Questions Regarding Windows Hardening Guide and Scripts

[HOLIKADEW]

Hello👋,

I recently came across your GitHub page (and website—I assume they are the same) to configure my Windows Defender and improve my system security. However, as a newbie I’m feeling a bit lost. I hope you don’t mind if I ask some questions to clarify things.

My Previous Approach:

In the past, I relied on DefenderUI with the recommended profile. I also installed Malwarebytes Free, which I didn’t keep running in the background. Instead, I used it for on-demand scans whenever I felt something might be wrong. From what understand, the free scan feature is equivalent to the Malwarebytes Pro scan, except the paid version offers real-time protection (which I don’t need as I use Windows Defender).

Recently, I saw a video by TheoJoe about using AppLocker, and it caught my interest. I decided to implement it but wanted to do it on a fresh Windows installation because my current setup was quite old and I wanted to start new.

My Current Setup After Reinstalling Windows:

After reinstalling Windows from USB drive, I came across your website. It seems highly detailed, effective, and well-documented(Thank you!), so I decided to not follow my previous methods entirely and follow your recommendations instead.

Here’s what I’ve done so far:

1. Installed essential apps using a winget file I generated before the reinstall and some apps from the Microsoft Store.
2. Changed basic Windows settings (e.g., dark mode, wallpaper, time zone, set UAC to “Always Notify,” etc.).
3. Configured Edge as my primary browser (which you also recommend) and installed extensions like uBlock Origin, Cookie AutoDelete, and a few others required for my work.

That’s it—I haven’t even made any tweaks yet like using WinToys, which I used to do before. I’m now using my Windows setup cautiously and paying full attention till I use your tool (as I dot't know how secure default settings are) as everything at its default settings.

My Questions:

1. When I visit your GitHub page/website, the first thing I see is this:
   
   Am I supposed to do anything with this?

2. About the main script:

   • As I understand, there are two versions: one with a GUI and another CLI-based version(ig the 1 is GUI and 2 is CLI).
     
   • I watched a video by Ken Harris about your script (ig it made before the GUI version was published). The script he ran matches the Hardening Categories section on your site. However, the GUI preview GIF on the GitHub page doesn’t seem to align with the Hardening Categories. Is the GUI version just a more user-friendly interface for the CLI or is it something else?

3. About the AppControl Manager:

   • What exactly is it? Is it just a tool to configure AppLocker?
   • If I manually configure AppLocker (following TheoJoe’s video), do I still need to install AppControl Manager?

I’m looking forward to your guidance, as I want to make sure I implement everything correctly and securely. Thank you for your time and for sharing such valuable resources for everyone!

[HotCakeX]

Hi,
Thank you, appreciate the compliments!

To answer your 1st question, those are links to different sections of this repository, i'll change the wording on the readme page to clarify that.

2nd question: There is only 1 PowerShell module and you can access it in CLI (command line) mode or GUI (Graphical User Interface), so whichever option you choose you'll be using the same tool/product.

It used to be just a script before, but it has evolved a lot since then and continues to evolve.

3rd question, So this repository currently contains 2 main products, the Harden Windows Security module and AppControl Manager. The 1st one is general purpose while the 2nd one is a Windows application specifically built to manage Application Control in Windows.

You don't need AppLocker (which is an old feature that was replaced by Application Control since Windows 10), so it's recommended to use Application Control and to do that you can use the AppControl Manager app.

I have an introduction article written here that i think will be useful in explaining what Application Control is: https://github.com/HotCakeX/Harden-Windows-Security/wiki/Introduction

If you have more questions or need more explanations, please feel free to ask, that'll help me adjust the documentations to be more clear ^^

[HotCakeX]

I just updated both Readme page and the Rationale page based on your feedback: https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md

If I've overlooked anything or there are any shortcomings, do let me know!

[HOLIKADEW]

To answer your 1st question, those are links to different sections of this repository, i'll change the wording on the readme page to clarify that.
I just updated both Readme page and the Rationale page based on your feedback: https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md

Thank you so much for taking action in such a short time!

2nd question: There is only 1 PowerShell module and you can access it in CLI (command line) mode or GUI (Graphical User Interface), so whichever option you choose you'll be using the same tool/product.

Oh, so it doesn't matter—I can run any of the commands, right? So how do I run the GUI app? Oh, I have to run Protect-WindowsSecurity -GUI # GUI Mode to trigger the GUI after running that command, right? What do the other commands listed, like Confirm-SystemCompliance # CLI Mode and Unprotect-WindowsSecurity # CLI Mode, do?

It used to be just a script before, but it has evolved a lot since then and continues to evolve.

Now I see! The things mentioned in the ReadMe file match up with the video.

What are these sub-categories?

Also, what about the sidebar? Where are the docs for them located? Also, what do "Online" and "Offline" modes mean?
And what is this play button?

You don't need AppLocker (which is an old feature that was replaced by Application Control since Windows 10), so it's recommended to use Application Control and to do that you can use the AppControl Manager app.

So your AppControl Manager is a GUI for Application Control, which is the successor/better version of AppLocker, right?
I was watching your video, and OMG, it still seems so much harder compared to something like AppLocker, where I can very easily see what is going on.

If you have more questions or need more explanations, please feel free to ask.

I have a lot more questions, lol. By the way, can I install and play around on my own system without bricking anything? And if I do mess something up, is there an easy way to simply revert the changes?
I feel like it’s much harder to understand everything in theory, and I’ll probably understand things better if I try them out myself. Also, can I run this tool in Windows Sandbox to test things? Will it work there, considering the Windows Sandbox doesn’t have Defender?

[HotCakeX]

This page should include answer to all of your questions regarding Harden Windows Security module, it explains what each command does. It also shows you how changes can be reverted. Online/Offline lets you browse for the necessary files on your system so the module won't download them from Microsoft servers, such as security baselines, LGPO.exe etc.

Here is more info about them: https://github.com/HotCakeX/Harden-Windows-Security/wiki/Group-Policy

Essentially, it's recommended to use App Control if you don't need to enforce policies for different users on the same system. It's more mature, secure and actively developed. Some more info: https://github.com/HotCakeX/Harden-Windows-Security/wiki/Group-Policy

About categories and sub-categories, navigate to this page and scroll down a bit: https://github.com/HotCakeX/Harden-Windows-Security?tab=readme-ov-file#hardening-categories