diff --git a/Harden-Windows-Security Module/Main files/C#/Unprotect Methods/UnprotectWindowsSecurity.cs b/Harden-Windows-Security Module/Main files/C#/Unprotect Methods/UnprotectWindowsSecurity.cs index 02cddfbcb..07099cef8 100644 --- a/Harden-Windows-Security Module/Main files/C#/Unprotect Methods/UnprotectWindowsSecurity.cs +++ b/Harden-Windows-Security Module/Main files/C#/Unprotect Methods/UnprotectWindowsSecurity.cs @@ -44,7 +44,7 @@ public static void Unprotect() key?.DeleteSubKeyTree("TLSCipherSuiteDenyList", throwOnMissingSubKey: false); } - //Set a tattooed Group policy for SvcHost.exe process mitigations back to disabled state + // Set a tattooed Group policy for SvcHost.exe process mitigations back to disabled state HardenWindowsSecurity.RegistryEditor.EditRegistry(@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SCMConfig", "EnableSvchostMitigationPolicy", "0", "DWORD", "AddOrModify"); #endregion @@ -52,17 +52,9 @@ public static void Unprotect() #region Advanced Microsoft Defender features HardenWindowsSecurity.Logger.LogMessage("Reverting the advanced protections in the Microsoft Defender.", LogTypeIntel.Information); - HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("AllowSwitchToAsyncInspection", false, true); - HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("OobeEnableRtpAndSigUpdate", false, true); - HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("IntelTDTEnabled", false, true); HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("DisableRestorePoint", true, true); - HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("PerformanceModeStatus", 0, true); HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("EnableConvertWarnToBlock", false, true); - HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("BruteForceProtectionAggressiveness", 0, true); - HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("BruteForceProtectionConfiguredState", 0, true); - HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("RemoteEncryptionProtectionAggressiveness", 0, true); - HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("RemoteEncryptionProtectionConfiguredState", 0, true); HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("BruteForceProtectionLocalNetworkBlocking", false, true); HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("EnableEcsConfiguration", false, true); HardenWindowsSecurity.ConfigDefenderHelper.ManageMpPreference("EngineUpdatesChannel", "0", true); diff --git a/Harden-Windows-Security Module/Main files/Shared/HardeningFunctions.ps1 b/Harden-Windows-Security Module/Main files/Shared/HardeningFunctions.ps1 index 41e306c36..6c0d89d6c 100644 --- a/Harden-Windows-Security Module/Main files/Shared/HardeningFunctions.ps1 +++ b/Harden-Windows-Security Module/Main files/Shared/HardeningFunctions.ps1 @@ -376,7 +376,7 @@ Function Invoke-NonAdminCommands { param([System.Management.Automation.SwitchParameter]$RunUnattended) :NonAdminLabel switch ($RunUnattended ? 'Yes' : (Select-Option -Options 'Yes', 'No', 'Exit' -Message "`nRun Non-Admin category ?")) { 'Yes' { - [HardenWindowsSecurity.NonAdminCommands]::Invoke() + [HardenWindowsSecurity.NonAdminCommands]::Invoke() # Only suggest restarting the device if Admin related categories were run and the code was not running in unattended mode if (!$RunUnattended) { if (!$Categories -and [HardenWindowsSecurity.UserPrivCheck]::IsAdmin()) { diff --git a/README.md b/README.md index 6a66f1226..300e61d6c 100644 --- a/README.md +++ b/README.md @@ -292,7 +292,7 @@ From Top to bottom in order:
-- Blue Check mark denoting Group Policy Configures the Cloud Block/Protection Level to the **maximum level of Zero Tolerance and [Block At First Sight](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-worldwide#turn-on-block-at-first-sight-with-group-policy)**. No unknown file can run on your system without first being recognized by the Microsoft's Security Graph and other **globally omniscient systems**. Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#cloudblocklevel) +- Blue Check mark denoting Group Policy Configures the Cloud Block/Protection Level to the **maximum level of Zero Tolerance and [Block At First Sight](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-worldwide#turn-on-block-at-first-sight-with-group-policy)**. No unknown file can run on your system without first being recognized by the Microsoft's Security Graph and other **globally omniscient systems**. Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#cloudblocklevel) horizontal line separator @@ -929,13 +929,13 @@ NistP384 - Blue Check mark denoting Group Policy Applies the following [PIN Complexity rules](https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-manage-in-organization#pin-complexity) to Windows Hello Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexity). Please note that, by default, any character can be set as a PIN. However, the following policies ensure that certain characters are always included as a minimum requirement. - [Must include digits](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#usertenantidpoliciespincomplexitydigits) Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexitydigits) - + - [Expires](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#usertenantidpoliciespincomplexityexpiration) **every 180 days** (default behavior is to never expire) Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexityexpiration) - + - Setting an expiration date ensures that, in the event of theft, a threat actor cannot indefinitely attempt to guess the PIN. After 180 days, the PIN expires, rendering it unusable even if guessed correctly. To reset the PIN, authentication via a Microsoft account or EntraID—likely inaccessible to the attacker—will be required. Combined with anti-hammering and BitLocker policies, this expiration guarantees that a threat actor cannot endlessly persist in guessing the PIN. - + - [History](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#usertenantidpoliciespincomplexityhistory) of the **1** most recent selected PIN is preserved to prevent the user from reusing it Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexityhistory) - + - [Must include lower-case letters](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#usertenantidpoliciespincomplexitylowercaseletters) Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexitylowercaseletters)

💡 (back to categories)

@@ -1308,7 +1308,7 @@ In Windows by default, devices will scan daily, automatically download and insta
-- Blue Check mark denoting Group Policy Sets the number of grace period days before quality updates are installed on devices automatically to 1 day. Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#configuredeadlinegraceperiod) +- Blue Check mark denoting Group Policy Sets the number of grace period days before quality updates are installed on devices automatically to 1 day. Rotating green checkmark denoting CSP [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#configuredeadlinegraceperiod) horizontal line separator @@ -1385,9 +1385,9 @@ In Windows by default, devices will scan daily, automatically download and insta
- Rotating pink checkmark denoting registry or cmdlet [Disables the following weak Cipher Suites](https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#tlsciphersuitedenylist) - + - [Site 1 to test TLS in your browser](https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html) - + - [Site 2 to test TLS in your browser](https://browserleaks.com/tls) horizontal line separator