SysHardener: Harden Windows Settings

Discussion in 'other anti-malware software' started by novirusthanks, Feb 26, 2018.

  1. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    Try Hard_Configurator, it a killer, malware killer, especially talking about SRP (system restriction policy). I do not use it, because I do not like using 3rd party tools (like SRP or setacl).
    Code:
    https://github.com/AndyFul/Hard_Configurator
    Yeah, that happened to me too, someone downloaded it and run it ASAP, then complained, that nothing worked, internet, store, etc.
    Luckily, my tweaks literally kill everything, so users have full hands reinstalling and no time writing to me about their user experience.
    Ever since I have included warnings and I recommend tools to backup, but people, who just download and run it, will not read it anyway.
    By the way I have included support via Facebook, steam, email, but only ~5 people ever connected me, considering 70 thousands views.
     
  2. 142395

    142395 Guest

    I don't fully agree. If you understand, you can expect what can happen and where to look once problem occur, and not a few times you don't have to revert back as the tweak allow specific exclusion (e.g. CWDIllegalInDllSearch).
    Also not all issues are detactable - whoops, I somehow used the wrong word "sensible" in privious post, corrected - some tweak can actually weaken your security (e.g. most well-known is disabling MpsSvc when you use 3rd party FW, but also some network crypto/auth related tweaks which strengthen crypto/auth but open another attack vector). This is why I always make tweaks only after I understand things, because I have "healthy fear" that I may not notice every latent problems. (and I guess many ppl even don't bother to see event viewer.)
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    This begs the question, if you don't notice it, is it even there? Usually the answer would be yes, but in security? You know, when I get malware on my pc BECAUSE of a tweak I've done incorrectly, THAT is when I'll consider it. Otherwise, it's just pointless talk. For example, why enable mpssvc with 3rd party firewall? I've disabled mpssvc, mpsdrv is enabled, and I've had no issues with simplewall wrongly blocking or allowing a process, I see no issue => there is no issue, if everything is working fine
     
  4. 142395

    142395 Guest

    @Floyd 57
    It's going off-topic, but talking about security w/out defining one's threat model is a source of confusion. As you see in my sig, malware is just a small part of security matter for me and even when talking about malware, I take post-infection scenario seriously. But if what you care is if you got common malware (not those advanced & targeted), then you don't need these tweaks for the first place (except for performance & privacy tweak ofc). Just employ SRP or default-deny exe w/ SUA, default-deny on browser, keep up-to-date, download only reputable software, check digital sig, throw it to VT, and disable unneeded function in document viewers, you're done! Most of tweaks don't stop malware by itself.

    About MpsSvc, there's a dedicated thread a few years ago but essentially it is NOT only for WFW. It's also responsible for Windows service hardening which compartmentalize privilege of services. So assuming your adversary was advanced enough to exploit one of your services, it may be game over while if you hadn't disabled MpsSvc the damage might still be limited - it's not easy to calculate the risk of MpsSvc itself being exploited vs increased damage from any of other vulnerable service. IDK if things have changed since. Before I apply any tweak, I evaluate its benefit & loss. This allow me to skip tweaks which only gives false sense of security.

    One thing I forgot to mention is that problems don't necessarily occur just after you made modification. Some tweaks cause problem only if certain condition is met, so it's likely and actually happened to me several times that a problem occur months after modification. I could manage them, as I know all the tweaks and what they do, e.g. CWDIllegalInDllSearch caused the problem only when I run a program from USB.

    TBH, I think there's no reason not to learn. Searching about a tweak won't take 15 min tho it depends on your current knowledge and each tweak. If your knowledge is not enough to understand, then don't touch it and keep learning, 1y later you'll be able to. I myself was almost noob 5y ago. Sure, there're too many tweaks so it's impossible to learn all of them at once. Learn one by one and add tweaks one by one. Now I only need to look at newly added tweaks. But it seems ppl hate this kind of process, they hear sth is good/bad for their health and blindly do it when it's actually bad/good for health.
     
    Last edited by a moderator: Oct 7, 2018
  5. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    @142395
    actually I would like to see your script, if I can learn something from it why not, informing ppl about security is a noble thing to do , if you know something always share it. For instance evil hackers share their info, good guys/normal ppl should too. On the normal Internet it is very hard to find something useful, you said yourself that my tweaks didn't increase security at all.
    - no of course you didn't he did, he/she should analyze your script and pick what is best for what he needs, study it. Somebody made a terrible mistake. I am still on topic because part of your script could be asked to be implemented in SysHardener.
     
    Last edited: Oct 14, 2018
  6. 142395

    142395 Guest

    @lucidstorm
    This thread is for SH and the fact I haven't suggested any additional tweak speaks all - I rather hope SH to remove some tweaks, but I know that won't happen in security forum where ppl believe in more is better. I guarantee that the most effective and suitable-for-all tweaks are already covered by SH & H_C, and also what I've got are all available online, everyone can get them if he search.

    And you can't say why you don't when he actually did and decided not to do anymore. You may think it's just putting the scripts here and that's done...that's not the reality. Yes they should analyze but how to enforce them? In the thread I explicitly wrote "Pls use them w/ your own risk". And my scripts are fully tuned for my usage - only I know how to use them properly. I remove tweaks form scripts when it can be done via GUI, 'cause that is how I do. There's a preferable steps to run these scripts. I know how each tweak is related to each func so I've disabled most func I don't need which I'm sure others need. Some of them make specific event log or specific pattern when sth has happened which I know but how about others? There's an even more reason which I only disclosed in PM w/ others. I'm not an IT writer nor support center, yet has sometimes been shared what I think is of value. Just dig the forum and you'll see I already had shared Chrome tweaks, Firefox tweaks, and some other info.
    Besides, what brings real security is NOT, NEVER those trivial scripts. It is knowledge and behavior. In the search process actually I've learned much and these scripts are more of bonus. They are the cherry on top for those who have done all other things - I doubt how many ppl actually done. If you wanna continue, pls move to another thread or PM.

    Note: don't use the scripts in the thread, not only deprecated but even include bug(typo).
     
  7. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    That hardenwindows10 is ok but soso I also like hackernoon tweaks https://hackernoon.com/the-2017-pentester-guide-to-windows-10-privacy-security-cf734c510b8d
    however its not like much combined, I still want more:) quite obvious tweaks don't u think? I mean once u do them and understand them.. I am far more impressed with andreas tweaks with os armor and sys hardener, I would like to see them expanded especially in the anti-hacker area, manned attacks, I love no virus thanks
     
    Last edited: Oct 22, 2018
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Can anyone say which items among the firewall settings are related to privacy/telemetry?
    I am assuming that the rest of them are purely security related.
     
  9. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Now that I looked it, there's a "block outbound connections for msiexec.exe" which I'm curious about, since msiexec wants connection almost every time it's ran (when something is installed or uninstalled usually). I've never allowed it with no harm, but I still wonder what's the connection for, haven't found answers anywhere. Asides from msiexec, none of the other exes in syshardener firewall rules have ever needed to connect to the internet. If something does, I'll research it
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Thanks, @Floyd 57
     
  11. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Can anyone say if it would be safe to use "default settings" with win7.
     
  12. guest

    guest Guest

    You should look what each tweaks in default settings does, if you understand what they do and if they fit your needs.

    To be on the safe side, do a backup before.
    Once the tweaks are implemented by SH, removing them is a bit tricky if you didn't listed which one you ticked.
     
  13. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    That's the reason, why I don't use SH anymore.

    Beside doing a backup, I recommend to take a screenshot, before applying changes.

    I learned it the hard way, after an issue appeared several weeks after I applied tweaks.
     
  14. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    NVT's answer: Tick "select all" + hit "Restore selected" + restart = DONE! So easy, even @Bertazzone can do it. And if @Bertazzone can do it, ANYONE can do it! Sure, I backed up settings, but rarely need to use them.
     
  15. guest

    guest Guest

    Yep that trick.
     
  16. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    If you leave it at default settings, like @Circuit was asking, you won't even get into the problem in the first place.
     
  17. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Good point. If you don't know what you're doing, just use default settings. SH is a useful app, but if you're not tech-savvy enough to know what all settings do, just use default settings and don't "play" with them.
     
  18. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    And start all over again...
     
  19. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    Yes, but with default settings this time.:cool:
     
  20. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Or load preferred backed-up settings, if you've labelled them well enough to know which version does work well for you. That is, if you have different versions. No problemo!
     
  21. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    I found it to time consuming, to set and reset again and again, even with different presets.
    NVT has a better manageable app now, that I would prefer: OSArmor
     
  22. Moogle Stiltzkin

    Moogle Stiltzkin Registered Member

    Joined:
    Oct 12, 2014
    Posts:
    18
    an issue i ran into so far with sysharderner, specifically when i use the unassociate file types.

    i couldn't roll back sysharderner unaccosiate bat and jar files (which is what i needed to run ripme, an app i use)

    https://github.com/RipMeApp/ripme


    I did figure out how to undo it to get it working again doing this

    as suggested by factor mystic
    https://superuser.com/questions/539...ation-with-the-system-make-them-run-when-doub

    also reinstalling java. Jarfix may also work, but i'm not 100% sure
    https://johann.loefflmann.net/en/software/jarfix/index.html

    anyway... other than this hiccup, my setup seems to be fine for my regular usage.
     
  23. Moogle Stiltzkin

    Moogle Stiltzkin Registered Member

    Joined:
    Oct 12, 2014
    Posts:
    18
    so if i use osarmor, then hardensys is not required is it?
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I use both. They don't really overlap. OSA runs in real-time, SysHardener is set and forget, until the next major Windows update.
     
  25. Moogle Stiltzkin

    Moogle Stiltzkin Registered Member

    Joined:
    Oct 12, 2014
    Posts:
    18
    ah kewl, thx.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.