Releases: HotCakeX/Harden-Windows-Security
Harden Windows Security v.0.6.2
What's New
-
Implemented a new GUI section to offer a unified place to browse for multiple files and add them all at once to multiple exclusion lists. Closes #323 - Related Discussion
-
BitLocker encryption has been added to the GUI! You can now effortlessly encrypt the OS drive, non-OS drives, and removable drives directly through the graphical interface, with multiple options available for each type of encryption. With the encryption process now fully integrated into the GUI, the command-line encryption feature has been removed. Previously, encryption through the CLI was manual and limited by the terminal's capabilities. - Closes #282
-
With this pull request, the Harden Windows Security project is now fully implemented in native C# code, adhering to modern best practices. For those interested in the technical details, you can find more information here. Once PowerShell 7.5 and .NET 9 reach stable release, the application will undergo a complete GUI overhaul. This update will introduce a modernized design aligned with Windows 11 aesthetics, seamless automatic dark/light mode based on your system theme, and many additional enhancements.
-
When running without elevated privileges, any GUI pages requiring administrative access will no longer open automatically. Instead, a dialog box will appear, notifying you that Administrator privileges are necessary to proceed.
-
On the BitLocker page, utilizing the execute button now ensures that relevant group policies are applied to facilitate proper drive encryption. These policies are essential for enabling advanced BitLocker features, such as TPM-based key protectors and Enhanced PINs.
-
A new toggle has been introduced on the Logs tab, allowing users to enable or disable the logger's auto-scroll functionality with ease.
-
The Logs tab now includes a convenient button for swiftly exporting all log entries to a file, streamlining the process for documentation or analysis.
-
You can access the BitLocker page to view all recovery passwords for BitLocker-encrypted drives. Additionally, you can utilize the backup button to store these passwords in a file for safekeeping. The file will include all of the necessary properties in case you need to perform drive recovery in the future from the OOBE.
-
Fixed an issue where Controlled Folder Access exclusions list would be cleared after using the Harden Windows Security application.
-
The GUI toggle button on the Protect page used to write logs to the Windows event viewer is now disable when running without Administrator privileges as it is required for writing event logs to the designated location.
PR: #341
WDACConfig Update v0.4.5
What's New
-
Improved module startup time.
-
Updated the task scheduler creation logic, the one that creates a task that automatically updates Microsoft recommended drivers block list WDAC policy on the system every week. It's become more resilient.
-
Implemented lots of new strict code rules to enforce best practices, optimization and correctness.
-
Required PowerShell version: 7.4.3 => 7.4.4
-
Closes #337
I wanted to thank everyone who reports issues here, you all help creating a more mature software and develop something that can benefit us all. So, Thank you 🙏
Issues/bugs always have a higher priority than feature requests for me and I try to fix any issue that is reported as soon as possible to minimize your downtime. When I fix an issue, i don't just try to quickly fix that one instance and be done with it, Instead I find the root cause of it and fix the entire category of that issue/bug so that things like that never happen again in the future.
I hope everyone has a nice day/evening/night and stay safe! 💚
PR: #340
Harden Windows Security v.0.6.1
What's New
-
Added toast notifications for unprotection and ASR rule applications. Also updated the icons and images of other toast notifications for consistency. The messages on toast notifications are also useful as they provide a quick summary of the action that was just completed.
-
Implemented lots of new code rules for improved strictness and optimization.
-
Updated the task scheduler creation logic in the Microsoft Defender category, the one that creates a task that automatically updates Microsoft recommended drivers block list WDAC policy on the system every week. It's become more resilient.
-
Closes #338
PR: #339
Harden Windows Security v.0.6.0
What's New
-
Added support for writing events and logs to the Windows Event Viewer. Use the new button on the GUI to activate Event logging at any time. They will be saved in Applications log under the "Harden-Windows-Security" source. Information, Warning and Error types are properly marked for easy detection.
-
Transition between different tabs of the GUI is smoother and faster.
-
The progress bar that used to appear in the Protect tab now appears globally on the entire GUI when there is activity. This helps you to know that the application is working on something and is busy.
-
Added a new slider to the bottom left of the GUI so you can change the transparency of the background image.
-
Added a new button to the bottom left of the GUI so you can browse for custom background image.
-
Improved resource management: You can now delete the entire module folder after closing the GUI or using the
Protect-WindowsSecuritycommand in general, without the need to close PowerShell first. -
Implemented a new error handling mechanism in the GUI. When an error occurs, users will now see a prompt that clearly explains the issue and provides guidance on the next steps. Additionally, the prompt includes a button that directs users to this repository's GitHub issues page, making it easy to report the error for swift resolution.
-
Fixed #334
PR: #335
Harden Windows Security v.0.5.9
What's New
-
Introduction of Security Presets: Experience three refined security configurations: Basic, Recommended, and Complete. Unsure of which category or sub-category suits your needs? Utilize these presets to implement the most optimal settings for your specific use case. By default, the Recommended preset is applied, with the flexibility to modify it via the dropdown menu on the protection page.
-
Unified Logging: A new tab has been incorporated, Logs, into the Harden Windows Security app. This feature consolidates all application logs—generated from various commands and code (PowerShell, C#, etc.)—including errors, verbose messages, informational notes, and more, all in a singular, accessible location.
-
New Microsoft Defender setting: ECS Configurations have been introduced within Microsoft Defender. These configurations bolster product health and security by automatically addressing and rectifying potential issues or bugs in a timely manner.
-
Elevated Background Quality: The overall quality of background elements has been refined for a more polished visual experience.
-
Consistent Sidebar Icons: The sidebar tab icons have been updated to align with the Windows 11 aesthetic, ensuring a uniform and modern appearance.
-
A new Unprotect tab has been added to the Harden Windows Security application. This allows for the reversal of previously applied protections without exiting the GUI. Note that the capability to undo protections has been available via CLI for quite a long time.
-
Refined Verification Process: In the Confirm & Verify tab, a new dropdown menu enables the selection of specific categories for verification, allowing for targeted compliance checks rather than reviewing all categories.
-
Enhanced Attack Surface Reduction Management: A new tab has been added to the Harden Windows Security application, offering individual management of each Attack Surface Reduction rule. The best part about this feature is that it uses Group Policies to apply such detailed Atack Surface Reduction configurations, seamlessly merging with the rest of the policies.
-
Improved Scrolling Experience: The scrolling functionality for categories and subcategories in the protection tab has been enhanced, now scrolling by pixels for smoother navigation.
-
Added more log messages throughout the code for better verbosity and visibility.
-
In response to feedback, the tooltips for categories and sub-categories within the Protection tab now appear with a brief delay, rather than instantaneously upon hovering.
-
The Protection tab now features enhanced logic, allowing more GUI elements to remain active during ongoing operations.
PR: #333
Harden Windows Security v.0.5.8
What's New
-
Added a new policy to the Microsoft Defender Category, called BruteForceProtectionLocalNetworkBlocking. It Extends brute-force protection coverage in Microsoft Defender Antivirus to block local network addresses.
-
Removed Controlled Folder Access Exclusion List display from the Compliance checking results. Its
Compliantproperty was always set toN/Asince it never participated in the final security score and its only purpose was to show the file paths that exist in the exclusion list, nothing else. The exclusions list can be viewed in the Microsoft Defender's GUI or on the command line with PowerShell, if needed. With this change, there is no longer any items in the compliance check results withN/ACompliant value, they are either True or False. -
Improved the auto-updating mechanism.
-
Changed the History for the PIN Complexity policy from 3 to 1. Related
-
Empty log messages that only have timestamps are no longer displayed on the console or on the GUI.
-
Fixed a visual issue where you would start the compliance check, then switch to another tab such as protection page, and while in there, the compliance check would finish, but after switching back to Confirmation page, the total count of the items wouldn't be shown. Related
-
Added 2 toggle buttons to the compliance checking page in the GUI to filter the displayed results based on Compliant/Non-Compliant status.
-
Added an area in the confirmation page's GUI to display the live number of displayed results. Updated in real time during filter application and keyword searches.
-
Overall code optimization and categorization.
-
Increased minimum OS build requirement from 22621.3155 to 22621.3880. As already explained numerous times throughout this repo, keeping your OS up to date is the most important thing. The main reason for this change is the new Microsoft Defender features added in this update.
PR: #332
Harden Windows Security v.0.5.7
What's New
-
Implemented Application-wide activity control. When you're applying the security measures, compliance checking will be unavailable and vice versa. This is to ensure that the compliance check results are accurate by preventing the user from performing both tasks at the same time.
-
The data grid for compliance checking results have been improved.
- Added visible separators to the header.
- Changed the images for compliant/non-compliant items for better visibility.
- Removed the highlighting effect in the data grid since it wasn't necessary.
- Column headers now stand out from the rest of the data.
-
The module no longer changes the session-wide error preference, it now contains it within the module scope.
-
Added matching progress bars to the CLI experience.
PR: #330
Harden Windows Security v.0.5.6
What's Changed
- Fixed a DLL interference with other programs which would result in the new notifications experience throwing error.
- Added the workaround for the problem with DISM module in PowerShell installed from store.
PR: #328
Thanks to @agpt8 for testing and reporting the issues.
Contributors
Assets 2
Harden Windows Security v.0.5.5
What's New
-
Added Compliance checking and system auditing functionality to the GUI with built-in search functionality.
-
Added Sidebar tabbed experience with animation for ease of use. It has virtually unlimited space for new features and pages with scrollable style.
-
Using MVVM design pattern.
-
Native WPF GUI with no 3rd party dependency or any compiled binaries.
-
When ARM hardware is detected, all process mitigations will be skipped. More info here. If you have ARM hardware and want to contribute to this project, you can help me verify each process mitigation on your ARM hardware so I can enable the ones that are compatible.
-
The experience and logic for enabling logging has been improved.
-
You can now manually enter the path where the logs will be saved to as well. Previously, you'd only have to use the button on the GUI to browse for one.
-
Added custom tooltips for each category and sub-category in the protection tab with small meaningful details to help you decide which option to choose.
-
Required PowerShell version has been increased from 7.4.2 to 7.4.4. The Harden Windows Security heavily relies on the latest .NET components shipped with PowerShell, that's why you don't need to install .NET runtime separately.
-
When logging is enabled, the logs are written to the file in real time instead of at the end of the operation.
-
Significantly improved the toast notifications experience, they are now modern Windows 11 style toast notifications. Due to this improved experience, 5 official Microsoft-Signed DLLs are bundled with the Harden Windows Security program. Links to them can be found below:
-
The Harden Windows Security program can now be fully used in both Visual Studio (native C#) and Visual Studio Code (native PowerShell). Its hybrid design allows it to be highly interoperable.
What's Next
-
Unprotect-WindowsSecuritywill be added to the GUI. -
Attack Surface Reduction rules will be individually configurable in a new section in the GUI.
-
BitLocker enrollment and activation through the GUI.
-
And more.
Resolves #318
PR: #319