Tags: HotCakeX/Harden-Windows-Security
Tags
Harden Windows Security v0.7.1 (#494) During the compliance checking, MDM results that are not used by the module are no longer collected, improving the performance and speed, especially on lower end hardware. Adjusted the TLS Category's Intune Json config to match the new schema. Added a new sub-category for the TLS category, called "TLS for BattleNet". When selected, the TLS category will deploy the group policy that has the extra cipher suite TLS_RSA_WITH_AES_256_CBC_SHA which is less secure but required for BattleNet client to connect to its servers. Fixes -> [BUG?]: TLS Security fix for Battle.net not working #489 This means BattleNet client is no longer automatically detected on the system because there are times when it's installed in non-default location. Now the user is in control to decide whether to use the extra cipher suite or not. WDACConfig module is no longer used/installed for Downloads Defense Measures category. All the necessary logic for policy creation is now implemented natively. This substantially improves the performance and allows for full offline usage of this category and its sub-categories. This also facilitates the deprecation of the WDACConfig module which is replaced with the new modern AppControl Manager.
Implemented more guardrails for signed scenarios (#492) The app no longer allows the wrong certificate or common name to be used during signed policy deployment, re-deployment or removal. Such possible user accidents are caught very early on and communicated to the user with proper and clear messages so user can fix the mistake quickly. The goal is to never let AppControl Manager to be used even intentionally to cause boot failure when dealing with signed policies. Deployment of signed policies is very much recommended over unsigned ones, check this article to see why: https://github.com/HotCakeX/Harden-Windows-Security/wiki/The-Strength-of-Signed-App-Control-Policies AppControl Manager is the only app that's currently available that makes it the safest way to interact with signed policies and it keeps getting better quickly. The content dialogs that ask for user input for signing scenarios have better visuals now, and the focus is by default on the Verify button, which makes it easier and clearer what needs to be done. It also means you can press the enter key on the keyboard quickly to confirm the actions without using mouse. Improved DataGrid experience when removing items in MDE Advanced Hunting and Event Logs pages. Bumped version from 1.8.0.0 to 1.8.1.0
Update AddSigningDetails.cs https://github.com/HotCakeX/Harden-Windows-Security/actions/runs/12513530135/job/34908276241
Harden Windows Security v0.7.0 (#453) Added Encryption Percentage, Protection Status, Key Protector and Encryption Method properties to the BitLocker tab's Backup section. Those properties are now displayed in the data grid for each drive and will be included in the backup file that you create. This is very useful when you need to view detailed info about the BitLocker protected drives on your system. Made Audit policy checks available for all System cultures instead of only supporting English-US. This is for the compliance checking feature. Improved buttons and their positions in BitLocker and Exclusions tabs. Added a short description to the Exclusions tab. Slightly improved the performance and speed of compliance checking. Made lots of performance, quality and security related improvements to the code base. Fixed this issue -> [Bug]: Small bug in WindowsFeatureChecker.cs #449 Added Long path support policy to the Miscellaneous Category's Intune JSON configuration. Added the following 3 new policies to the User Account Control Intune JSON configuration: Behavior Of The Elevation Prompt For Administrator Protection: Prompt for credentials on the secure desktop Type Of Admin Approval Mode: Admin Approval Mode with Administrator protection Use Admin Approval Mode: Enabled Changed this policy in the User Account Control Intune JSON configuration: Changed this from automatically Deny to "Prompt for credentials on the secure desktop": Behavior Of The Elevation Prompt For Standard Users Prompt for credentials on the secure desktop Updated the required PowerShell version from 7.4.4 to 7.4.5. The latest available version is 7.4.6 at the moment, which was released over a month ago.
AppControl Manager 1.5.2.0 (#441) Added support for Windows 11 build 23H2. This is in response to multiple community feedbacks that are always helpful and welcome. Closes AppControl Manager needs to be supported on 23H2 #435 Completely switched to source-generated LibraryImports, improving performance. => Implementing LibraryImports instead of DllImports for improved performance #433 Implemented several new code analyzers that ensure a cleaner, safer, high performance and better code. Improved the scanned data result DataGrid in Supplemental policy creation page. Removed 3 unused columns that don't apply to local file scans, added 1 new column to display each scanned file's Opus data. Overall, this is a relatively small update. Big changes are coming in version 1.6 with many new features! In case you missed it, i posted a new video demoing AppControl Manager, check it out here https://www.youtube.com/watch?v=SzMs13n7elE
AppControl Manager 1.5.1.0 (#424) Enhanced Parsing Logic for MDE Advanced Hunting: The CSV parsing process no longer relies on static column positions. Instead, it dynamically identifies the location of each field, ensuring accurate parsing regardless of column order changes in the CSV file, improving robustness for any future changes. Fixed -> Advanced huntig Logs with AppControl Manager #423 Default Windows Template Policy: A new feature has been added to the policy creation page, enabling the creation of a default Windows template policy with ease. Integrated Documentation Links: Links to the latest AppControl Manager documentation have been added across relevant pages. Users can now quickly access step-by-step guides by clicking a dedicated button whenever guidance is needed. Fixed menu item text for MDE Advanced Hunting, it wasn't showing the full content. Made the navigation buttons in documentation pages more responsive. Improved the UX when using the log size and audit mode options in the Create Policy page.
PreviousNext