NVT SysHardener: Harden Windows Settings

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Can you add code to have it kill Cortana also?
Killing off Cortana is easy, but it is too entwined into the system, so the consequences might be severe.

Code:
takeown /f "%WinDir%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" /a /r /d y
icacls "%WinDir%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" /inheritance:r /grant:r Administrators:(OI)(CI)F /t /l /q /c
taskkill /im SearchUI.exe /f
rd "%WinDir%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy" /s /q
 

DavidLMO

Level 4
Verified
Dec 25, 2017
158
Sorry - If posted here I missed it.

I created a Restore point first. Does this app do that?
I did that cause I have changed quite a few settings on my own previously. I could never remember all that I have done. :)

If Resetting to Defaults set them back to M$ defaults - then I would be hosed. So I wanted to save My current settings. Restore point does that.

Anyway - found a couple of things that I wanted to change which were not checked and I checked them.

Ran last evening. So far I have not encountered anything weird - so fingers crossed.

And - Yes - I would like to remove all Telemetry too. It is such a pain.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
It looks it have some problem with settings Foxit Reader and WPS Office...

Clipboard01.jpg Clipboard02.jpgClipboard03.jpg
 
  • Like
Reactions: AtlBo

jelson

Level 2
Jun 14, 2011
54
Blocking Windows telemetry is not just an option. It is a big thing.

I think the software is more of hardening Windows security rather than its privacy

For privacy you can look to freeware like O&O Shut Up 10

O&O ShutUp10: download free antispy tool for Windows 10

or follow the below to improve your privacy

Windows 10 Privacy Guide - Fall Creators Update

An alternative [but not for the faint of heart] would be to consider a Windows 7 solution by abbodi1406 on MyDigitalLife Forums
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Released SysHardener v1.1:
Harden Windows Settings with SysHardener | NoVirusThanks

Screenshots of the new tabs:

syshardener-1.1.png


Here is the changelog:

+ Fixed tweaks related to Foxit Reader
+ Fixed "Set Macros Security to "Very High" in Kingsoft WPS Office"
+ Enabled "Turn Off WinHTTP Web Proxy Auto-Discovery Service":
*** References: Project Zero: aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
+ Added an "info" icon that on click it opens a web page
+ Ask to create a system restore point
+ Support parameter "/createrestorepoint" from command-line
+ New option "Disable PowerShell Script Execution (Windows 7+)"
+ New option "Restric PowerShell (v3+) to Constrained Language Mode"
+ New option "Configure Behavior of UAC Prompt for Administrators"
+ New option "Configure Behavior of UAC Prompt for Users"
+ Added "System Tools" tab to open useful system tools
+ Minor fixes and optimizations
+ Updated help file
 
F

ForgottenSeer 58943

Thread author
Careful with this. It hardened my server so much I can't even login anymore. RDP doesn't work as well.

I've unchecked everything I can find relating to remote access, but where does this kill RDP? I need to know or I am going to have to restore backups on the server to fix it. :unsure:

@NoVirusThanks Can you tell me what part of this disables RDP or potentially damages RDP access? I can't find it.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
@ForgottenSeer 58943

What tweaks did you apply? Only the default ones or all of them?

Only these two tweaks should be related to RDP:

Turn Off Remote Desktop Connection to This PC (unchecked by default)
Turn Off Remote Desktop Services (unchecked by default)

Try this:

1) Unselect all tweaks
2) Then check\select only the following tweaks:

Turn Off Remote Desktop Connection to This PC
Turn Off Windows Remote Assistance
Turn Off Helper IP (IPv6) Service
Turn Off TCP/IP NetBIOS Helper Service
Turn Off WinHTTP Web Proxy Auto-Discovery Service
Turn Off Radio Management Service
Turn Off Remote Desktop Services
Block Inbound Connections

3) Now click on "Restore Selected"
4) Reboot

Let me know if that works.

In case it doesn't, try to select also all Windows Firewall rules and click "Restore Selected" and reboot.
 
Last edited:
F

ForgottenSeer 58943

Thread author
@ForgottenSeer 58943

What tweaks did you apply? Only the default ones or all of them?

Only these two tweaks should be related to RDP:

Turn Off Remote Desktop Connection to This PC (unchecked by default)
Turn Off Remote Desktop Services (unchecked by default)

Try this:

1) Unselect all tweaks
2) Then check\select only the following tweaks:

Turn Off Remote Desktop Connection to This PC
Turn Off Windows Remote Assistance
Turn Off Helper IP (IPv6) Service
Turn Off TCP/IP NetBIOS Helper Service
Turn Off WinHTTP Web Proxy Auto-Discovery Service
Turn Off Radio Management Service
Turn Off Remote Desktop Services
Block Inbound Connections

3) Now click on "Restore Selected"
4) Reboot

Let me know if that works.

In case it doesn't, try to select also all Windows Firewall rules and click "Restore Selected" and reboot.

Thanks, I will give it a look when I get home. For now I setup a VPN and Secured Portal to the server. This is more secure, so maybe it's a good think RDP was trashed on it anyway. But I still want to putz around getting RDP to work.

The old method to secure RDP was to change the default RDP port in registry to something like 5389 instead of 3389 then referencing that port in the RDP connection. That, combined with changing the admin name (BroADMIN instead of admin) combined with a strong password was generally always considered 'enough' RDP security. But given the prevalence of RDP hacking maybe I should just move away from RDP altogether...
 
F

ForgottenSeer 58943

Thread author
Speaking of this. There is real potential for a 'server' version of this to be used under commercial conditions. Server lockdowns are becoming problematic, simply finding all of the potential holes is ridiculously time consuming. Something to consider I guess. If it locked down my own damn server so much I couldn't even get into it using a variety of methods and had to physically connect a monitor and keyboard to get in, then it probably has some potential in the corporate world.

Also, I am feeling this might be effective against state-actors, as they tend to exploit a good number of holes this plugs up.
 
  • Like
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top