Q&A Syshardener tweak suggestions?

Arequire

Level 28
Verified
Top poster
Content Creator
Feb 10, 2017
1,708

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,654
@blueblackwow65 - I have used them, but not at present. My suggestion to you, friend, is to install both - but do not apply anything in SysHardener at first. OSA installs with default settings applied, if my memory is correct. At first, leave OSA at default. The important thing is to study the GUI and become familiar with the all the various settings of both programs. There is nothing like having hands-on experience when studying, let alone using, any program.

There coverage does overlap to some extent, as you will soon see. No alerts from SH though, so unless you are familiar with the action of any particular setting choice - do not apply it, or you may be sorry. The same applies to OSA, in that I would not select a feature if I do not understand its effects.

When you have done this, then you'll have a better idea of how they compare to each other in terms of function and coverage. And you can check for @harlan4096 or @Evjl's Rain tweaks - the first of which another poster already gave a link for. After you have done this, or started the process - then your questions will be well-informed. (y):)
 

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,165
In SysHardener, if you apply the Powershell Constrained language tweak, you won't be sorry. It's an important tweak.

If you apply the firewall tweaks, which are also very good, you probably won't be sorry, but even if you are, just open up "Windows Defender Firewall with Advanced Security", go to the outgoing tab, scroll down, and you will see the SysHardener entries. They stand out loud and clear. You can easily disable or delete any or all of them.
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,978
I have been performed malware tests with Panda Dome Free + SH (Suggested Tweaks) and also with Panda Dome + NVT OSA in the last months, in both cases they were with default (suggested) tweaks...
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,978
The results with SH in defaults + PDF where not so good, SH in default is not enough when testing malware but probably enough for average users... I remember that with NVT OSA were better, but of course You have to deal deal with warning prompts :)
 

LDogg

Level 33
Verified
Top poster
Well-known
May 4, 2018
2,197
For Windows Firewall rules leave bitsadmin and lsass.exe unticked, this can create problems with certain VPNs and Windows Update. Hopefully these SS's will help you going forward into what you need to do for Syshardener.

~LDogg
 

Attachments

  • Screenshot_22.png
    Screenshot_22.png
    14.8 KB · Views: 828
  • Screenshot_23.png
    Screenshot_23.png
    11.6 KB · Views: 859
  • Screenshot_24.png
    Screenshot_24.png
    7.8 KB · Views: 864
  • Screenshot_25.png
    Screenshot_25.png
    10.8 KB · Views: 834
  • Screenshot_26.png
    Screenshot_26.png
    10.7 KB · Views: 913
  • Screenshot_27.png
    Screenshot_27.png
    12.3 KB · Views: 849
  • Screenshot_28.png
    Screenshot_28.png
    12 KB · Views: 851
  • Screenshot_29.png
    Screenshot_29.png
    13.7 KB · Views: 770

Andy Ful

Level 81
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,006
For Windows Firewall rules leave bitsadmin and lsass.exe unticked, this can create problems with certain VPNs and Windows Update. Hopefully these SS's will help you going forward into what you need to do for Syshardener.

~LDogg
It does not matter much if you tick or untick bitsadmin.exe, because this firewall rule cannot prevent the download initiated by bitsadmin.exe via malicious scripts, and cannot also create problems with Windows Updates. The executable bitsadmin.exe initiates the download via svchost.exe and BITS, so firewall can see/block only svchost.exe. The firewall rule for bitsadmin.exe can only work, when the malicious code is injected to bitsadmin.exe, and this malicious code wants to use the Internet connection in another way than BITS. But, using bitsadmin.exe in this way would be rather improbable.(y)
 

Andy Ful

Level 81
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,006
SysHardener has many hardening tweaks (some are already Windows defaults), but those which really matter are simple:
  1. Block/restrict scripts and script Interpreters.
  2. Unassociate some dangerous file extensions.
  3. Disable remote services.
  4. Harden the vulnerable software.
  5. Block the Internet connection to LOLBins.
Do not count on SysHardener to prevent the infections via cracks, malicious EXE and MSI files. This is the work for the AV. That can be also seen from many tests done on MH.
SysHardener is an effective solution, because it blocks over 80% of malware delivery pahs, used in the wild by cybercriminals.
 

CyberTech

Level 37
Verified
Top poster
Well-known
Nov 10, 2017
2,605
How can I reset all settings? I tried 'System Restore' but it fails.

Ok, download this file to your desktop:

Follow this image tweaks > load file > your desktop where you downloaded in,
2yuU1hj.jpg


I downloaded this program and save .INI file for you anyway, i dont do anything thats default hope it would work for you...
 

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,165
I pressed 'Select All' --> 'Restore Selected'. That worked fine, seems like everything is back in normal. Will this work too or did I mess something up?
You might have to do it again, in all the user accounts to which you applied your settings, because some of the settings are user-account-specific.
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,566
This is the correct way to restore Windows default settings, as explained in FAQ. Very simple. You should have no problems.

I did this to restore defaults on a pc so I could use a program that needed a script (checking for specter/meltdown patches). Everything seemed fine until I could no longer open ConfigureDefender. I don’t know what setting it changed, but it was not changed to the value it was originally set at. I’m a bit wary of Syshardener now. I used the default values plus PowerShell constrained language. I was just surprised that restoring defaults broke CD. I reimaged and just cranked up OSArmor for now.