What's New
-
Added the following exploit protections to the Harden System Security app's main executable in the Microsoft Defender category:
- DisableNonSystemFonts
- BlockRemoteImageLoads
- BlockLowLabelImageLoads
- EnableExportAddressFilter
- EnableExportAddressFilterPlus
- EnableImportAddressFilter
- EnableRopStackPivot
- EnableRopCallerCheck
- UserShadowStack
- UserShadowStackStrictMode
- MicrosoftSignedOnly
- AllowStoreSignedBinaries
-
Added the following exploit protections to the Windows Service that Harden System Security app installs, in the Microsoft Defender category:
- DisableNonSystemFonts
- BlockRemoteImageLoads
- BlockLowLabelImageLoads
- EnableExportAddressFilter
- EnableExportAddressFilterPlus
- EnableImportAddressFilter
- EnableRopStackPivot
- EnableRopCallerCheck
- UserShadowStack
- UserShadowStackStrictMode
- MicrosoftSignedOnly
- AllowStoreSignedBinaries
- BlockDynamicCode
-
The Harden System Security's Windows Service is now compatible with the Arbitrary Code Guard (ACG) Exploit Protection.
-
Created a new page called Cryptographic Bill of Materials (CBOM), completing this feature request. The CBOM offers a system-level inventory and introspection of the operating system cryptography, surfacing the algorithms, curves, cipher suites, and providers that define the platform's cryptographic posture. By normalizing what the OS exposes, it delivers SBOM-like transparency for crypto: enabling evidence-based audits, baseline conformance checks, drift detection across updates, identification of legacy/weak primitives, and planning for post-quantum transitions. Enumerations are sourced directly from the underlying providers to emphasize fidelity and provenance, making the output suitable for compliance artifacts, interoperability analysis, and informed hardening and policy decisions as standards evolve.
-
Added multi security baseline support to the Microsoft Security Baselines and Microsoft 365 Apps Security Baseline pages. Now you can pick the security baseline that you want to apply to your environment from a ComboBox in those pages. For instance, you can apply Windows 11 22H2 baseline on one system and apply the 25H2 version on another, simply by selecting it from the ComboBox on the UI. You can do the same for when you're verifying system compliance so you can see how compliant your environment is according to different baselines. The baselines also include Windows Server 2025 support.
-
Added support for Offline application of Security Baselines to the Microsoft Security Baselines and Microsoft 365 Apps Security Baseline pages. This means that you can now apply the security baselines to systems that do not have internet access. You're able to browse for the ZIP files that you obtain from the Microsoft websites and tell the app to use those files instead of downloading them from the internet. You can use this feature seamlessly for Application, Verification and Removal of the baselines. This is one the Community's feature requests too..
-
Added a new button to the sidebar that allows you to optimize memory usage of the app and try to reduce it. Harden System Security is already highly optimized but this gives users more control over its memory usage. The app will generate a detailed report in the Logs page that you can check out, showing the type and amount of memory changes.
-
Updated dependencies to the latest versions.
-
Disabled Runtime Marshaling for all of the projects the app uses, improving performance, stability and making it more compatible with exploit protection features.
-
Added many extra code analyzers to the project.
-
Improved custom app window frame handling during window closure.