Skip to content

Harden Windows Security v.0.7.3
Compare
Choose a tag to compare
@HotCakeX HotCakeX released this 08 Jan 15:21
· 32 commits to main since this release
Hardening-Module-v.0.7.3
8ad3e5c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

What's New

  • Added a new section to the Apps | Features page where you can remove the pre-installed built-in network drivers that you do not use. Windows by default has WIFI and Ethernet network adapter drivers of Intel, Broadcom, Ralink, Realtek, Qualcomm and Marvel. If you do not have any of those hardware or you install your own drivers then you can remove the unnecessary ones, freeing up disk space and reducing the overall attack surface.

    • You can view the full list of pre-installed network drivers via this PowerShell command: Get-WindowsCapability -Online

    • As always, detailed logs of each step of the operation will be generated and made available.

  • Improved the dialog window design. It has a gradient dark background and will stay at top so user won't miss important message that is displayed.

  • Added a check to display a message to the user when installing AppControl Manager and an incompatible policy is detected.

  • Improved the module's compatibility with other modules that load the same Microsoft DLLs in the session through PowerShell profile. When Harden Windows Security detects such situations, it will automatically use the -NoProfile switch.

  • Updated the Microsoft DLLs to the latest versions from NuGet.

  • Improved the logging mechanism when using the Harden Windows Security in unattended/headless mode like this:

Protect-WindowsSecurity -Verbose -Categories MicrosoftSecurityBaselines,Microsoft365AppsSecurityBaselines,MicrosoftDefender,AttackSurfaceReductionRules,BitLockerSettings,TLSSecurity,DeviceGuard,LockScreen,UserAccountControl,WindowsFirewall,WindowsNetworking,WindowsUpdateConfigurations,MiscellaneousConfigurations,EdgeBrowserConfigurations,CertificateCheckingCommands,CountryIPBlocking,DownloadsDefenseMeasures,NonAdminCommands -Log -LogPath 'C:\Users\Admin\Desktop\Logs.txt' -Offline -MSFTDefender_SAC -MSFTDefender_BetaChannels -DeviceGuard_MandatoryVBS -WindowsNetworking_BlockNTLM -MiscellaneousConfigurations_ReducedTelemetry -MiscellaneousConfigurations_LongPathSupport -CountryIPBlocking_OFAC -DangerousScriptHostsBlocking -UAC_OnlyElevateSigned -LockScreen_CtrlAltDel -Miscellaneous_WindowsProtectedPrint -UAC_NoFastSwitching -MiscellaneousConfigurations_StrongKeyProtection -LockScreen_NoLastSignedIn -PathToLGPO 'C:\Users\Admin\Desktop\LGPO.zip' -PathToMSFT365AppsSecurityBaselines 'C:\Users\Admin\Desktop\Microsoft365SecurityBaseline.zip' -PathToMSFTSecurityBaselines 'C:\Users\Admin\Desktop\Windows 11 v24H2 Security Baseline.zip'

  • That's an example command that will run all of the categories and sub-categories in unattended mode, completely offline, and log the output to a file. The log file will contain every details of the operation just like they are generated in the GUI mode.

  • Previously the logs in this scenario would have very minimal content because the built-in PowerShell transcription feature was being used but now it's handled by the module itself.

  • With a command like that, you can configure your systems/workstations in bulk and schedule that command to run periodically. That is a completely automated mechanism and if a new version of the module is available, it will download and install it and remove any older version.

  • Documentation is available here.

  • If you have any questions about the unattended/headless mode, feel free to ask here on GitHub.


PR: #515


Assets 2
Loading