New Update Defender Hardening Console Executable

[Trident]

Where can I find a download link for this?

Sorry in advance

Defender Hardening Console | Configure Hidden Microsoft® Defender Settings

Free tool to configure 30+ hidden Microsoft® Defender settings. AI-powered optimization, Helios scanner.

hea-p.com

This is the official website.

 

[Antimalware18]

thank you @Trident ill replace DefenderUI on my laptop in the next few days with this, I scoured google and couldnt find it for some reason probably brain.exe forgot to work correctly

 

[Trident]

thank you @Trident ill replace DefenderUI on my laptop in the next few days with this, I scoured google and couldnt find it for some reason probably brain.exe forgot to work correctly

There is a new version planned for this Wednesday.

This new version brings enhanced connection monitoring, improved UI and improved Defender comminication.

It also brings PUP and remote assistance software detection.

There are improvements to the correlational engine (the one that detects malware-associated files) as well.

Maybe wait till I announce this version here.

 

[Antimalware18]

I most likely wont get to it until wednesday afternoon, so i will wait for the next version

 

[Trident]

I most likely wont get to it until wednesday afternoon, so i will wait for the next version

This version will also bring optional network zero trust, so apps connecting to non-whitelisted domains will be suggested for blocking through the deep firewall control. This is the essence of Behavioural Airlock, however, this is rather reactive approach, whilst BA will be proactive and block them before they are established.

Anyway, with that it will still be far from perfect, more work will be needed to get to where I want it to be.

I was impressed with the heuristics set which still produced good results on @Shadowra recent test.

 

[Antimalware18]

@Trident will the firewall control in this offer popups like WFC as well? I dont like auto-firewall so im currently using WFC as well, if so ill be able to slim down the setup even more by removing WFC

 

[Trident]

@Trident will the firewall control in this offer popups like WFC as well? I dont like auto-firewall so im currently using WFC as well, if so ill be able to slim down the setup even more by removing WFC

The Deep Firewall Control doesn’t really need popups because it builds a system map.

During the building process, it uses heuristics and reputation checks on all programmes and their modules.

When a module can’t prove its good reputation, Deep Firewall Control creates a block rule for the entire application.

It also blocks frequently abused LOLBins from connecting to the internet.

The Real Time firewall control will be in HEAT.

I will display how popups in heat currently look when I go home from gym in a moment.

 

[Antimalware18]

Pardon me if i haven't read through or fully understood all the posts before, but is HEAT bundled with this or it a seperate program altogeather?

 

[Trident]

Pardon me if i haven't read through or fully understood all the posts before, but is HEAT bundled with this or it a seperate program altogeather?

It is a separate software that is in the works.

This is the little brother of it.

 

[Trident]

These are the HEAT alerts

 

[Antimalware18]

These are the HEAT alerts

View attachment 294833

I like that it gives clear cut wording of where it was blocked from instead of the entire file location on the drive

 

[Trident]

After experimenting with different security software, I believe the reason for the failure to read settings is:
>>> PowerShell <<<

The project initially used PowerShell because this is the official Microsoft recommended way.
However, this way is slow, spawns external processes and looks brittle.

Defender Hardening Console will no longer be using PowerShell neither for reading, nor for writing settings.

This makes everything faster (instant, instead of few seconds wait) and much less fragile.

As to the failure to block scripts, I recommend that this setting is always on.

 

[Trident]

 

[Trident]

New version has been released.

This is a big update

1. Improved Defender Communication mechanisms for faster and more reliable experience.

2. Improved Scan Flow
I wasn't really happy with the scan flow as it was. In this version, it has been redesigned completely.

3. Implemented PUP and remote software detection

This comes with additional explanations and guidance so users can take the right decision, rather than relying on assumptions.

4. Implemented Junk Cleaner
This covers mainly files and some safe-to-clean sections in registry. It is highly optimized thanks to SIMD and modern language.

5. Improved malicious connections detection. This will be subject to heavy optimizations in the next few updates.

Additional bug fixes, performance improvements and detection tweaks.

This time around, there was no detection by Microsoft. Some detections have been reported to vendors.

https://deploy.hea-p.com/executable/AiDefender.exe

 

[Antimalware18]

@Trident i forgot to ask yesterday, does this run resident and on startup or is it you run it, set the settings and close?

 

[Trident]

@Trident i forgot to ask yesterday, does this run resident and on startup or is it you run it, set the settings and close?

DHC does not set any sort of persistence. It is a portable tool.

 

[Antimalware18]

DHC does not set any sort of persistence. It is a portable tool.

So Helios works even without persistance?

 

[Trident]

So Helios works even without persistance?

Helios UltraQuick is not designed to be persistent and to perform continuous operations. The UltraQuick version is designed to remove persistent malware AVs often miss.

Real-time protection is provided by the hardened Microsoft Defender.

The engine that provides continuous protection is Helios Pro.

That's not ready for release yet.

 

[Antimalware18]

Helios UltraQuick is not designed to be persistent and to perform continuous operations. The UltraQuick version is designed to remove persistent malware AVs often miss.

Real-time protection is provided by the hardened Microsoft Defender.

The engine that provides continuous protection is Helios Pro.

That's not ready for release yet.

Thank you for your replies, as well as the information, I appriciate it, It's cleared up many questions I had

 

[Avethil]

Hello,
the latest version works for me but when I run AIDefender.exe, both with admin rights or not, it forces me to temporarily disable Microsoft Defender tamper protection. Does that mean that after I've done the desired changes in AIDefender I can re-enable it ?