What's New
Microsoft Security Baselines Integration
With this update to Harden System Security, you can now Apply, Verify, and Remove both the Microsoft Security Baseline and the Microsoft 365 Apps Security Baseline—all directly within the app.
-
Two dedicated pages have been added under the
Protectmenu, providing streamlined access to these baseline features. -
Instantly check whether your system is compliant with either baseline. If it's not, you can pinpoint exactly which policies are non-compliant.
-
View the precise expected values alongside your system's current values for each policy.
-
Export compliance data to JSON for backup or archival purposes using the available UI controls added in this update.
-
Quickly sort and search through baseline data using the built-in UI controls.
-
Added a new page that offers Optional Overrides for the Microsoft Security Baselines in order to restore functionalities disabled after applying the baselines. You can Apply, Remove or Verify every single override individually.
Note
When applying Microsoft Security Baselines or Microsoft 365 Apps Security Baselines, Harden System Security will automatically download the latest versions directly from Microsoft's servers, process them entirely in memory, and apply them without writing any temporary files to disk.
While this approach increases development complexity, it significantly improves security by preventing malicious interference with temporary files before application.
The app caches each baseline in memory to avoid unnecessary re-downloads. The cache expires every 2 hours, after which it is refreshed with the latest data from Microsoft, and this only happens if the app is open. The cache is compressed to minimize memory usage—when both baselines are cached, they occupy about 2 MB of memory only.
Tip
You can change the download URL of the Microsoft Baselines in each page. This can come handy if you want to apply an older baseline on your system or if a new baseline version is released and you don't want to wait for the app to be updated to point to the new URL. The app will be updated very quickly though when a new baseline version is released by Microsoft.
Important
The baseline application engine in Harden System Security is fully generic and self-contained. It supports not only the two Microsoft Security Baselines and the Microsoft 365 Apps Security Baselines, but any Group Policy backup created on any Windows device. You can import such a backup and have the application apply, verify, or remove it. Removal currently applies only to Group Policy settings: audit policy and security policy settings imported via Secedit (INF files) are not yet reversible. They will become reversible once a default security policy source is integrated to restore those values. Upcoming updates will also allow you to provide custom baseline file paths. Support for that capability is planned for an upcoming release.
Additional Improvements
-
Added a new option to the Group Policy Editor page to retrieve user-specific Group Policies, complementing the existing system-wide retrieval option.
-
Updated all Guide buttons to link directly to the corresponding pages in the new Wiki documentation.
-
Updated dependencies. Notable ones include .NET SDK that was released an hour ago.
-
Further strengthened both apps' security by adopting
DEPENDENTLOADFLAGflag forcing the app to always find DLLs it needs from the System32 directory only. -
Improved memory management by tightening resource usage in various UI elements of AppControl Manager and the Harden System Security app (their shared CommonCore).
-
Added a search bar to the Attack Surface Reduction page to enable you to easily search for the rule you're looking for.
-
The File Reputation Checker page now supports Drag & Drop (only when not running the app elevated) so you can just drop files in that page and retrieve their reputation based on the Microsoft's ISG intel.
-
Fixed animations in the File Reputation page during back navigation to that page.
-
Configured the minimum required .NET SDK version to build the projects.
Many Features On The Way 💟
Stay tuned for a LOT of new upcoming features!