New Update Defender Hardening Console (part of Hawk Eye Analysis Platform)

Trident

Trident

From Hawk Eye
Thread author
Verified
Top Poster
Developer
Well-known
Feb 7, 2023
4,324
28,001
5,289
hea-p.com

Hello,

I am excited to announce the official release of Defender Hardening Console (part of HEAP).

The Hawk Eye Analysis Platform which I am working on is a set of tools for malware analysis and cleanup.

The Defender Hardening Console takes a proactive stance by hardening the built-in Windows security in a user-fiendly way.

No tools/downloads are required, the project generates PowerShell code which simply needs to be copy/pasted per the instructions.

Special care has been taken for any hardening to not be overdone.

The online console offers the following benefits:
-Enable hidden Microsoft Defender features which bring it on par with the big dogs
-Learn more about the built-in security
-Harden the antivirus and firewall, all in one go.
-Block frequently exploited tools from establishing network connections
-Block common ports used and abused by malware

What does the future hold for this project?
-I've obtained a large set of bot/botnet information, I will use AI to study it and better block ports
-UI improvements (I have obsession with UIs)
-Quick cleanup - Orion Malware Cleaner (which will now be renamed to Hawk Eye Analysis Tool) proved that it is possible to effectively run heuristics in PowerShell.
Very basic cleanup of several locations Defender will not take care of will be added to the console and to the copy/pasted script.
-Standalone firewall hardening compatible with third-party AVs based on Windows Filtering Platform

The script generated has been tested on Windows 11 with Microsoft Defender and Defender Firewall enabled and with latest updates installed.

1761044280462.png
1761044303359.png
1761044328362.png
 
  • +Reputation
  • Like
  • Hundred Points
Reactions: Dave Russo, Shadowra, lokamoka820 and 15 others
Parkinsond said:
I have found this on NextDNS subreddit

Click to expand...

Yeah, I was looking for a catchy name so I examined several names for the project.

The name must accurately represent the aim of the platdorms and tools.

The domain must be short.

Heap.com is not available, the next best was hea-p.com (it first represents heap which is known to the dev audience) and simultaneously, Hawk Eye Analysis Tool allows for word play (bring the heat on malware).

So I registered the domain 2-3 days ago whilst at the gym.

It will mature and the blocks will disappear.
 
  • Like
  • Hundred Points
Reactions: oldschool, piquiteco, rashmi and 4 others
Jonny Quest said:
@Divergent is there any way you could or are able to edit your posts please, especially the #4 screenshot into a thumbnail view. It overtakes a lot of the thread real estate. TIA

@Divergent Thank you :) :)
Click to expand...
Thank you for reminding me as I do most of this by mobile and forget just how obnoxious that can be. I also very much appreciate the respectful way you addressed it. More of that on this forum could possibly turn this place around.
 
  • Like
  • Thanks
Reactions: piquiteco, rashmi, simmerskool and 2 others
Trident said:

Hello,

I am excited to announce the official release of Defender Hardening Console (part of HEAP).

The Hawk Eye Analysis Platform which I am working on is a set of tools for malware analysis and cleanup.

The Defender Hardening Console takes a proactive stance by hardening the built-in Windows security in a user-fiendly way.

No tools/downloads are required, the project generates PowerShell code which simply needs to be copy/pasted per the instructions.

Special care has been taken for any hardening to not be overdone.

The online console offers the following benefits:
-Enable hidden Microsoft Defender features which bring it on par with the big dogs
-Learn more about the built-in security
-Harden the antivirus and firewall, all in one go.
-Block frequently exploited tools from establishing network connections
-Block common ports used and abused by malware

What does the future hold for this project?
-I've obtained a large set of bot/botnet information, I will use AI to study it and better block ports
-UI improvements (I have obsession with UIs)
-Quick cleanup - Orion Malware Cleaner (which will now be renamed to Hawk Eye Analysis Tool) proved that it is possible to effectively run heuristics in PowerShell.
Very basic cleanup of several locations Defender will not take care of will be added to the console and to the copy/pasted script.
-Standalone firewall hardening compatible with third-party AVs based on Windows Filtering Platform

The script generated has been tested on Windows 11 with Microsoft Defender and Defender Firewall enabled and with latest updates installed.

View attachment 292177View attachment 292178View attachment 292180
Click to expand...
It looks great, simple and clear, I think it's a great job!
 
  • Like
  • Thanks
  • Applause
Reactions: oldschool, piquiteco, rashmi and 5 others
Digmor Crusher said:
Trident, does this do anything different than Configure Defender or DefenderUI? Thanks
Click to expand...
Erm at this stage, it doesn't differ much, below are the differences:
-Targets beginners that may be scared to use other tools and may not really understand what is in these tools exactly. Hence the explanations are different and more detailed, as well as the potential downsides are explained.
-It tweaks Defender antivirus + the firewall at once. I've ripped an open source botnet database (which allows that) and will use AI to see how exactly bots connect and what other LOLBins I can block from connecting.
-In the future it will perform a very quick and light clean-up of several locations that can trip Microsoft Defender so in one go the system is cleaned and hardened.
It will be in the near future.
Jonny Quest said:
And just to add to @Digmor Crusher post, with DefenderUI and Configure Defender, if you want to make a quick change it's easy to do within the app. Would a person need to Re-set the settings from the web page and start over or just tweak from the site and would the changes have to be done via PowerShell?
Click to expand...
You just choose your settings there and copy/paste the script. Whatever you see in the console will be your Defender configuration. I am working on an export so you can save and reload your configurations. It will also be possible to export a PDF with all explanations, just in case you need to show your config to someone (like another knowledgeable member)

If you guys have any ideas and anything that you need, just let me know.
 
  • +Reputation
  • Like
  • Applause
Reactions: oldschool, piquiteco, brambedkar59 and 8 others
Trident said:
Erm at this stage, it doesn't differ much, below are the differences:
-Targets beginners that may be scared to use other tools and may not really understand what is in these tools exactly. Hence the explanations are different and more detailed, as well as the potential downsides are explained.
-It tweaks Defender antivirus + the firewall at once. I've ripped an open source botnet database (which allows that) and will use AI to see how exactly bots connect and what other LOLBins I can block from connecting.
-In the future it will perform a very quick and light clean-up of several locations that can trip Microsoft Defender so in one go the system is cleaned and hardened.
It will be in the near future.

You just choose your settings there and copy/paste the script. Whatever you see in the console will be your Defender configuration. I am working on an export so you can save and reload your configurations. It will also be possible to export a PDF with all explanations, just in case you need to show your config to someone (like another knowledgeable member)

If you guys have any ideas and anything that you need, just let me know.
Click to expand...
I like the concept of using ready-made script, rather than installing an app running all the time in the background.
 
  • Like
  • Thanks
Reactions: oldschool, rashmi, EASTER and 3 others
Parkinsond said:
I like the concept of using ready-made script, rather than installing an app running all the time in the background.
Click to expand...
The thing is this way of managing the projects allows very rapid development as well, I just change the code on the Cloudflare dashboard.

To execute this experience as a PEEXE, I will have to use a whole framework for the UI, and because I don't like performance impact and low quality, I will have to go for Sciter.

Then I can still call PowerShell from C++/.Net but it needs compilation every time, it will always be a new, low reputation executable and so on.

So this way offers the best of both worlds - the UI I aim for plus it's done on the system.
 
  • Like
  • +Reputation
Reactions: piquiteco, roger_m, rashmi and 4 others
Trident said:
Erm at this stage, it doesn't differ much, below are the differences:
-Targets beginners that may be scared to use other tools and may not really understand what is in these tools exactly. Hence the explanations are different and more detailed, as well as the potential downsides are explained.
-It tweaks Defender antivirus + the firewall at once. I've ripped an open source botnet database (which allows that) and will use AI to see how exactly bots connect and what other LOLBins I can block from connecting.
-In the future it will perform a very quick and light clean-up of several locations that can trip Microsoft Defender so in one go the system is cleaned and hardened.
It will be in the near future.

You just choose your settings there and copy/paste the script. Whatever you see in the console will be your Defender configuration. I am working on an export so you can save and reload your configurations. It will also be possible to export a PDF with all explanations, just in case you need to show your config to someone (like another knowledgeable member)

If you guys have any ideas and anything that you need, just let me know.
Click to expand...
If you need a script to configure the settings then you should have a script somewhere in the gui that people can copy and paste to revert back to Defender's default settings. Or have I missed something?
 
  • Like
Reactions: piquiteco, rashmi, simmerskool and 4 others

You may also like...