Arequire

Level 23
Content Creator
Verified

oldschool

Level 28
Verified
@blueblackwow65 - I have used them, but not at present. My suggestion to you, friend, is to install both - but do not apply anything in SysHardener at first. OSA installs with default settings applied, if my memory is correct. At first, leave OSA at default. The important thing is to study the GUI and become familiar with the all the various settings of both programs. There is nothing like having hands-on experience when studying, let alone using, any program.

There coverage does overlap to some extent, as you will soon see. No alerts from SH though, so unless you are familiar with the action of any particular setting choice - do not apply it, or you may be sorry. The same applies to OSA, in that I would not select a feature if I do not understand its effects.

When you have done this, then you'll have a better idea of how they compare to each other in terms of function and coverage. And you can check for @harlan4096 or @Evjl's Rain tweaks - the first of which another poster already gave a link for. After you have done this, or started the process - then your questions will be well-informed. (y):)
 

shmu26

Level 80
Content Creator
Trusted
Verified
In SysHardener, if you apply the Powershell Constrained language tweak, you won't be sorry. It's an important tweak.

If you apply the firewall tweaks, which are also very good, you probably won't be sorry, but even if you are, just open up "Windows Defender Firewall with Advanced Security", go to the outgoing tab, scroll down, and you will see the SysHardener entries. They stand out loud and clear. You can easily disable or delete any or all of them.
 

harlan4096

Moderator
Staff member
Malware Hunter
Verified
The results with SH in defaults + PDF where not so good, SH in default is not enough when testing malware but probably enough for average users... I remember that with NVT OSA were better, but of course You have to deal deal with warning prompts :)
 

LDogg

Level 28
Verified
For Windows Firewall rules leave bitsadmin and lsass.exe unticked, this can create problems with certain VPNs and Windows Update. Hopefully these SS's will help you going forward into what you need to do for Syshardener.

~LDogg
 

Attachments

Andy Ful

Level 42
Content Creator
Trusted
Verified
For Windows Firewall rules leave bitsadmin and lsass.exe unticked, this can create problems with certain VPNs and Windows Update. Hopefully these SS's will help you going forward into what you need to do for Syshardener.

~LDogg
It does not matter much if you tick or untick bitsadmin.exe, because this firewall rule cannot prevent the download initiated by bitsadmin.exe via malicious scripts, and cannot also create problems with Windows Updates. The executable bitsadmin.exe initiates the download via svchost.exe and BITS, so firewall can see/block only svchost.exe. The firewall rule for bitsadmin.exe can only work, when the malicious code is injected to bitsadmin.exe, and this malicious code wants to use the Internet connection in another way than BITS. But, using bitsadmin.exe in this way would be rather improbable.(y)
 

Andy Ful

Level 42
Content Creator
Trusted
Verified
SysHardener has many hardening tweaks (some are already Windows defaults), but those which really matter are simple:
  1. Block/restrict scripts and script Interpreters.
  2. Unassociate some dangerous file extensions.
  3. Disable remote services.
  4. Harden the vulnerable software.
  5. Block the Internet connection to LOLBins.
Do not count on SysHardener to prevent the infections via cracks, malicious EXE and MSI files. This is the work for the AV. That can be also seen from many tests done on MH.
SysHardener is an effective solution, because it blocks over 80% of malware delivery pahs, used in the wild by cybercriminals.
 

CyberTech

Level 22
Verified
How can I reset all settings? I tried 'System Restore' but it fails.
Ok, download this file to your desktop:

Follow this image tweaks > load file > your desktop where you downloaded in,


I downloaded this program and save .INI file for you anyway, i dont do anything thats default hope it would work for you...
 

blackice

Level 6
This is the correct way to restore Windows default settings, as explained in FAQ. Very simple. You should have no problems.
I did this to restore defaults on a pc so I could use a program that needed a script (checking for specter/meltdown patches). Everything seemed fine until I could no longer open ConfigureDefender. I don’t know what setting it changed, but it was not changed to the value it was originally set at. I’m a bit wary of Syshardener now. I used the default values plus PowerShell constrained language. I was just surprised that restoring defaults broke CD. I reimaged and just cranked up OSArmor for now.