What's New

This update marks the inaugural release of the Harden System Security application, representing a comprehensive reimagining of the original module. The new application is architected for enhanced efficiency, fortified security, and superior user experience.

Harden System Security Application's Advantages over the Module:

• Exceptionally Compact: The application weighs merely ~37MB for a single architecture and ~77MB for dual ARM64 and X64 architectures. In contrast, PowerShell's store version exceeds 200MB-300MB, which was previously required for module utilization. With the new application, you exclusively install the edition optimized for your hardware, handled seamlessly by the Microsoft Store application.

• Remarkably Lean: The new Harden System Security application maintains 0 first-party or third-party dependencies, exclusively leveraging .NET SDK, WinAppSDK, and select Microsoft core components. This architecture dramatically reduces the attack surface and virtually eliminates supply chain attack vectors.

• Perpetually Current with Latest Performance and Security Innovations: By eliminating PowerShell dependency, we harness cutting-edge .NET SDK and WinAppSDK capabilities. This ensures the application remains consistently updated with the latest performance and security enhancements, independent of upstream repository schedules. Through GitHub's automated Dependabot and complementary features, updates can be deployed for the Harden System Security Application concurrent with Microsoft's patch releases.

Additional Distinguished Features of the Harden System Security Application:

• Minimal Memory Footprint: The application is engineered for lightweight efficiency, ensuring negligible system resource consumption. Architecturally, no application pages maintain navigation cache, strictly adhering to the MVVM pattern.

• Native Performance: Compiled ahead-of-time for instantaneous launch responsiveness. This approach shifts computational workload to compile-time rather than runtime (user's system), delivering an exceptionally responsive user experience.

• Static Code Implementation: The application avoids dynamic code generation, enhancing security posture and reducing vulnerability exposure. This design ensures compatibility with advanced OS-level exploit mitigations including Control Flow Guard (CFG).

• Methodical Architecture: The application employs systematic, modular design principles, facilitating seamless extensibility and maintainability. Future security measures can be integrated while preserving established patterns and design philosophies.

• Modern User Interface: Utilizing cutting-edge WinUI 3 components, the application delivers a contemporary, responsive, accessible, and intuitive interface. Full touch input compatibility is comprehensively supported.

• Internationalization Support: The application accommodates localization, enabling users to operate in their preferred language. Currently available in English, Hebrew, Greek, Hindi, Malayalam, Polish, Spanish, and Arabic.

• Open Source Transparency: The application maintains open source availability, permitting code inspection, community contributions, and ensuring complete functional transparency.

• Native API Preference and Low-Level Programming: The application prioritizes native APIs and low-level programming methodologies, optimizing performance and security. This approach enables exploitation of latest Windows capabilities without third-party component dependencies.

• High-Performance Language Utilization: The application is primarily developed in C#, strategically incorporating C++ and Rust components for specialized tasks. Performance optimization and security enhancement constitute the primary objectives of this design strategy.

• Complete Reversibility: Every modification applied to your system through the new Harden System Security application can be undone with precision. The application provides surgical accuracy in applying, verifying, and removing security measures. Individual security measures can be targeted for verification, application, or removal without affecting other security measures.

• For the Microsoft Defender category where the module used to add all git executables to the ASLR exclusions list because some of them were incompatible and wouldn't allow Git or GitHub desktop to work when the mitigation was on, this no longer happens like this. The new app is capable of identifying which files are incompatible with the Mandatory ASLR exploit mitigation and only adds those to the exclusion list.

• A new Group Policy Editor page full of new features and capabilities such as loading POL files, viewing all of the applied policies on the system and generating a comprehensive security report of the system.

Features Migrated to AppControl Manager

• Scheduled Task Creation Capability for maintaining current Microsoft Recommended Drivers Block Rules. This functionality is already implemented in AppControl Manager, representing a more suitable platform for this feature.

• App Control (WDAC) Policy Creation and Deployment for Downloads Defense Measure and Dangerous-Script-Hosts-Blocking. AppControl Manager serves as the recommended application for these functions, being specifically designed for App Control policy management.

Features Pending Implementation (Forthcoming)

• Microsoft Security Baselines application

• Microsoft 365 Apps Security Baselines implementation

• Direct security measure deployment to Intune for remote system administration

• Detection and verification capabilities for security measures applied via MDM (Intune) and alternative methods

• Automated unused network driver removal (manual search and removal functionality currently available, but streamlined one-click automation pending)

• Certificate Checking Category

• Country IP Blocking Category

• BitLocker disk management with encryption/decryption capabilities

• Microsoft Defender exclusion viewing and management functionality

Future of the Module

Once more of the remaining features are implemented in the Harden System Security application, the module will be updated with a notice about its depreciation. It no longer will receive new features or changes. All of the future developments will be only to the new Harden System Security application.

Why The Name Change?

The reason it's not called Harden Windows Security is due to Microsoft Store policies that prevent the use of "Windows" in application names.

How To Update The App?

The app has built-in update detection capability which you can configure in the Update page. It can notify you when there is an update on the Microsoft Store to be installed.

Feedback and Suggestions

During the development of the new Harden System Security app, I always considered feedback I received from the community in this repository and tried my best to implement them, which can easily be seen by the new behaviors and features that are implemented in the new app.

Feel free to open new issues and discussions to share your thoughts, suggestions, and feedback about the new Harden System Security application. or if you need help with something.

Please don't forget to Rate and Review it on the Microsoft Store.

Documentation

I know there needs to be new documentations added for the new app and its functionalities, I will do it asap.

Thank You

For being patient with me during the development and letting feature requests stack up a bit. I will get to them over time as always. Stay safe and stay protected. ❤️