New Update Simple Windows Hardening

dronefox1166 · Jun 12, 2025

All Simple Windows Hardening options are included in WHHLight? I have switched to WHHLight. But I'm not sure it protects as well as SWH... What to think?

Andy Ful · Jun 12, 2025

dronefox1166 said:
All Simple Windows Hardening options are included in WHHLight?

WHHLight SWH = Simple Windows Hardening + two more settings.
Some settings from Simple Windows Hardening are not visible in WHHLight because they are rarely changed. For example, the AppInstaller option is hardcoded to ON. The Admin Windows Script Host is hardcoded to OFF (SRP well protects it).
Two Simple Windows Hardening switches are joined in one SWH switch in WHHLight.

Victor M · Aug 21, 2025

Hi @Andy Ful ,

Did your FirewallHardening apply firewall rules as a group policy? Why can I not disable the rules in Adv Firewall ? And I cannot see the rules in GPedit ?

More crucially, if I, in GPedit, Firewall Properties, choose Apply Local Firewall Rules = No. Then will your rules still work ?

Andy Ful · Aug 21, 2025

Victor M said:
Hi @Andy Ful ,

Did your FirewallHardening apply firewall rules as a group policy?

Yes and No. Both FirewallHardening and GPO can add the settings as Firewall Policies (under the same registry key in the HKLM Hive). However, FirewallHardening applies Windows Policies without using GPO.

Victor M said:
Why can I not disable the rules in Adv Firewall ? And I cannot see the rules in GPedit ?

Firewall Policies cannot be changed from Adv. Firewall app.

Victor M said:
More crucially, if I, in GPedit, Firewall Properties, choose Apply Local Firewall Rules = No. Then will your rules still work ?

Yes.
This setting merges the local rules (applied via Adv. Firewall) with Firewall Policies. The "No" setting forces Firewall to ignore local settings, but does not affect Firewall Policies.

Victor M · Aug 23, 2025

Which LoLBin list do you follow in Firewall Hardening ? For example Notepad is not part of LoLBas.

Andy Ful · Aug 23, 2025

Victor M said:
Which LoLBin list do you follow in Firewall Hardening ? For example Notepad is not part of LoLBas.

It is not, but it is abused in the wild by injecting malware to connect with C2 servers. Of course, any benign executable can be abused in this way. However, using system executables has some advantages.

Search

Search

New Update Simple Windows Hardening

dronefox1166

Level 7

Andy Ful

From Hard_Configurator Tools

Victor M

Level 22

Andy Ful

From Hard_Configurator Tools

Victor M

Level 22

Andy Ful

From Hard_Configurator Tools

You may also like...