Harden Windows PCs with SysHardener
SysHardener is a free program for Microsoft's Windows operating system that system administrators may run to harden the Windows environment and reduce attack vectors.
Windows ships with a default configuration that concentrates on compatibility rather than security. While newer versions of Windows come with more and more security features and tools, it is fair to say that the default state of the operating system after installation is not as secure as it could be.
This is not a problem that is inherent to Windows but one that the majority of operating systems suffer from.
Many security and privacy conscious users harden Windows after setup. This may involve disabling or uninstalling features and programs, setting tighter rules for online activities or file executions, or disabling other unwanted features such as Telemetry collecting.
SysHarder is a tweaking software that focuses on security almost exclusively. Run it to make dozens of changes to Windows in a matter of minutes.
While you can make all the changes by yourself, you'd spend more time doing so especially if you don't harden systems all day long as part of your job.
The program is provided as a portable version that you don't need to install. You can run it right after you have downloaded it. NoVirusThanks, the developers of the application, state that it is compatible with 32-bit and 64-bit versions of Windows Vista and newer versions of Windows.
It displays a scrolling list of options when you start it. Options are grouped and each is represented by a checkbox that indicates its status.
Some have exclamation mark icons next to them which act as warnings. Hover over the icons to read the warning so that you can better decide whether to enable a feature or leave it at its default state.
The following groups are provided:
- User Account Control -- Three tweaks to handle UAC, e.g. allow only signed or validated executable files to be executed with elevated rights.
- Windows Security Tweaks -- Long list of security related features like "turn off the Windows Script Host",Â "show hidden and system files", or "Turn on DEP for all programs".
- File Type Associations -- Options to remove file associations for files that are not used often. This includes files that you may use, such as Registry .reg files, Visual Basic vbs files and others.
- Disable Unused Windows Services -- Turn off services that you may not require. The list includes the User Experience and Telemetry, Remote Desktop, Bluetooth Support or Print Spooler services.
- Windows Firewall -- Outbound and inbound rules. Outbound rules to block certain programs from connecting to the Internet.
You need to go through the listing one by one to make judgement calls on any of the available options. Some features may disable functionality that you require and going through the listing carefully is the only option that you have to ensure that you won't disable features you require.
Once you have selected the features that you want to harden click on the "apply selected" button to make the changes.
SysHardener comes with a restore button to restore the default values.
SysHardener is a tweaking software for Windows that focuses on securing Windows PCs. The program is designed for advanced users as it requires a bit of knowledge to understand many of the available options. NoVirusThanks should consider adding help texts for all options to improve the program's usability.
Now You: Have you hardened your system?
- Harden Windows with Hard Configurator
- Hardentools: make Windows more secure by disabling features#
- Microsoft: Windows 10 hardening against 0-day exploits
- SBGuard Anti-Ransomware hardens Windows
- Windows 10 PC's phone home even after privacy hardening
Thank you so much
No longer a Windows user but these kinds of programs were always among my favorites. Reminds me of XP-Antispy. I still maintain a very shortlist of must-have Windows programs – in case I’m ever forced back into Windows (kicking and screaming) for some reason. SysHardener just made the list.
May you please share that list with me kind sir? Maybe you can upload a text file to pastebin or something? Here is my current must have (doesn’t include registry hacks):
XP-Antispy was one of my all-tame favorite programs.
Simple, effective and very user-friendly. I wonder if it’s still available and will it run on Windows 7, because I’d use it in a flash (no pun intended).
The XP-Antispy website is still up and apparently the last version is from 2015.
The home page is in German, but other pages on the site are available in English, as well as versions of the program.
UAC is the worst piece of BS i ever stumbled in to. The first thing i disable.
I’m not convinced that this Syshardener suits my requirement about system settings applications.
First, I appreciate settings illustrated with their corresponding Registry entries (and files if applicable).
Secondly, Syshardener doesn’t explain clearly how their app runs exactly. There is a txt help file but it doesn’t explain,
– What checked/unchecked corresponds to : is it the actual values or the proposed ones? One would intuitively believe that it corresponds to actual values, but then why is the ‘Turn on User Account Control (UAC)’ checked here when I’ve totally disabled UAC? Does the application refer to another Registry key? Unclear.
– Exclamation pointed entries, some on a red background, others on a red one. What does this mean, what difference? Unclear.
I won’t use Syshardener in these conditions. I remember of a comparable application back in the old days of XP: ‘xqdc XSPStart’ was it, great tool where all settings would show exactly what was concerned, a popup with corresponding registry key(s). That was the right way to proceed, opposed to these other applications which just propose to check/uncheck! Not for me.
Use standard account on top of it and you have mostly secure Windows, minus the telemetry you can’t completely opt-out of.
Be sure to enable Administrator account first from compmgmt.msc and set password for it before you set your user account to standard.
Also check OSArmor.
Yes, I’m somewhat puzzled why there’s no mention of OSArmor, a program by the same NoVirusThanks. Chris Wiles on BetaNews provides a much more enlightened review of SysHardner that prompted me to download the portable version to better understand the program.
A quick install of OS Armour shows great promise in actually increasing security.
@Stefan–Doesn’t sound like you use Linux too often; UAC tends to replicate a standard install of a Linux system; Linux constantly requires a password for a myriad of minor functions.
VirusTotal reports the portable version with a few alerts which is worrying, hopefully just false alarms
Likely false positive. Only 32-bit portable version reports Trojan/Win32.Pincav.C1768474 from AhnLab-V3, never of this company. 64-bit portable version reports clean on VirusTotal.
They have good apps but not al working here on Xp but they have promised me to fix DRP, SOB and ERP 4.0.
OSArmor, file extension monitor and PE dropper monitor works great for extra security on Xp and they have more but that I see more of running them once in a while…
I checked SUPERFETCH in Syshardener to disable this.
This set SYSMAIN-service (formerly SUPERFETCH-service) to disabled, however this proved to give a slow starting PC, so it is wrong.
I then unchecked SUPERFETCH again in Syshardener, and restarted the PC. This did NOT enable the SYSMAIN-service.
So this is a serious flaw in Syshardener. What other Check/Uncheck errors are there then?
I have used another systemhardener program for win10, with also such an error (disabling/enabling windows scripting), so also not reliable to use.
It seems to me that this kind of SYSHARDENING-tools can better not be used!!!
You should check it again (also uncheck others) and then click on restore button.
I already had OSArmor installed on Windows 10 and just now I installed SysHardener to add another useful layer of protection.
However I was very surprised that the VPN being suggested by SysHardener is HideMyAss. Aside from the fact that for the most part I consider VPNs snake oil when it comes to home users, it can be seen on https://thatoneprivacysite.net that HideMyAss is a pretty shitty VPN even by VPN standards. Their privacy and security are poor, which are two of the main reasons that people use VPNs in the first place. Obviously anonymity is another reason, but if you want that (or as close to anonymous as you can get) then use Tails and not a VPN.
Also the cloud storage being suggested is pCloud: https://www.pcloud.com/cloud-storage-pricing-plans.html
I’d never heard of the service so went to the website. Firstly their plans are very expensive. I recently bought a 2TB Seagate external drive and it cost me about Â£60 (GBP 60) IIRC. It would be better value and better in general imo to buy a couple of external drives and keep one at home and one at a relative’s or friend’s place. Also in the bottom left of the screen it tells me every few seconds that a user from such-and-such a country has just signed up for such-and-such a plan. That looks incredibly unprofessional to me. Even if that’s true, so what? It’s not going to persuade me to buy a particular plan.
I also found this: https://www.reddit.com/r/privacy/comments/am2xbn/pcloud_allows_public_to_view_and_report_your/
Hardly the sort of company I’d want to do business with.
Promoting companies like HideMyAss and pCloud makes the developer look unpofessional and it would be better imo to cut all links with these companies and find better companies to work with.
I would email the developer, but I emailed after installing OSArmor because I had a couple of queries and didn’t get a reply, so I won’t be bothering.
I was just considering buying EXE Radar Pro from https://www.novirusthanks.org/products/exe-radar-pro/ but after clicking on the “Buy Now” button, I got a warning from uBlock Origin that said:
uBlock Origin has prevented the following page from loading:
Because of the following filter
Malvertising filter list by Disconnect
Peter Loweâ€™s Ad and tracking server list
i.e. 3 different filters identify regnow.com as dodgy in some way (squidblacklist is a custom filter I added to uBlock Origin using filterlists.com, the other two come with uBlock Origin)
This doesn’t exactly fill me with confidence about EXE Radar Pro and I’d never buy from regnow.com after getting that uBlock Origin warning. Googling “regnow.com” (including the quotation marks) does nothing to alleviate my uneasiness.
I’m very confused about this. On one hand EXE Radar Pro seems to provide a very useful service. But as I pointed out in my previous comment above dated August 12 2019, this developer clearly forms some very questionable business alliances (regnow.com, HideMyAss, pCloud).
So I think that one of the following options must be the case:
Either 1) The software is good, but the developer makes lousy business decisions
Or 2) The software performs useful functions, but it also carries out dodgy stuff in the background that the user isn’t aware of (and it’s been designed in such a way that it evades detection by AV/AM products) [I scanned OSArmor and SysHardener using VirusTotal, Defender, Malwarebytes Free and SUPERAntiSpyware Free and none reported an issue with either program.]
Does anyone know if OSArmor, SysHardener or EXE Radar Pro have been tested in a virtual/sandboxed environment to see if they actually do anything malicious? I’d be interested to know.