Skip to content

Harden Windows Security v.0.7.4
Compare
Choose a tag to compare
@HotCakeX HotCakeX released this 03 Feb 07:39
· 29 commits to main since this release
Hardening-Module-v.0.7.4
2ba0ea6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's New

Harden Windows Security App Demo


✨ The Harden Windows Security now uses .NET 9 (PowerShell 7.5), that means:

  • New appearance that is modern, based on Windows 11 fluent design
  • Mica backdrop
  • Better and more modern code
  • Removal of all custom UI elements that belonged to the old WPF designs
  • Faster startup time
  • Support for light/dark theme in the OS
  • Support for accent colors in the OS
  • More accessible user experience
  • Plus so much more benefits

Removed features:

  • Custom background image.
  • The ability to set custom background image.

Since Mica design is used for the background, there is no longer the need to set a custom color or custom background image.


Other Features

  • You can now export the results of compliance check in the GUI using a new button that was added.

  • Improved Username detection, making it more resilient.

  • Further improved the GUI and code behinds to be more consistent.

  • Improved the comments in the code to be more accurate.

  • Updated the link to the Microsoft 365 apps security baselines to the latest version, 24H2. Previous version was 2306.

  • Added a new design for when an error occurs in the app

    • This is of course a rare occurrence, but this feature is there whenever it's necessary. You no longer need to use PowerShell to copy the logs and no error is propagated there. Complete detail of the error is presented to you in the dialog that you see, and with 1 press of a button you can copy it to clipboard and report it on GitHub if you want.
error screenshot

  • Added support for running the module in Windows Server. You can use all of the features of the Harden Windows Security module in Windows Server 2025 to harden it. This is the Phase 1 of completing this roadmap item.

  • Applied more optimizations to the code.

  • Updated Readme with info regarding the new Edge policeis.

  • Updated the version number file.

  • Update the required Microsoft DLLs.

  • Removed the emoji text arts that appear at the end of the compliance check in the CLI experience.

  • Improved the text colors in the Protect cmdlet in the CLI experience.


New Security Measures

Added 4 new policies to the Edge protection category

  1. Added a policy that will keep support for Manifest V2 extensions enabled even after its depreciation. Manifest V2 extension support is vital for proper functioning of ublock origin (and similar extensions) which is beyond a simple adblocker and can provide lots of protection when browsing the web through its custom lists.

    • Note that this is something being pushed by Google through their controlling power of Chromium, not Microsoft.

  2. Added a policy that will prevent websites to even request access to the local connected USB devices.

  3. Added a policy that automatically denies the window management permission to sites by default. This limits the ability of sites to see information about the device's screens and use that information to open and place windows or request fullscreen on specific screens.

  4. Added a policy that will disable dynamic code in Edge browser which is a security feature that prevents the browser process from creating dynamic code. The default value of this policy is not explicitly defined, it could be enable or could be disabled. Setting it explicitly to enabled via this policy ensures that no dynamic code is created by the browser process.


PRs


Assets 2
Loading