="powershell.exe"
 "3"="cmd.exe"
*/
     
    guest, Mar 1, 2017
    #3
  4. Windows_Security

    Windows_Security Guest

    It is a threshold to reduce shoot in the foot errors, together with disabling javascript, macro's, activeX and OLE-object execution, it should stop most ransomware delivered through poisoned documents. In combination of also crypto prevent like partial SRP deny execute of double file extensions, it is not watertight but it reduces an open door to the size of a letterbox. Pity he did not add ACL deny execute for Everyone in for example the download directory.

    All examples of partial solutions not adding up to a 100% protection, but still a lot better than without these hardening tweaks.
     
    Last edited by a moderator: Mar 1, 2017
    Windows_Security, Mar 1, 2017
    #4
  5. WildByDesign

    WildByDesign Registered Member

    This is really quite interesting. At the very least, it makes it easy to enable/disable in a simple way compared to modifying each of these manually by registry, etc. Something to keep an eye on, for sure. :thumb:
     
    WildByDesign, Mar 1, 2017
    #5
  6. ArchiveX

    ArchiveX Registered Member

    ArchiveX, Mar 1, 2017
    #6
  7. TairikuOkami

    TairikuOkami Registered Member

    Thanks.
     
    TairikuOkami, Mar 1, 2017
    #7
  8. reasonablePrivacy

    reasonablePrivacy Registered Member

    reasonablePrivacy, Dec 22, 2017
    #8
  9. guest

    guest Guest

    Hardentools 2.1 Released (September 4, 2021)
    Website
    Download
     
    guest, Sep 4, 2021
    #9
  10. EASTER

    EASTER Registered Member

    Holy Smokes Batman. Long time since this one is popped up right?
     
    EASTER, Sep 4, 2021
    #10
  11. guest

    guest Guest

    Hardentools 2.2 Beta Released (November 6, 2021)
    Website
    Download
     
    guest, Nov 13, 2021
    #11
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice