Hard_Configurator VS windows_hardening

WiseVector StopX is a standalone AV and with it's abilities, you do not really need anything else, maybe HardConfig. You can add SophosScanAndClean (free HitmanPro) for a daily scan.

If you restrict WSH/powershell (Hard_Configurator), you will disable most malware by default.

You can secure Windows by using in-built settings, Hard_Configurator helps with that.

Properly hardened Windows Defender (using https://github.com/AndyFul/Hard_Configurator for example) will be more than enough for most case scenarios. If you really need to rely on 3rd party software Emsisoft should meet your requirements.

I think it can be OK, especially if you harden it with HardConfigurator (https://github.com/AndyFul/Hard_Configurator) and/or privacy.sexy

Try out Andy Ful’s Hard_Configurator.

You can try this tool, or some other similar tool. It hardens Windows 10 using the latest guidelines from several organisations. Of course you need to be careful doing this, it can very easily ruin your Windows installation.

Endpoint-based prevention: Harden endpoints, including browser settings (https://www.cisa.gov/uscert/publications/securing-your-web-browser; https://stigviewer.com/stig/google_chrome_browser/) and software firewall including ingress and egress rules (https://www.stigviewer.com/stig/microsoft_windows_firewall_with_advanced_security/2021-10-15/). If you're primarily worried about Windows endpoints, take a look at Hardening Kitty and the solid STIG-based Windows Firewall list (https://github.com/0x6d69636b/windows_hardening/blob/master/lists/finding_list_dod_windows_firewall_stig_v1r7.csv) for some relatively easy wins.

#1: "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list." | 20 comments #2: For those that work in IT Admin, what are the key Powershell Commands that every admin should know? #3: I wrote the mother-of-all onboarding scripts and now everyone blames me for everything...

The above documents mandate a lot of testing and analysis, together with potential design decisions you are not in a position to make; still - you should dedicate the time to do it "properly" from the beginning. Anyhow, in case you are a renegade daredevil - HardeningKitty to the rescue https://github.com/0x6d69636b/windows_hardening =]

#1: /u/betterthangoku has passed away #2: "HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course [their] own hardening list." | 20 comments #3: For those that work in IT Admin, what are the key Powershell Commands that every admin should know?