SysHardener: Harden Windows Settings

We've just released a new free tool: SysHardener



This free security tool helps you harden Windows settings to mitigate online threats. You can enable UAC (commonly disabled by malware), unassociate bad file types (i.e JS, VBS, VBE, WSH, etc), disable autorun.inf on removable devices, enable DEP and SEH on all programs, turn off Windows Script Host (Wscript.exe), turn on SmartScreen, disable unneeded Windows services, disable Javascript on Adobe Reader, disable macros\OLE\Activex on Office, disable Javascript on Foxit Reader, block outbound connections of commonly hijacked system programs (i.e powershell.exe, wscript.exe, winword.exe, etc) via Windows Firewall rules, and much more. All these system hardening tweaks can help mitigate common today threats. Especially useful also the Windows firewall rules to block outbound connections of powershell, wscript, mshta, winword, excel, etc so an exploit cannot download the remote payload.

Product page & download:
http://www.novirusthanks.org/products/syshardener/

Works on Vista+ OS and is freeware.

 

I just added this to my older machine, it seems very handy for another Windows Defender supplement. The only thing so far is that OSArmor notifies when I changed several settings (only elevate executables that are signed and validated, for eg.). Here are two notices. Even though the log says "blocked," the settings seemed to be enabled on reboot. Should OSArmor not have blocked these changes outright? OSArmor could have then been disabled to enable the changes if so.

Spoiler

​

 

@Peter2150

This is a program that tweaks Windows settings and doesn't add any real-time protection.

You can use it to further improve Windows security by disabling unnecessary functionalities and secure Office\Adobe Reader\etc.

I personally use OSA for real-time protection, and I have applied tweaks from SysHardener (i.e Windows Firewall rules, Windows services disabled, etc).

I also disabled macros\OLE\activex on Office and applied tweaks for Foxit Reader (disabled Javascript, etc).

You may need to re-apply tweaks if Windows upgrades to a major build since during the upgrade some tweaks may be removed or restored to defaults.

@plat1098

Yes you may disable OSA, apply the tweaks and re-enable OSA.

Or add that exclusion to Exclusions.db (I may add it internally on OSA on the next build).

 

There is some really great stuff in here. Some true gems of tweaks, for sure. There is a lot of stuff within this tool which we would normally have to set all manually. So this can save time and is quite convenient.

 

Some features are similar to OSA...right?
BTW...how it can be compared to Hard_Configurator?
https://github.com/AndyFul/Hard_Configurator

 

Amen. Wholeheartily second that acrobat reader request.

As innocent as it's been for years on my machines employing varying little methods here and there, and nothing has ever even had a chance to tamper it, an option for options with it can only serve to help confidently keep it secure through this app.

Thanks. Dang @novirusthanks, you guys churn out a stack of all sorts of security apparatus.

I been quietly following many releases that come out from time to time and you guys just keep forming up more all the time. Awesome!

 

Nice tool, it includes many of my tweaks , now i don't have to apply them separately. Well done @novirusthanks

 

I love this new tool. Well done, Andreas.

PS: Would be great if it were possible to save and restore individual settings.

 

+1

 

By the way, there is some functionality differences between the installed and portable version?

 

+1

Now that is a wonderful suggestion. How about it @novirusthanks. Possible?

 

More neat toys from NVT! Thanks DLing now.

 

[QUOTE="ichito, post: 2740767, member: 115116"how it can be compared to Hard_Configurator?
https://github.com/AndyFul/Hard_Configurator[/QUOTE]
This NVT tool has a lot more Windows tweaks. On the other hand, Andy Ful's tool has SRP.

 

Does it need to be run again on every user account, for the settings that are user account specific?

A related issue: I ran it on my admin account, but in my LUA, I saw that .vbs was still associated with wscript.
So I ran it again, in the LUA, and I rebooted, and Windows settings showed that .vbs was still associated with wscript.
What is going wrong?

Another thing: I don't even see the other file types that it is supposed to change. .vbs is the only one I see. For instance, I don't see .vbe in the list in Windows settings.

Help...

 

Harden Windows PCs with SysHardener
February 26, 2018
https://www.ghacks.net/2018/02/26/harden-windows-pcs-with-syshardener/

 

1) does the default checked boxes (upon initial SysHardener launch) for the selected tweaks = the default original values set by my WinOS, on my setup, on my user account.
2) does Select Defaults do the same as Restore Defaults

 

Great little tool, easy to use, but I have one question. When you first run it, is it using NVT defaults, or what is already enabled\disabled by the system's user? Thanks!

 

After i have launched it for the first time, the second option should be shown as ticked but it was unticked. This means it is high likely using settings which are set in the file settings.ini

 

@Peter2150

The options related to Adobe Reader makes that changes also to Acrobat Reader DC, Acrobat Reader XI, Adobe Reader 7\8\9\10.

@Buddel

You can already restore individual tweaks:

Select only tweaks you want to restore to their defaults values, then click on "Restore Defaults".

@guest

Portable version is same as installer version.

@shmu26

Looks like the unassociation of file types doesn't work in all occasions (another user reported this), or at least it isn't always permanent.

We'll improve it asap.

@mood

We'll try to add explaination for each tweak in the next versions as suggested by gHacks review.

@bjm_ @dja2k

The program loads the selected tweaks from Settings.ini located in the same folder of SysHardener.exe

And by default are enabled only tweaks that can be useful for most regular users.

When you close the program or when you click the "Apply Selected" or "Restore Defaults" button the program saves the checked tweaks in Settings.ini.

The "Select Defaults" from the top-right button "Un\Select All" just checks the tweaks recommended by the program (the ones enabled by default).

The button "Restore Defaults" restores the selected tweaks to their default value (the original value set by the OS).

 

I experienced this as well with my LUA. Temporary fix (worked for me): Go to your Admin account and temporarily re-instate your LUA to administrative privileges. Reboot back into your LUA (now with admin privs) and enable what you want with SysHardener. Reboot and ensure all settings have taken place and stayed in place. Reboot back into your main Admin account and revoke your Admin privileges from your original LUA, making it true LUA like before. Reboot and ensure all settings are good. Anyway, this workaround is what worked for me with SysHardener and my LUA.

 

"restore to their defaults values" ... you mean the value set by the OS or set upon initial SysHardener launch + Apply Selected?

seems like I'd click on "Apply Selected" because "Restore Defaults" restores the selected tweaks to the original value set by the OS and not set by SysHardener defaults?

 

It would be good if there was a return to the settings prior to installation as well.