SysHardener: Harden Windows Settings

Discussion in 'other anti-malware software' started by novirusthanks, Feb 26, 2018.

  1. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Works, and remembers settings here. Good work.
     
  2. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    As far as remembering the settings is concerned, there might be a difference between the "regular" and the portable version of this program. Just guessing.
     
  3. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Using "regular" here.
     
  4. guest

    guest Guest

    using portable here. my settings are remembered and since the first version.
     
  5. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    On installing SysHardener I see that some checkboxes are ticked. Are these read by SysHardener from the system settings at the time of its installation?

    Thank you.
     
  6. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    No, I suggested to have something like that:
     
  7. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    Thank you imuade. I was hoping that SysHardener would give me a list of settings which I could revert to if necessary. SysHardener has a handy set of buttons in the System Tools tab so I won't be uninstalling it but I won't be using it to modify settings when I haven't the faintest idea what many of them are before I start to change them.
     
    Last edited: Apr 8, 2018
  8. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    Ditto.
    Never installed it but won’t if this doesn’t grt changed.
     
  9. guest

    guest Guest

    @novirusthanks as OSA and ERP , no issues (yet) on Spring Creators Update.
     
  10. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    What about Syshardener? Are all policies set by it still valid in new update of Windows?
     
  11. guest

    guest Guest

    yes, no issue so far (obviously i didn't tried to verify each of them , but those i set in Fall still work in Spring).
     
  12. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Good to know before the update hits me. Thanks!
     
  13. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Just a question, with Spring Creators update coming up, would a backup option be good to add. I think the update will revert some options.
    When I uninstall and install again, I have to go pick my settings again because they are not checked (don't know if they are applied). Is this normal behavior? I know if you have the application installed and you apply the settings, next time you open the app, your settings are checkmarked.
     
    Last edited: Apr 9, 2018
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Same. Am sort of a portables type and always prefer it that way where they can be of most use w/o overhead of adding things to the system.

    SysHardener is no exception, and it just plain works on this end.
     
  15. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Suggestion: block scrcons.exe from connecting out?
     
  16. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    Great little software. Thanks for the update.
     
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Released SysHardener v1.5:
    http://www.novirusthanks.org/products/syshardener/

    Here is the changelog:

    + Updated Help\FAQs file
    + Added new command-line parameter: /customsettings "C:\Path\To\Settings.ini"
    + Removed button "Un\Select All" -> Use the "Tweaks" menu in the top main menu
    + Added option "Save to .INI file" on "Tweaks" main menu
    + Added option "Load from .INI file" on "Tweaks" main menu
    + New option Block Outbound Connections for Cmstp.exe (checked)
    + New option Block Outbound Connections for Esentutl.exe (checked)
    + New option Block Outbound Connections for Extrac32.exe (checked)
    + New option Block Outbound Connections for Expand.exe (unchecked)
    + New option Block Outbound Connections for Makecab.exe (checked)
    + New option Block Outbound Connections for Pcalua.exe (checked)
    + New option Block Outbound Connections for Print.exe (unchecked)
    + New option Block Outbound Connections for Replace.exe (unchecked)
    + New option Block Outbound Connections for ScriptRunner.exe (checked)
    + New option Block Outbound Connections for Scrcons.exe (checked)
    + New option Block Outbound Connections for Ftp.exe (unchecked)
    + New option Block Outbound Connections for Tftp.exe (unchecked)
    + New option Block Outbound Connections for Telnet.exe (unchecked)
    + Improved detection of Acrobat Reader 11.0

    Screenshot fo the "Save to .INI file" and "Load from .INI file" options:

    syshardener15.png
     
  18. guest

    guest Guest

    this is what i waited for :thumb:.
     
    Last edited by a moderator: May 13, 2018
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Been reading a lot of demands for such a feature. Will make a whole lot of peeps very satisfied now they can keep their original and save/load new configs with this.
     
  20. guest

    guest Guest

    yep many of the tools NVT produce are excellent in term of productivity.
     
  21. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Does the ini file catch the settings you currently have selected, or does it rather catch the current state of your system?
    Let's say I didn't apply any tweaks at all yet. I want to save my current state before tweaking. Will the ini file catch my current state? Or is there another way to do that, besides making a Windows restore point?
     
  22. guest

    guest Guest

    i believe it is only the settings.
     
  23. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    I was asking for that option, but I don't know if it has been implemented
    @novirusthanks ?

     
  24. guest

    guest Guest

    SH isn't real time, it is just a GUI that load some powershell scripts to enable/disable the selected options. When you install it it doesn't read anything on your system, it is why when you update it on top on the previous versions, the default setup are shown, you had to re-applied your preferred options, but now with the ini file import/export feature, you can do it in a click.
     
  25. chicago25

    chicago25 Registered Member

    Joined:
    May 13, 2018
    Posts:
    4
    Location:
    Illinois
    I've been a long time reader of this forum. I am trying both SysHardener and OSArmor, and I'm very impressed. Thank you to NoVirusThanks for making hardening so much easier than it has been. I've typically applied about 70 GPO hardening steps and 8 Registry hardening changes manually. SysHardener and OSArmor have captured the vast majority of those changes in a much faster and easier to use format, and have also provided additional hardening steps that I had not previously considered.

    I would like to suggest some following hardening steps be considered for SysHardener. I've used these on my PCs. If some of these steps are already in SysHardener and I simply missed them, then please disregard.

    GPO Settings: LLMNR: Multicast Name Resolution, Force GPO Refresh, Bitlocker Drive Encryption: Drive encryption method and cipher strength; Disable new DMA devices when computer is locked, Disable heap termination upon corruption, Disable remote shell access

    Powershell Hardening Commands: Scan all scripts when they are seen or run. Enable PUA Protection
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.