Advice Request Syshardener tweak suggestions?

oldschool · May 18, 2019

blackice said:
I did this to restore defaults on a pc so I could use a program that needed a script (checking for specter/meltdown patches). Everything seemed fine until I could no longer open ConfigureDefender. I don’t know what setting it changed, but it was not changed to the value it was originally set at. I’m a bit wary of Syshardener now. I used the default values plus PowerShell constrained language. I was just surprised that restoring defaults broke CD. I reimaged and just cranked up OSArmor for now.

Do you use only Admin account or do you also have an SUA? As @shmu26 said, you would have to restore defaults in all accounts for SysHardener. Oh well, at least you were able to re-image. I learned it is best not to use certain apps or features if I am uncertain of the consequences.

Decopi · May 18, 2019

Andy Ful said:
SysHardener has many hardening .... because it blocks over 80% of malware delivery pahs, used in the wild by cybercriminals.

Hi @Andy Ful ,

First, thank you for your useful posts. I learn a lot from you.

Please, I have a request: If possible, please post the images with your SH' recommendations (suggested by you on past 02/26).

You pointed some general categories to block at SH. But SH doesn't speak exactly with your words, and ignorant newbies like me may confuse things. For example, at your post, some categories are easy to identify, but "block/restrict scripts and script Interpreters"... I have no idea what is it. LOLBins, the same.

For ignorant newbies like me, I believe that posting the images with your recommendation, it will be much better than you using words.

Thanks in advance!

blackice · May 18, 2019

oldschool said:
Do you use only Admin account or do you also have an SUA? As @shmu26 said, you would have to restore defaults in all accounts for SysHardener. Oh well, at least you were able to re-image. I learned it is best not to use certain apps or features if I am uncertain of the consequences.

One of the reasons I gave it a shot is I knew I could just re-image. I still may try it again. I almost never need scripts. I figured select all and restore was practical. What would be better is a snapshot so you could restore your pre-Syshardener settings. Which I guess would be the system restore point. Those files get big, though. I agree about using software you don’t understand being unadvisable sometimes. But I understood the default tweaks for the most part, and why the script wouldn’t run. It was the restoring defaults breaking things that surprised me.

Andy Ful · May 18, 2019

Decopi said:
Hi @Andy Ful ,

First, thank you for your useful posts. I learn a lot from you.

Please, I have a request: If possible, please post the images with your SH' recommendations (suggested by you on past 02/26).

You pointed some general categories to block at SH. But SH doesn't speak exactly with your words, and ignorant newbies like me may confuse things. For example, at your post, some categories are easy to identify, but "block/restrict scripts and script Interpreters"... I have no idea what is it. LOLBins, the same.

For ignorant newbies like me, I believe that posting the images with your recommendation, it will be much better than you using words.

Thanks in advance!

I have a problem with suggesting advanced SysHardener settings to newbies. So let's make it clear. My suggestions are not for them, but a least for semi-advanced users. Anyway, I do not think that you are a newbie (like most of MT members).

The outbound rules are for SysHardener ver. 1.5 (ver. 1.4 has fewer rules).

To restore the default Windows settings use <Un/Select All><Select All> and after selecting all options press <Restore Selected>.
Be safe.

Decopi · May 18, 2019

Fantastic @Andy Ful ! Thank you.

Yeah, I didn't expect your recommendations for newbies. I always will expect your own recommendations, independently on user level.

Please, another simple question. I am on SH V1.5, and I have some options, that if possible, I would like your confirmation to select or un-select:
Turn off server (LanmanServer) Service
Block Outbond Connections for Expand.exe
Block Outbond Connections for Ftp.exe
Block Outbond Connections for Print.exe
Block Outbond Connections for Replace.exe
Block Outbond Connections for Telnet.exe
Block Outbond Connections for Tfp.exe

Changing subject and last question for you: I know your are a kind of expert on UAC, SmartScreen etc. But I have Comodo Firewall with CS' settings, and there auto-containment only virtualizes if UAC is disabled (so I disabled). The last two years I have this settings, I tested a lot with tons of updated malwares, pests, phishing etc, and never had a problem, CF/CS blocked everything. But I am not an expert, you are the expert, so please let me exploit the opportunity to ask your opinion: With CF/CS... UAC enabled or disabled? Do you prefer hardening UAC/Windows rather than CF/CS or similar alternatives?

Again, thanks in advance!

Andy Ful · May 18, 2019

"Turn off server (LanmanServer) Service" - this one is risky, but can be used temporarily when you are connected to Public Network. Anyway, If you have no issues, then you can keep it.
Personally, on Windows 7 I like both CF/CS and H_C. For many users, CF/CS will be more friendly because of Trusted Vendor List.
On Windows 10, I prefer H_C for compatibility reasons.

oldschool · May 18, 2019

blackice said:
One of the reasons I gave it a shot is I knew I could just re-image. I still may try it again. I almost never need scripts. I figured select all and restore was practical. What would be better is a snapshot so you could restore your pre-Syshardener settings. Which I guess would be the system restore point. Those files get big, though. I agree about using software you don’t understand being unadvisable sometimes. But I understood the default tweaks for the most part, and why the script wouldn’t run. It was the restoring defaults breaking things that surprised me.

I am still surprised that Select All > Restore Selected did not work for you.

Remember that NVT makes a lot of freeware so expectations for features should be tempered. Andreas changes/fixes what he likes, as it should be, e.g. I think scrolling was jumpy in SH and he may have fixed that.

blackice · May 18, 2019

oldschool said:
I am still surprised that Select All > Restore Selected did not work for you. Remember that NVT makes a lot of freeware so expectations for features should be tempered. Andreas changes/fixes what he likes, as it should be, e.g. I think scrolling was jumpy in SH and he may have fixed that.

That’s why I’m probably going to give it another shot. I’ll just leave it at default and use OSArmor for all advanced blocking since that is way easier to reverse.

oldschool · May 18, 2019

Zorro · Feb 8, 2020

shmu26 said:
In SysHardener, if you apply the Powershell Constrained language tweak, you won't be sorry. It's an important tweak.

If the user does not use the power shell at all, then what is better - apply the "constrained language" setting or remove this component at all? What consequences can be in that and in another variant?

shmu26 · Feb 8, 2020

SFox said:
If the user does not use the power shell at all, then what is better - apply the "constrained language" setting or remove this component at all? What consequences can be in that and in another variant?

You can't really remove Powershell. All you can do is remove the front end for it. Malware knows how to use the underlying components, which cannot be removed from a modern Windows system without crippling it.
That's why it's always a good tweak to apply Constrained Language. This tweak might cause problems in a corporate environment, depending on what scripts the IT admin uses to manage the network, but it won't cause problems in a home environment.

HarborFront · Feb 8, 2020

@Andy Ful

Is Windows Defender Application Guard in Syshardener?

How about Windows Sandbox setting?

If no, can they be implemented?

Thanks

oldschool · Feb 8, 2020

HarborFront said:
Is Windows Defender Application Guard in Syshardener?

How about Windows Sandbox setting?

No.

"If no, can they be implemented?"

Do you mean Hard_Configurator?

HarborFront · Feb 8, 2020

oldschool said:
No.

"If no, can they be implemented?"

Do you mean Hard_Configurator?

I mean in Syshardener after all these are to harden the system.

OK, maybe Windows Defender Application Guard should go to ConfigureDefender

oldschool · Feb 8, 2020

HarborFront said:
I mean in Syshardener after all these are to harden the system.

You'd have to ask the developer.

HarborFront said:
OK, maybe Windows Defender Application Guard should go to ConfigureDefender

WD Application Guard is separate from WD and I doubt @Andy Ful would have any reason to include it.

Windows Sandbox (which is useless) and WD Sandbox are two entirely different things. The latter is still an experimental feature, according to M$. This request was already made to Andy recently:

Discuss - Hard_Configurator - Windows Hardening Configurator

HarborFront · Feb 8, 2020

oldschool said:
You'd have to ask the developer.

WD Application Guard is separate from WD and I doubt @Andy Ful would have any reason to include it.

Windows Sandbox (which is useless) and WD Sandbox are two entirely different things. The latter is still an experimental feature, according to M$. This request was already made to Andy recently:

Discuss - Hard_Configurator - Windows Hardening Configurator

Yup, it's WD Sandbox NOT Windows Sandbox. An erro here

Andy Ful · Feb 9, 2020

HarborFront said:
@Andy Ful

Is Windows Defender Application Guard in Syshardener?

How about Windows Sandbox setting?

If no, can they be implemented?

Thanks

I am not a developer of SysHardener.

HarborFront said:
...
OK, maybe Windows Defender Application Guard should go to ConfigureDefender

WD Application Guard and Windows Sandbox could be added without problems to H_C, but Windows Home edition does not support them, and in my opinion, these features are not finished yet. Furthermore, on the supported Windows editions, both WDAG and WS can be easily installed via Control Panel or PowerShell.

Enable Windows 10 Sandbox with PowerShell and Dism

Here is how to enable Windows 10 Sandbox with PowerShell and DISM. Sandbox provides an isolated, temporary, desktop environment.

winaero.com

Solutions to activate and configure Application Guard with SCCM - System Management Recipes

Application Guard came with the 1709 release of Windows 10 to make internet browsing more secure. The Edge browser is running in a hidden virtual machine that is built from the OS files of your physical machine and that has a limited life time: When the user logs off, the machine gets deleted...

sysmanrec.com

Search

Advice Request Syshardener tweak suggestions?

oldschool

Level 84

Decopi

Level 8

blackice

Level 39

Andy Ful

From Hard_Configurator Tools

Decopi

Level 8

Andy Ful

From Hard_Configurator Tools

oldschool

Level 84

blackice

Level 39

oldschool

Level 84

Zorro

Level 9

shmu26

Level 85

HarborFront

Level 72

oldschool

Level 84

HarborFront

Level 72

oldschool

Level 84

HarborFront

Level 72

Andy Ful

From Hard_Configurator Tools

Enable Windows 10 Sandbox with PowerShell and Dism

Solutions to activate and configure Application Guard with SCCM - System Management Recipes

Similar threads