NVT SysHardener: Harden Windows Settings

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Untick all > apply > reboot > redo

I just did as you said, nothing! i unselect all in tweaks and created restores point 3-4 times by SysHardener like 3 days, one week and half month same issues asf! i think due to ShareX server?
 
  • Like
Reactions: given

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Ok well yea i talked to ShareX moderator on Discord Server(ShareX) they said due to bitdefender because of Controlled Folder Access greyed out they says i should add sharex.exe to the exclusion on anti ransomware which they dont have the ransomware asf! i always thought it was syshardener and simplewall i uninstalled both of them and reinstalled it lol im dumb its fking bitdefender...
 
  • Like
Reactions: given
D

Deleted member 178

Thread author
Ok well yea i talked to ShareX moderator on Discord Server(ShareX) they said due to bitdefender because of Controlled Folder Access greyed out they says i should add sharex.exe to the exclusion on anti ransomware which they dont have the ransomware asf! i always thought it was syshardener and simplewall i uninstalled both of them and reinstalled it lol im dumb its fking bitdefender...
it is why i don't like most 3rd party AVs , and rarely uses them, they all creates some issues.
 
  • Like
Reactions: given and oldschool

m1kethe

Level 1
Jun 10, 2018
12
i desactivated the "Turn off Windows Script Host" since i got a lot of popups saying that is not allowed to use windows script host, buy i still got those popups and when i execute the wscript.exe it says the same.. any help?

also, is any way i can know what is asking to run using windows script host?
 
  • Like
Reactions: given and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
also, is any way i can know what is asking to run using windows script host?
NVT has another free tool, called Proclogger, it is a good way to figure out what is happening on your system.
If you recently uninstalled Comodo Firewall, it runs a one-time script after reboot, to clean up remnants. If you have installed the Rimon/Netspark content filter, it runs a script at every reboot, to make sure you have their certificate installed in your browsers. I am sure there are many other softwares that schedule a script.
 

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
The tool is very useful, although I would have preferred that before applying the changes were shown the current settings and the ability to save them.
This is the issue for me too. Like most people here I have made a lot of changes over the years and I couldn't tell you what they all are and without a convenient way of reverting to my previous settings and not default settings if there is a problem after using syshardener (I don't regard the system restore process as convenient) then I am reluctant to use this product. Is it possible to have a one click solution to this rather than the current option which just reverts to default settings?
 
  • Like
Reactions: given and oldschool

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
Qihoo flagging v1.5:
syshardvirustotal.JPG


And so was HitmanPro yesterday (Bitdefender engine) but not today.
 
Last edited:

vaccineboy

Level 3
Verified
Well-known
Sep 5, 2018
125
Dear NVT,

New user here. Can I request that you have an option to prevent standard users from running executables?

Thank you.

Edit for clarification: I mean executables outside system and program files, such as portable apps.
 
Last edited:
  • Like
Reactions: given and oldschool

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
In my opinion, OSArmor gives you more protection and less anguish. Because with OSArmor, if something gets blocked, it is usually very easy to unblock it. And at the very worst, you just uninstall it, and wave goodbye, and it's gone. It doesn't make any changes to system settings.

SysHardener is unnecessary if you use OSA.

I'm getting different views here and at Wilders as regards to either using SH or OSA or both.

I'm without any 3rd-party AV/AM and is using Windows Defender now. I have the highest settings (thanks to @Andy Ful 's ConfigureDefender utility) and HMPA. So, should I use only OSA or SH or both?

And if I'll to use OSA should I disable its exploit protection features since WD highest settings and HMPA already have them? So far the exploit protection of the latter 2 seems to work fine.

Another alternative is to set the Windows Defender to its default settings (i.e. without enabling the exploit protection) and have OSA with its exploit protection enabled with HMPA

Thanks
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
I'm getting different views here and at Wilders as regards to either using SH or OSA or both.

I'm without any 3rd-party AV/AM and is using Windows Defender now. I have the highest settings (thanks to @Andy Ful 's ConfigureDefender utility) and HMPA. So, should I use only OSA or SH or both?

And if I'll to use OSA should I disable its exploit protection features since WD highest settings and HMPA already have them? So far the exploit protection of the latter 2 seems to work fine.

Thanks

My guess is that you're better off using System Hardener with the two softs you currently use. Have you considered using Hard_Configurator with your setup? I've found the H_C thread very helpful, including tips on how to get more protection out of WD via Controlled Folder Access.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
My guess is that you're better off using System Hardener with the two softs you currently use. Have you considered using Hard_Configurator with your setup? I've found the H_C thread very helpful, including tips on how to get more protection out of WD via Controlled Folder Access.

Thanks

I think I'll leave Hard Configurator which uses SRP out for a while. Anyway I have not enabled Controlled Folder Access in Windows Defender yet
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I'm getting different views here and at Wilders as regards to either using SH or OSA or both.

I'm without any 3rd-party AV/AM and is using Windows Defender now. I have the highest settings (thanks to @Andy Ful 's ConfigureDefender utility) and HMPA. So, should I use only OSA or SH or both?

And if I'll to use OSA should I disable its exploit protection features since WD highest settings and HMPA already have them? So far the exploit protection of the latter 2 seems to work fine.

Another alternative is to set the Windows Defender to its default settings (i.e. without enabling the exploit protection) and have OSA with its exploit protection enabled with HMPA

Thanks
1 You can and should use SysHardener, you have the know-how. It's a great way to set up your first layer of protection, which is OS hardening. But uneducated users should treat SysHardener with prudence and caution. If they flip on protections at whim, and forget what they did, they can get into trouble.

2 Some of the WD advanced settings can do things your other software can't do. However, you don't have to go all-or-nothing with it. You can enable the mitigations that you think might help you. For instance, if you don't use MS Office, then you don't need certain ASR mitigations that are MS-Office-specific. But if you do you use MS Office, then ASR is superior to your other softs in that regard.

3 There are two WD advanced settings that max out the cloud protection. I don't like them, because they cause delay in the launching of some software. If you enable the ASR rule for "Block... unless a prevalence, age, or trusted list criteria", then you don't need maximum cloud, IMO.
 
D

Deleted member 178

Thread author
And if I'll to use OSA should I disable its exploit protection features since WD highest settings and HMPA already have them? So far the exploit protection of the latter 2 seems to work fine.
OSA "exploit" protection isn't a real anti-exploit like HMPA or Windows Exploit Guard, it doesn't act in the memory, it is just a simple post-exploitation mechanism to prevent the listed apps to be compromised.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
A word of warning about SysHardener: it is not always so easy to get your settings back to Windows default, and you could end up with a crippled system.
Here's my story: last week I needed to run a VBS script on a computer that I had configured with SysHardener default settings.
I could not reassociate .vbs by unticking that setting in SH (and then applying settings and rebooting), or by means of the Windows settings page for default file types.
I needed to tweak the registry (I downloaded a reg file from tenforums) in order to reassociate the file type.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
A word of warning about SysHardener: it is not always so easy to get your settings back to Windows default, and you could end up with a crippled system.
Here's my story: last week I needed to run a VBS script on a computer that I had configured with SysHardener default settings.
I could not reassociate .vbs by unticking that setting in SH (and then applying settings and rebooting), or by means of the Windows settings page for default file types.
I needed to tweak the registry (I downloaded a reg file from tenforums) in order to reassociate the file type.

To restore any default setting you need to check the setting and click "restore selected". I don't know how many people including myself have asked this question, and it's in FAQ. This is why it is important to save your settings. Doing so enables you to clear all checked features you wish not to change to restore the one(s) you need to. I asked Andreas a long time ago to change the name of that button to something else, like "Restore selected to default". I doubt it will be changed. The user has to be on their toes to use this app. I don't know what less advanced users would do if they borked their machine. :)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
To restore any default setting you need to check the setting and click "restore selected". I don't know how many people including myself have asked this question, and it's in FAQ. This is why it is important to save your settings. Doing so enables you to clear all checked features you wish not to change to restore the one(s) you need to. I asked Andreas a long time ago to change the name of that button to something else, like "Restore selected to default". I doubt it will be changed. The user has to be on their toes to use this app. I don't know what less advanced users would do if they borked their machine. :)
Thanks.
It looks like I remembered wrong. :cry:
 
Last edited:
  • Like
Reactions: harlan4096

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
I should add this fail-safe method:

Go to "Tweaks">"Select all">"Restore selected" = restores all Windows defaults!

This is not readily apparent to most new SH users and certainly causes grief to many. This is why I suggested a change to GUI as well as FAQ. Andreas assumes people read all available info he provides, which is not as clear as one (like me) might prefer. OTH, it's perfectly logical to an engineer. They write software but not always user-friendly info.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top