SysHardener: Harden Windows Settings

Discussion in 'other anti-malware software' started by novirusthanks, Feb 26, 2018.

  1. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    833
    Location:
    Land o fruits and nuts, and more crime.
    Works, and remembers settings here. Good work.
     
  2. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    979
    As far as remembering the settings is concerned, there might be a difference between the "regular" and the portable version of this program. Just guessing.
     
  3. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    833
    Location:
    Land o fruits and nuts, and more crime.
    Using "regular" here.
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,780
    Location:
    Europe then Asia
    using portable here. my settings are remembered and since the first version.
     
  5. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    128
    Location:
    Wigan
    On installing SysHardener I see that some checkboxes are ticked. Are these read by SysHardener from the system settings at the time of its installation?

    Thank you.
     
  6. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    685
    Location:
    Italy
    No, I suggested to have something like that:
     
  7. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    128
    Location:
    Wigan
    Thank you imuade. I was hoping that SysHardener would give me a list of settings which I could revert to if necessary. SysHardener has a handy set of buttons in the System Tools tab so I won't be uninstalling it but I won't be using it to modify settings when I haven't the faintest idea what many of them are before I start to change them.
     
    Last edited: Apr 8, 2018
  8. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,184
    Location:
    Québec, Canada
    Ditto.
    Never installed it but won’t if this doesn’t grt changed.
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,780
    Location:
    Europe then Asia
    @novirusthanks as OSA and ERP , no issues (yet) on Spring Creators Update.
     
  10. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    What about Syshardener? Are all policies set by it still valid in new update of Windows?
     
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,780
    Location:
    Europe then Asia
    yes, no issue so far (obviously i didn't tried to verify each of them , but those i set in Fall still work in Spring).
     
  12. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Good to know before the update hits me. Thanks!
     
  13. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,097
    Location:
    South Texas, USA
    Just a question, with Spring Creators update coming up, would a backup option be good to add. I think the update will revert some options.
    When I uninstall and install again, I have to go pick my settings again because they are not checked (don't know if they are applied). Is this normal behavior? I know if you have the application installed and you apply the settings, next time you open the app, your settings are checkmarked.
     
    Last edited: Apr 9, 2018
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,330
    Location:
    U.S.A. (South)
    Same. Am sort of a portables type and always prefer it that way where they can be of most use w/o overhead of adding things to the system.

    SysHardener is no exception, and it just plain works on this end.
     
  15. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,346
    Suggestion: block scrcons.exe from connecting out?
     
  16. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,879
    Location:
    US
    Great little software. Thanks for the update.
     
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,027
    Location:
    Italy
    Released SysHardener v1.5:
    http://www.novirusthanks.org/products/syshardener/

    Here is the changelog:

    + Updated Help\FAQs file
    + Added new command-line parameter: /customsettings "C:\Path\To\Settings.ini"
    + Removed button "Un\Select All" -> Use the "Tweaks" menu in the top main menu
    + Added option "Save to .INI file" on "Tweaks" main menu
    + Added option "Load from .INI file" on "Tweaks" main menu
    + New option Block Outbound Connections for Cmstp.exe (checked)
    + New option Block Outbound Connections for Esentutl.exe (checked)
    + New option Block Outbound Connections for Extrac32.exe (checked)
    + New option Block Outbound Connections for Expand.exe (unchecked)
    + New option Block Outbound Connections for Makecab.exe (checked)
    + New option Block Outbound Connections for Pcalua.exe (checked)
    + New option Block Outbound Connections for Print.exe (unchecked)
    + New option Block Outbound Connections for Replace.exe (unchecked)
    + New option Block Outbound Connections for ScriptRunner.exe (checked)
    + New option Block Outbound Connections for Scrcons.exe (checked)
    + New option Block Outbound Connections for Ftp.exe (unchecked)
    + New option Block Outbound Connections for Tftp.exe (unchecked)
    + New option Block Outbound Connections for Telnet.exe (unchecked)
    + Improved detection of Acrobat Reader 11.0

    Screenshot fo the "Save to .INI file" and "Load from .INI file" options:

    syshardener15.png
     
  18. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,780
    Location:
    Europe then Asia
    this is what i waited for :thumb:.
     
    Last edited: May 13, 2018
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,330
    Location:
    U.S.A. (South)
    Been reading a lot of demands for such a feature. Will make a whole lot of peeps very satisfied now they can keep their original and save/load new configs with this.
     
  20. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,780
    Location:
    Europe then Asia
    yep many of the tools NVT produce are excellent in term of productivity.
     
  21. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,346
    Does the ini file catch the settings you currently have selected, or does it rather catch the current state of your system?
    Let's say I didn't apply any tweaks at all yet. I want to save my current state before tweaking. Will the ini file catch my current state? Or is there another way to do that, besides making a Windows restore point?
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,780
    Location:
    Europe then Asia
    i believe it is only the settings.
     
  23. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    685
    Location:
    Italy
    I was asking for that option, but I don't know if it has been implemented
    @novirusthanks ?

     
  24. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,780
    Location:
    Europe then Asia
    SH isn't real time, it is just a GUI that load some powershell scripts to enable/disable the selected options. When you install it it doesn't read anything on your system, it is why when you update it on top on the previous versions, the default setup are shown, you had to re-applied your preferred options, but now with the ini file import/export feature, you can do it in a click.
     
  25. chicago25

    chicago25 Registered Member

    Joined:
    May 13, 2018
    Posts:
    4
    Location:
    Illinois
    I've been a long time reader of this forum. I am trying both SysHardener and OSArmor, and I'm very impressed. Thank you to NoVirusThanks for making hardening so much easier than it has been. I've typically applied about 70 GPO hardening steps and 8 Registry hardening changes manually. SysHardener and OSArmor have captured the vast majority of those changes in a much faster and easier to use format, and have also provided additional hardening steps that I had not previously considered.

    I would like to suggest some following hardening steps be considered for SysHardener. I've used these on my PCs. If some of these steps are already in SysHardener and I simply missed them, then please disregard.

    GPO Settings: LLMNR: Multicast Name Resolution, Force GPO Refresh, Bitlocker Drive Encryption: Drive encryption method and cipher strength; Disable new DMA devices when computer is locked, Disable heap termination upon corruption, Disable remote shell access

    Powershell Hardening Commands: Scan all scripts when they are seen or run. Enable PUA Protection
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.