Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
Lots of performance improvements and optimizations in pretty much every component of the WDACConfig module to make it faster.
WDAC Simulation's logic has been substantially improved under the hood for faster and completely different mechanism that unlocks all Application Control levels to be verifiable through the simulation engine.
WDAC Simulation now supports parallelism. You can set the number of parallel threads between 1 which is minimum, and the number of your CPU cores which is the maximum. With this improvement, you can perform WDAC Simulation on the entire C drive in only a few minutes.
Laid the groundwork for the future GUI implementation in the WDACConfig module.
When deploying signed policies, before attempting to download the SignTool.exe from the official Microsoft Nuget repository, the module now checks whether Nuget exists as a package source on the system (which should be by default) and if it isn't, it will add it.
When using the New-KernelModeWDACConfig to deploy a strict kernel mode WDAC policy with no flight root signers (which is not the default behavior and you have to go out of your way to choose that option), the module now performs a WDAC simulation on the Windows Kernel to ensure your current OS version does not belong to Dev/Canary insider channels, to prevent from deploying a policy that could render the system unusable.
Lots of PowerShell code have been converted to native C# code for improved agility, future use-cases and being able to directly utilize Windows APIs.
Since Windows no longer has a cap on the number of the WDAC policies that can be deployed, many components of the module have been updated to handle large number of deployed policies.
The module's startup time has been substantially improved, now the parameter suggestions and arguments are loaded at least x3 times faster than before.
Removed the self-signed certificate details from the module files as most of them are converted to C# and .cs files don't support Authenticode signature. The best way to verify the integrity of the WDACConfig module files is using the Assert-WDACConfigIntegrity which uses the strongest available hashing algorithms (SHA3 and SHA2).
All of the PowerShell native global variables have been switched to C# constants, this offers greater protection against tampering since reflection can no longer be used to overwrite them. To compromise C# constants you would need to directly modify their in-memory values which imposes more cost from an attacker's point of view. Read more about this method here
What's New
Added support for WHQLFilePublisher, WHQLPublisher, WHQL and FilePath levels to the WDAC Simulation. If you want to read more about the levels check out this article.
Lots of performance improvements and optimizations in pretty much every component of the WDACConfig module to make it faster.
WDAC Simulation's logic has been substantially improved under the hood for faster and completely different mechanism that unlocks all Application Control levels to be verifiable through the simulation engine.
WDAC Simulation now supports parallelism. You can set the number of parallel threads between 1 which is minimum, and the number of your CPU cores which is the maximum. With this improvement, you can perform WDAC Simulation on the entire C drive in only a few minutes.
Laid the groundwork for the future GUI implementation in the WDACConfig module.
When deploying signed policies, before attempting to download the SignTool.exe from the official Microsoft Nuget repository, the module now checks whether Nuget exists as a package source on the system (which should be by default) and if it isn't, it will add it.
When using the New-KernelModeWDACConfig to deploy a strict kernel mode WDAC policy with no flight root signers (which is not the default behavior and you have to go out of your way to choose that option), the module now performs a WDAC simulation on the Windows Kernel to ensure your current OS version does not belong to Dev/Canary insider channels, to prevent from deploying a policy that could render the system unusable.
Lots of PowerShell code have been converted to native C# code for improved agility, future use-cases and being able to directly utilize Windows APIs.
Since Windows no longer has a cap on the number of the WDAC policies that can be deployed, many components of the module have been updated to handle large number of deployed policies.
The module's startup time has been substantially improved, now the parameter suggestions and arguments are loaded at least x3 times faster than before.
Removed the self-signed certificate details from the module files as most of them are converted to C# and
.csfiles don't support Authenticode signature. The best way to verify the integrity of the WDACConfig module files is using the Assert-WDACConfigIntegrity which uses the strongest available hashing algorithms (SHA3 and SHA2).All of the PowerShell native global variables have been switched to C# constants, this offers greater protection against tampering since reflection can no longer be used to overwrite them. To compromise C# constants you would need to directly modify their in-memory values which imposes more cost from an attacker's point of view. Read more about this method here