NVT SysHardener: Harden Windows Settings

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Go to "Tweaks">"Select all">"Restore selected" = restores all Windows defaults!
I am worried about that one, because different versions of Windows have slightly different defaults.
All in all, there is plenty of room for confusion here. But I guess that is pretty normal for Windows tweaking kits. This one is probably one of the safest you can get, although I must admit I haven't tried so many.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Start with "Suggested tweaks" in SysHardener. I forget about OSA since I haven't used it in a long time, but default settings won't break anything. Also, read and become familiar with the "info" flyouts for each setting in both apps. Don't enable any feature you don't understand.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Does SysHardener have Lockdown settings? I know a few principles in SH also apply to OSA so hopefully I'm not too far off-topic. It's tricky to specify what tweaks beyond default-enabled ones would be universally appropriate because everyone's habits and machine/s are different. I have four Lockdown (experiemental) settings enabled in OSArmor, as well as Internet Explorer blocked, even when it's attempted to run as Administrator. Those are over and above defaults. You have to allow a little trial-and-error over time in order to get a comfortable balance of protection with SH (or OSArmor). It's really moldable to your system if you can spare a little time.

osalockdown.PNG
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Does SysHardener have Lockdown settings? I know a few principles in SH also apply to OSA so hopefully I'm not too far off-topic. It's tricky to specify what tweaks beyond default-enabled ones would be universally appropriate because everyone's habits and machine/s are different. I have four Lockdown (experiemental) settings enabled in OSArmor, as well as Internet Explorer blocked, even when it's attempted to run as Administrator. Those are over and above defaults. You have to allow a little trial-and-error over time in order to get a comfortable balance of protection with SH (or OSArmor). It's really moldable to your system if you can spare a little time.


Yes, with the proviso that having Lockdow/Experimental or additional settings beyond default should be applied with caution because SH will not alert. This could be a problem for some users when initially using advanced features in both applications.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
If you want to tweak, do it with OSA, not with SysHardener. This is for three reasons:
1 OSA covers almost everything you might need or want, and if it is missing something, you can make a custom rule.
2 Tweaks in OSA are easy to undo, but in SysHardener, undoing tweaks can be complicated and confusing.
3 OSA will give you a prompt if something is blocked, and the prompt has a user-friendly wizard for making exceptions, so your software will almost always work. In SysHardener, you cannot make exceptions. It is all or nothing.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Some are expressing concern about SysHardener, simply because the Windows operating system has changed so much yea, these past three years. The program hasn't been updated since May, 2018. So here's a hint of a faint breath of upcoming events, maybe.


Personally, I wish the developer would wait until things are actually material. He did this to us with OSArmor, keeping us hanging for a bit. If this is updated and maintained, I may give this another look. Anyone else?
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Syshardener like many other of Andreas programs only seems to be maintained when he has no business clients/contracts. Because the underlaying OS changes, some of the settings did not work. For instance when I enabled block.disable Wscript, it did block running Wscript, but when I deselected it, Wscript was still blocked. Anyone else who has blocked Wscript have ever tried to unblock it succesfully?
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Syshardener like many other of Andreas programs only seems to be maintained when he has no business clients/contracts. Because the underlaying OS changes, some of the settings did not work. For instance when I enabled block.disable Wscript, it did block running Wscript, but when I deselected it, Wscript was still blocked. Anyone else who has blocked Wscript have ever tried to unblock it succesfully?
don't deselect it. Just leave it checked and click "Restore Selected"
or make a backup first, then uncheck everything but wscript -> restore selected
after you finish, restore the backup
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
don't deselect it. Just leave it checked and click "Restore Selected"
or make a backup first, then uncheck everything but wscript -> restore selected
after you finish, restore the backup
Thx

I had made an image backup luckily, because restoring with system restore did not work. But common sense says as a rule of thumb non-maintained OS-tweakers should not be used when people update their OS. When people stick to the Windows version which was actual when Syshardener was last updated, chances are low people will run into issues, but for people updating Windows 10, Syshardener is a no-go IMO, better use H_C
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thx

I had made an image backup luckily, because restoring with system restore did not work. But common sense says as a rule of thumb non-maintained OS-tweakers should not be used when people update their OS. When people stick to the Windows version which was actual when Syshardener was last updated, chances are low people will run into issues, but for people updating Windows 10, Syshardener is a no-go IMO, better use H_C
I meant make a backup profile in syshardener. For me, SH is much easier to use than H_C. H_C is too much for me which restricts my administration
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Some info regarding the current status of SysHardener:
SysHardener works fine even if not updated from 2018, however it needs some new tweaks such as disabling of Preview pane, more "Block outbound connections for process ...", option to unassign .xml files, and a few others. It may also require to simplificate the UI. With Windows 11 registry tweaks locations have not changed (its base is Windows 10), so all should work same as Windows 10. Instead, we may add some new tweaks for Windows 11 OS probably, but not yet checked.

About when it'll be updated, let me not say a date or time interval for now. I wanted to update it a few months ago but then we got busy with APIVoid and OSArmor (they take precedence since they are commercial). We still have some updates/news to share, wanted to do that a few months ago, but couldn't. I can say that if we don't have too many slowdowns/sudden, soon we'll announce some nice things.
 

Hemps

New Member
Mar 11, 2021
6
Anyone know how to re-enable Robocopy and rClone, getting Access Denied when running from CMD.exe.
 
Last edited:

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
what restore selected does? I didn't change any default check boxes nor I used Syshardner before, But I clicked on restore selected without applying any rules to my PC, I am wondering what it does?
 

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
654
I did use SysHardener. Uninstalled it but kept SysHardener Outbound Firewall settings even with Windows 11. No issues. Added Andy Ful firewall rules 2 years ago. You won't find The Curl Executable in SysHardener.I now have about 80 outbound firewall rules to enhance my security. I use Firewall App Blocker to edit and backup them.
 
Last edited:
  • Applause
  • Like
Reactions: sypqys and plat

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top