Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Harden Windows Security | Only with official documented methods | Always up to date
Message
<blockquote data-quote="SpyNetGirl" data-source="post: 1023433" data-attributes="member: 98858"><p><a href="https://github.com/HotCakeX/Harden-Windows-Security" target="_blank">Here are the changes I made to the script</a>:</p><p></p><p>Added 2 new categories, Edge browser and Windows update</p><h2><span style="font-size: 12px"><strong>Windows Update Configurations</strong></span></h2> <ul> <li data-xf-list-type="ul">Enables <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-windows-update-policies-you-should-set-and-why/ba-p/3270914" target="_blank">Windows Update to download and install updates on any network</a>, metered or not; because the updates are important and should not be suppressed, <strong>that's what bad actors would want.</strong></li> <li data-xf-list-type="ul">Enables "Receive Updates for other Microsoft products" (such as PowerShell) and sets updates to be installed outside of active hours automatically</li> <li data-xf-list-type="ul">Enables "Notify me when a restart is required to finish updating"</li> <li data-xf-list-type="ul">Sets the deadline for automatic updates and restarts for quality and feature updates to 2 days</li> </ul><h2><span style="font-size: 12px"><strong>Edge Browser configurations</strong></span></h2> <ul> <li data-xf-list-type="ul"><a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#blockthirdpartycookies" target="_blank">Block 3rd party cookies</a></li> <li data-xf-list-type="ul"><a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#dnsoverhttpsmode" target="_blank">Use DNS over HTTPS</a></li> <li data-xf-list-type="ul"><a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#dnsoverhttpstemplates" target="_blank">Set DNS over HTTPS template to Cloudflare's</a></li> <li data-xf-list-type="ul"><a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#configure-automatic-https" target="_blank">Automatic HTTPS upgrade of HTTP connections</a></li> <li data-xf-list-type="ul"><a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#encryptedclienthelloenabled" target="_blank">Enable Encrypted Client Hello</a></li> <li data-xf-list-type="ul"><a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreenenabled" target="_blank">Enforce SmartScreen</a></li> <li data-xf-list-type="ul"><a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#preventsmartscreenpromptoverride" target="_blank">Prevent users from ignoring and bypassing SmartScreen warnings for malicious websites</a></li> </ul><p></p><p>Added these for Windows Security (Defender) category:</p><ul> <li data-xf-list-type="ul">Check for the latest virus and spyware security intelligence on startup</li> <li data-xf-list-type="ul">Specify the maximum depth to scan archive files to the maximum possible value of 4,294,967,295</li> <li data-xf-list-type="ul"><a href="https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus?view=o365-worldwide" target="_blank">Define the maximum size of downloaded files and attachments to be scanned</a> and set it to the maximum possible value of 10,000,000 KB or 10 GB. <a href="https://github.com/MicrosoftDocs/microsoft-365-docs/pull/5600" target="_blank">the default is</a> 20480 KB or ~20MB</li> <li data-xf-list-type="ul">Enforces all features of the <a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen?tabs=gpo" target="_blank">Enhanced Phishing Protection</a> in Microsoft Defender SmartScreen</li> </ul><p></p><p>Changes to the Trust section to make things more clear:</p><ul> <li data-xf-list-type="ul">The <a href="https://github.com/HotCakeX/Harden-Windows-Security/tree/main/Payload" target="_blank">Payload folder</a> in this repository contains the files required to run this script:<ul> <li data-xf-list-type="ul"><a href="https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Payload/Registry.csv" target="_blank">Registry.csv</a> includes registry data used by this script, viewable in plain text and easily verifiable.</li> <li data-xf-list-type="ul"><a href="https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Payload/EventViewerCustomViews.zip" target="_blank">EventViewerCustomViews.zip</a> includes XML files, in plain text, easily readable and verifiable. the script downloads and copies them to C:\ProgramData\Microsoft\Event Viewer\Views so that when you open <a href="https://learn.microsoft.com/en-us/host-integration-server/core/windows-event-viewer1" target="_blank">Windows Event Viewer</a>, you will find custom views as explained in the Miscellaneous category.</li> <li data-xf-list-type="ul"><a href="https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Payload/Security-Baselines-X.zip" target="_blank">Security-Baselines-X.zip</a> includes Group Policies that are used by this script to apply the security measures explained in this page.</li> </ul></li> <li data-xf-list-type="ul"><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/Group-Policy#how-is-group-policy-used-in-this-powershell-script" target="_blank">How is Group Policy used in this PowerShell script?</a></li> <li data-xf-list-type="ul"><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/Group-Policy#how-are-group-policies-for-this-script-created-and-maintained" target="_blank">How are Group Policies for this script created and maintained?</a></li> <li data-xf-list-type="ul"><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/Group-Policy#how-to-verify-security-baselines-xzip-file-and-100-trust-it" target="_blank">How to verify security-baselines-x.zip file and 100% trust it?</a></li> </ul></blockquote><p></p>
[QUOTE="SpyNetGirl, post: 1023433, member: 98858"] [URL='https://github.com/HotCakeX/Harden-Windows-Security']Here are the changes I made to the script[/URL]: Added 2 new categories, Edge browser and Windows update [HEADING=1][SIZE=3][B]Windows Update Configurations[/B][/SIZE][/HEADING] [LIST] [*]Enables [URL='https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-windows-update-policies-you-should-set-and-why/ba-p/3270914']Windows Update to download and install updates on any network[/URL], metered or not; because the updates are important and should not be suppressed, [B]that's what bad actors would want.[/B] [*]Enables "Receive Updates for other Microsoft products" (such as PowerShell) and sets updates to be installed outside of active hours automatically [*]Enables "Notify me when a restart is required to finish updating" [*]Sets the deadline for automatic updates and restarts for quality and feature updates to 2 days [/LIST] [HEADING=1][SIZE=3][B]Edge Browser configurations[/B][/SIZE][/HEADING] [LIST] [*][URL='https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#blockthirdpartycookies']Block 3rd party cookies[/URL] [*][URL='https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#dnsoverhttpsmode']Use DNS over HTTPS[/URL] [*][URL='https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#dnsoverhttpstemplates']Set DNS over HTTPS template to Cloudflare's[/URL] [*][URL='https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#configure-automatic-https']Automatic HTTPS upgrade of HTTP connections[/URL] [*][URL='https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#encryptedclienthelloenabled']Enable Encrypted Client Hello[/URL] [*][URL='https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreenenabled']Enforce SmartScreen[/URL] [*][URL='https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#preventsmartscreenpromptoverride']Prevent users from ignoring and bypassing SmartScreen warnings for malicious websites[/URL] [/LIST] Added these for Windows Security (Defender) category: [LIST] [*]Check for the latest virus and spyware security intelligence on startup [*]Specify the maximum depth to scan archive files to the maximum possible value of 4,294,967,295 [*][URL='https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus?view=o365-worldwide']Define the maximum size of downloaded files and attachments to be scanned[/URL] and set it to the maximum possible value of 10,000,000 KB or 10 GB. [URL='https://github.com/MicrosoftDocs/microsoft-365-docs/pull/5600']the default is[/URL] 20480 KB or ~20MB [*]Enforces all features of the [URL='https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen?tabs=gpo']Enhanced Phishing Protection[/URL] in Microsoft Defender SmartScreen [/LIST] Changes to the Trust section to make things more clear: [LIST] [*]The [URL='https://github.com/HotCakeX/Harden-Windows-Security/tree/main/Payload']Payload folder[/URL] in this repository contains the files required to run this script: [LIST] [*][URL='https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Payload/Registry.csv']Registry.csv[/URL] includes registry data used by this script, viewable in plain text and easily verifiable. [*][URL='https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Payload/EventViewerCustomViews.zip']EventViewerCustomViews.zip[/URL] includes XML files, in plain text, easily readable and verifiable. the script downloads and copies them to C:\ProgramData\Microsoft\Event Viewer\Views so that when you open [URL='https://learn.microsoft.com/en-us/host-integration-server/core/windows-event-viewer1']Windows Event Viewer[/URL], you will find custom views as explained in the Miscellaneous category. [*][URL='https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Payload/Security-Baselines-X.zip']Security-Baselines-X.zip[/URL] includes Group Policies that are used by this script to apply the security measures explained in this page. [/LIST] [*][URL='https://github.com/HotCakeX/Harden-Windows-Security/wiki/Group-Policy#how-is-group-policy-used-in-this-powershell-script']How is Group Policy used in this PowerShell script?[/URL] [*][URL='https://github.com/HotCakeX/Harden-Windows-Security/wiki/Group-Policy#how-are-group-policies-for-this-script-created-and-maintained']How are Group Policies for this script created and maintained?[/URL] [*][URL='https://github.com/HotCakeX/Harden-Windows-Security/wiki/Group-Policy#how-to-verify-security-baselines-xzip-file-and-100-trust-it']How to verify security-baselines-x.zip file and 100% trust it?[/URL] [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
