SysHardener: Harden Windows Settings

It is not required to use both. But some users choose to do so, for an additional layer of protection.

 

I don't see your point.
For me OSAmor is the evolution of Syshardener.
While Syshardener is static, and gives you no feedback, OSAmor is dynamic and way easier to handle.

 

If you are running OSAmor, you may want to add Configure Defender Master.
Other than Syshardener it shows what migations are active, and which not.
Way more easier to troubleshoot, in case something is blocked, or not working.
Especially when the issue occurs days, weeks, or even months later.

 

SH is just an interface to automatize some OS security tweaks that were usually done manually.

OSA is a software that will block unwanted processes execution based on rules. Originally it was oriented to beginners because less technical than his "older brother" ERP.

Both complement each other because some of SH tweaks can't be achieve with OSA.

 

I've had no problem using SysHardener at default settings along with OSA.

 

Make sure you do a external backup, if you make a mistake your system is toast.
SysHardener is for people knowing what they are doing.

 

I wouldn't go quite so far as to say "toast," but I heartily agree that mistakes in configuring SysHardener can be vexing and hard to undo.

 

Can you use this with a SUA? Typing in the password all the time is annoying for my mostly used safe programs.

 

Yes.

Run it once on all the user accounts that you want to protect. It just tweaks your system, it does not provide active protection.
After a major Windows update, run it again on all user accounts.

 

STRONGLY agreed.

i tried sysharderner, followed other user guide for what settings to enable. then it broke my access to my NAS on the network. Also stuff like .bat and jar files were no longer associated (which i actually needed). It felt hard to undo that.

In the end i had to use a system restore point and not use sysharderner.

I'm sure that people who KNOW which setting to use would be fine with it. But for me it just restricted too much to the point of breaking usability.

Osarmor at default had no such issues, so i'm just using that instead.

 

you see, i never quite understand those who say syshardener breaks this, toasts that. syshardener is nothing more than a list of windows settings gathered in a single ui for your convenience and it does what it says perfectly well. if you don't know what you're doing, you don't need a 3rd party interface like syshardener to brick/toast/break your os whatsoever, you'll get there in any case. so if you're a novice user, you better not mess with tools like syshardener; tools that are meant for advanced users.

 

Amen

 

I found it to be like a third party Group Policy (which I have installed on here) but with a friendlier and much more compact interface. Since I have gpedit.msc, I have discontinued SysHardener, though I still find it highly useful, even on latest OS. I'm a pretty novice user: read and understand what you're enabling and have an image, that's pretty much it having learned after some trial and error. Also use OSArmor currently.

 

See Posts #188 & #195 above.

 

it is
its first thing you do: 1. prepare custom OS iso (debloated) without flash and xbox for instance, 2. side-load all updates (without re-installing flash and xbox) 3. install security apps such as antivir, usb protection as well as apps you'll need 4. Install VM 5. apply admin templates, GPO rules, further debloat and remove features/services/apps/modules/junk/tasks, apply security scripts and networking rules, apply SysHardener, further lock down system with custom files, code (intended to break or tamper normal functioning of code, like java or javascript), modifications, changing defaults for programs, setting up decoys, admin rules, browser tweaks, optimizations 6. install so-called blockers such as EXE Radar Pro or/and Os Armor 7. apply veracrypt (encrypt all drives) 8. Apply SRP either manually or with program 9. setup router with at least IDS/SPI and network forensic tools 9. only now connect to the Internet

 

@lucd: Didn't you forget the #irony tag?

Otherwise:
If it ain't broke, it ain't tweaked enough.

 

right? "9. setup router with at least IDS/SPI and network forensic tools 9. only now connect to the Internet".

that "network forensic tools" part though.

 

lol

 

@novirusthanks Will SysHardener be updated any time soon? Just curious.

 

Any news on future updates of SysHardener? It hasn't been updated for a very long time.

 

it doesn't require frequent updates.

 

This is correct. However, @novirusthanks mentioned a while back that he would gradually upgrade his apps, so I'm wondering when SysHardener will be updated. It was last updated almost three years ago, in May 2018.

 

i doubt there'll be an update anytime soon as andreas seems to be focused on his flagship sw osa.

 

SysHardener has always been one of the most popular NVT app, so I do think we will see an updated version of SysHardener in the not-too-distant future (maybe as shareware, who knows).

Most popular NVT apps: https://www.novirusthanks.org/most-popular-software/

 

that'd be a whole nother story.