First release of this repository 🥳
This is the first time I'm publishing a release and planning to do this for every new version of the hardening script or WDACConfig PowerShell module in the future.
It will send notifications to the users who are watching this repository letting them know there is a new version available.
It also allows me to offer proper change logs for each change.
The entire change log history of the hardening script is available in Excel online
Change log:
- Added Exploit Protection/Process Mitigations for various apps such as Microsoft Edge (All channels), Quick Assist and some system processes. More apps and processes will be added to the list once they are properly validated and confirmed to be fully compatible.
- Thanks to everyone participated in this issue
- Added back the
PrimaryPasswordSettingpolicy to Edge after confirming the bug related to it was fixed. - Added a new hardening measure that turns on Data Execution Prevention (DEP) for all applications, including 32-bit programs. By default, the output of
BCDEdit /enum "{current}"(in PowerShell) for the NX bit isOptInbut this script sets it toAlwaysOn