Hardening is not included in install process; as I repeate installation frequently, I can do the hardening "like that" in few minutes after install; it's all inside here
Thoughts on HitManPro
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Then I must be missing out on a easier path to hardening. I recently did an image with basic hardening: restoring group policy with LGPO, restoring exploit protection for WD; disabling DCOM & SMB, hardening WMI, turning on DEP, disabling Schedule and other services via scripting. Takes ~20 mins. Then after the hardening I have to add my apps. which really isn't much: SIEM Agent, wireshark, nmap, libreoffice. Took me nearly 2 hrs ! Care to share some of your hardening tips ?I can do the hardening "like that" in few minutes after install; it's all inside here
Too advanced hardening; mine is much more simple and faster, and never got infected with.
Well then that's a tad lower when it originally started with I think 6
I'm in total agreement. Sometimes I doubt that I even need a real-time antivirus with my record, but I keep it around because you never know.I frankly feel people over scan, (on their personal PC's) at the moment I have Kaspersky on this PC & ESET on the laptop, for months on here I had McAfee, I did a scan a few days ago with the soon to be killed Norton scanner, it found nothing, do users really find malicious software or just FP's? For some time I paid for HitMan Pro, never found anything other than FP's - I forget now what the Sophos real-time scanner with Himan inside whatsits was called but I used that for years, it never solved or found a single problem. Scan occasionally yes, but often, not needed, at least if you use good habits? My 10pence worth
View attachment 295536
Avast schedules a quick scan once a month by default, and that's probably perfect for me. I used to run NPE very occasionally only because it boasted heuristics on steroids. All things considered, I wouldn't pay for a secondary on-demand scanner like HitmanPro, especially if it's just Sophos. Sorry, Sophos, but it's a fair assessment.
Could you tell me more ? Simpler things are better.
1- If not using WHHL, it set ASR manually and cloud check level and duration using GP
2- Increase MD check for updates to 8 hours instead of default 24
3 - Change Windows update to notify
4- Control panel: Network and sharing center: Change adapter settings: Ethernet properties: Disable all except client for Microsoft networks internet protocol version 4
5- Programs and features: Disable all features except Net framework 4.8 and uninstall remote desktop connection app
6- System properties: Disable remote assistance
7- Data execution prevention: Turn on for all programs
8- MD exploit protection: Turn on mandatory ASLR
9- MD controlled folder access: Turn on
10 - Services: disable:
BitLocker Drive Encryption Service
Bluetooth Support Service
Connected User Experiences and Telemetry
Geolocation Service
IP Helper
Microsoft Edge Update Service
Microsoft Store Install Service
Print Spooler
Radio Management Service
Remote Access Connection Manager
Server
SSDP Discovery
TCP/IP NetBIOS Helper
Volume Shadow Copy
Windows Image Acquisition
Windows Search
Workstation
11- Disable autoplay
12- Remove most of optional features including vbs script
13- Disable telemetry
14- Delete all rules of firewall and add custom rule for inbound to block all inbound
Last edited:
Which optional features do you mean ? You delete them instead of disable ?
Any unnecessary features; no one plan applies to all, according to your pattern of use and needs.
But as a golden rule, the less you have on your OS, the more you are secure.
Agree with your golden rule. I have been thinking of Windows lite like that Tiny 11. But have hesitated.
I do not recommend homebrew OS; the official W 11 LTSC is a safer alternative.
What uncessary freatures have you uncovered, I am courious to know.
I use WinSpyBlocker, it blocks a large quantity of destination ip addresses outgoing, related to telemetry. and misc traffiic, and windows update traffic. Because outgoing traffic sets the state in firewall and allows returning traffic, it could be spoofed attack traffic that uses the state to pass thru the firewall. I could not say if this is used in real attacks, but I believe blocking them is useful to security just like the author.
Last edited:
Any feature I do not know exactly how to use is "unnecessary".
Same here. For the longest time I don't know what remote management meant. And I disabled the service assuming it needs a Windows Server and kerberos. However recently I asked ChatGPT about it, and things like Event Viewer can connect to other PC's logs and it doesn't necessarily need a server. I still keep the service disabled.
I know; it offers outsider a nice vulnerablity to control your machine.
One of the first things to disable after install.
ChatGPT told me remote management uses RPC. And that it uses ports 135, 445 and high ports from 49152-65535. So I blocked those ports at the router. That RPC traffic is not meant to go thru internet anyways.
What is the value of blocking such ports if you have disabled all features and processes used for remote connection?
RPC is the protocol, many other remote windows things uses that protocol not just rermote management. RPC seems too much like RCE to my liking. Defense in depth, you wont know when 1 layer fails.
Last edited:
You may also like...
-
Entreprise Antivirus Comparative : Cylance - CrowdStrike - Cynet - DeepInstinct- Started by Shadowra
- Replies: 18
-
iDefender Free (Presentation & Reviews)
- Started by Shadowra
- Replies: 14
-
Critical React Native Vulnerability Exploited in the Wild- Started by Miravi
- Replies: 2
-
Pentest tools left online are allowing hackers to exploit Fortune 500 firms
- Started by Miravi
- Replies: 0
-
Huorong Internet Security v6.0.7.12 (Modified Setting)- Started by janx
- Replies: 22