github HotCakeX/Harden-Windows-Security HardenSystemSecurity-v1.0.62.0
Harden System Security v1.0.62.0
on GitHub

5 hours ago

What's New

  • Added 3 new policies to the Edge Browser category:

    • Enhanced Security Mode for Edge set to Strict.
    • Preventing websites from accessing information about locally installed fonts.
    • Making sure that only Microsoft signed binaries are allowed to load in the Edge process by enabling Code Integrity for Edge.

  • Created a new sub-category in the Edge Browser category called HardCore. At the moment, it contains the following 4 security measures but will be expanded to contain more. The security measures added to this sub-category are not applied by default when you apply the Edge category itself and you have to explicitly select them to be applied because even though they increase security, they can slightly reduce performance:

    • Restrict CPU core sharing for renderer process. Helps mitigate side-channel cross-process memory attacks by isolating the renderer process to a dedicated CPU core, preventing other processes from being scheduled on the same core.
    • Launches Renderer processes into an App Container for more security benefits.
    • Microsoft Edge will prefer the algorithms required for the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) for TLS 1.3 and QUIC connections.
    • Configures Microsoft Edge to prefer ciphers required for compliance with the Commercial National Security Algorithm Suite versions 1.0 and 2.0 (CNSA 1.0 and 2.0). Only affects TLS 1.3 and QUIC.

  • In the Edge Browser category, the Dynamic Code Security item is now a sub-category. The full conversation led to this decision is available here: #1160

  • Added a new tile to the home page that displays your public IP address. You have to click on it to retrieve it initially and subsequent clicks will retrieve it again. It uses well-known Cloudflare as the primary server and then AWS if Cloudflare fails for any reason, https://www.cloudflare.com/cdn-cgi/trace and https://checkip.amazonaws.com. The requests sent to those servers are simple GET requests. This feature is only intended to display your public IP address to you; IP info is neither stored nor logged anywhere by the app.

  • Added AppContainer loopback management to the Manage Installed Apps page: You can now view the status of loop back exemptions for all packaged apps, add new apps to exemptions or remove any existing ones. This is useful if you want to force the packaged apps to go through the system proxy because by default they don't and bypass the system-wide proxy defined in the Windows settings.

  • Added Side-channel exploit mitigations to the app. They are disabled by default and can be enabled in the app's settings page. You can read more about them here: https://learn.microsoft.com/windows/win32/api/winnt/ns-winnt-process_mitigation_side_channel_isolation_policy

  • Improved the Download Manager:

    • You can now sort the downloads based on Size, Date or names.
    • Added select all and de-select all buttons to the toolbar.
    • You can now view the time the file was created on the remote server in the Download Manager.
    • Added a copy button to the Hash screen so you can easily copy the displayed hash to the clipboard.
    • Improved the colors of the UI.
    • Wonder why there is a Download Manager? See here: #1164 (comment)

How to download

Check out latest releases or
releases around HotCakeX/Harden-Windows-Security HardenSystemSecurity-v1.0.62.0

Don't miss a new Harden-Windows-Security release

NewReleases is sending notifications on new releases.

Get notifications