github HotCakeX/Harden-Windows-Security HardenSystemSecurity-v1.0.31.0
Harden System Security v1.0.31.0
on GitHub

one day ago

What's New

Firewall Rules Management

The Windows Firewall page now includes a new Management section. From there, you can:

  • Browse for individual files to allow or block through Windows Firewall, controlling whether they can make network connections.

  • Browse for folders to allow or block all executable files within them, including executables in all subfolders.

    • This is very useful if you install a new application that contains multiple executables, as you can simply select the installation folder to allow or block all of them at once quickly.

  • List all of the Firewall rules created by the Harden System Security app.

  • Delete any Firewall rules created by the Harden System Security app.

  • Copy one or more Firewall rule to clipboard.

  • Search through the Firewall rules and sort them.

Dual-Use Program Blocking via Windows Firewall

You can now block network access through Windows Firewall for high-risk dual-use binaries to reduce abuse for malicious downloads or data exfiltration. This implements the requested feature in #706. The full list of these programs is available in the Windows Firewall page in the wiki.

Note

All of the Windows Firewall rules are created in the Group Policy store instead of the regular local store so they are not affected by the local rules merges and they have more flexibility. All of the rules created by the Harden System Security app are part of the HardenSystemSecurity group, so you can easily identify them.

Other Changes

  • Added a progress ring to Microsoft Defender -> Exclusions.

  • Updated dependencies to the latest versions.

  • To address an issue, changed the "Boot-Start Driver Initialization Policy" to "Good and Unknown" instead of "Good only" in the Miscellaneous configurations category.

    • Added a new sub-category that will set it to "Good only". As with all sub-categories, this will not be applied by default when you apply the Miscellaneous category and you will have to check an extra box to apply it. This is to prevent flawed 3rd party drivers from causing boot issues.

    • The "Good and Unknown" policy applies to all device usage intents now.

    • The "Good only" policy applies to the "Business", "Specialized Access Workstation" and "Privileged Access Workstation" device usage intents.

  • Added a new toggle button to the Microsoft Security Baselines page, it is on/toggled by default. This toggle will apply the Optional Overrides that are recommended for enhanced user experience when using the Microsoft Security Baselines.

    • The reason for this change is that users usually apply the Microsoft Security Baseline on their system, which is mostly geared towards enterprise use, but then they find that some settings are not user-friendly for personal use. These optional overrides help to mitigate that situation. You can of course disable this toggle if you want to stick strictly to the Microsoft Security Baseline without any modifications.

  • Fixes this issue by adding a new policy to the Optional Overrides to allow elevation on Secure Desktop for Standard user accounts.

PRs

How To Download

Check out latest releases or
releases around HotCakeX/Harden-Windows-Security HardenSystemSecurity-v1.0.31.0

Don't miss a new Harden-Windows-Security release

NewReleases is sending notifications on new releases.

Get notifications