NVT SysHardener: Harden Windows Settings


Deleted member 178

Thread author
We've just released a new free tool: SysHardener


This free security tool helps you harden Windows settings to mitigate online threats. You can enable UAC (commonly disabled by malware), unassociate bad file types (i.e JS, VBS, VBE, WSH, etc), disable autorun.inf on removable devices, enable DEP and SEH on all programs, turn off Windows Script Host (Wscript.exe), turn on SmartScreen, disable unneeded Windows services, disable Javascript on Adobe Reader, disable macros\OLE\Activex on Office, disable Javascript on Foxit Reader, block outbound connections of commonly hijacked system programs (i.e powershell.exe, wscript.exe, winword.exe, etc) via Windows Firewall rules, and much more. All these system hardening tweaks can help mitigate common today threats. Especially useful also the Windows firewall rules to block outbound connections of powershell, wscript, mshta, winword, excel, etc so an exploit cannot download the remote payload.

Product page & download:
Harden Windows Settings with SysHardener | NoVirusThanks

Works on Vista+ OS and is freeware.

Nice tool, tried it, adopted it. it does what i used to do manually.
Last edited by a moderator:


Level 85
Top poster
Content Creator
Jul 3, 2015
You need to run it again on every user account, because some of the settings are user account specific.
I am not sure anymore that this is true. I said it because I saw that .vbs was still associated with Wscript in my standard user account. But I ran it again, and it is still associated. So I can't figure out what went wrong...

Av Gurus

Level 29
Top poster
Malware Hunter
Sep 22, 2014
I Enable "Only Elevate Exe that are signed..." restart and then Disabled that options (and restart again) but i still get Warning messages and can't run the exe?


Same thing is for options "Show Hidden and system files"


Also, "Restore Defaults" doesn't do nothing.

I have Portable version, run as Admin.

I check the Settings.ini and this looks strange...

Last edited:


From NoVirusThanks
Aug 23, 2012
@Av Gurus @plat1098

To remove the tweak "Only elevate executables that are signed and validated" from your system:

Try to do as follow:

1) Disable OSA (if installed)
2) Run SysHardener
3) Click on the button on the top-right "Un\Select All" -> Click on "UnSelect All"
4) Now all tweaks are unchecked
5) Check the option "Only elevate executables that are signed and validated"
6) Click on the button "Restore Defaults"
7) Reboot the PC

This way you will restore that selected tweak "Only elevate executables that are signed and validated" to its default value (that is disabled by the OS by default).

So now you'll be able to elevate unsigned executables as before.


Same for me, disabling RMS doesn't seem to affect the WiFi here.

If someone notice any issues please post here and in case I'll remove that option.


It would be nice, if it would detect the current settings, even for version 1.0, it is a basic feature, easily done.

We can do that on the next version. We may offer a button "Backup\Restore current settings" or similar.

A great idea, but half baked and badly implemented. I always find novirusthanks tools interesting, but after trying them out, I leave them in the dust.

That's fine and I respect your opinion.

We'll do our best to improve this application.

@Evjl's Rain

Default settings should be enough for most users.


Looks like the unassociation of file types doesn't work in all occasions (another user reported this), or at least it isn't always permanent.

We'll improve it asap.

You need to run it again on every user account, because some of the settings are user account specific.

Yes correct.

If SysHardener doesn't already let you set constrained language for powershell, that would be a good option to add.

We'll add that tweak on the next build.

We'll try to add explaination for each tweak in the next versions as suggested by gHacks review.