Q&A Simple Windows Hardening

[EASTER]

Late to the party but so far caught on quickly SWH- If i missed it someplace feel free to say so but how do we clear the Blocked Files Log- I mean is there a Clear Logs button i missed or is it safe to do it manually. Thanks You for fantastic programs.

 

[Andy Ful]

Late to the party but so far caught on quickly SWH- If i missed it someplace feel free to say so but how do we clear the Blocked Files Log- I mean is there a Clear Logs button i missed or is it safe to do it manually. Thanks You for fantastic programs.

It is not necessary, because the blocked events are sorted by time.
Anyway, SWH uses the events from Windows Event Log, so they can be cleared by using Event Viewer or Wevtutil tool. For example, open the CMD with Administrator privileges and use the below CmdLines:

wevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"
wevtutil.exe cl "Application"

The first will clear the PowerShell events and the second SRP events. But, also many other events will be cleared in these channels, so I think that it would be better to avoid clearing the blocked events.

 

[EASTER]

It is not necessary, because the blocked events are sorted by time.
Anyway, SWH uses the events from Windows Event Log, so they can be cleared by using Event Viewer or Wevtutil tool. For example, open the CMD with Administrator privileges and use the below CmdLines:

wevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"
wevtutil.exe cl "Application"

The first will clear the PowerShell events and the second SRP events. But, also many other events will be cleared in these channels, so I think that it would be better to avoid clearing the blocked events.

Thanks Andy Ful and it's always a pleasure to read your replies and posts. Awesome program(s) of course. Likely there won't be any heavy collection of records of blocks but that one minor detail was of interest in any event.