Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
The ConvertTo-WDACPolicy command now shows blocked and audited events by default unless you use the -LogType parameter to narrow it down. The previous default behavior was Audit logs only.
The ConvertTo-WDACPolicy now has a new optional parameter called -Level. The level determining rule generation can be one of the following: Auto, FilePublisher, Publisher, or Hash.
The fallback level is always Hash.
By default, which is the same as not using this parameter, the most secure levels are prioritized. If a log contains the requisite details for the FilePublisher level, it will be utilized. If not, the Publisher level will be attempted. Should this also fail, the Hash level will be employed.
Enterprises and organizations typically favor the Publisher level over FilePublisher for its streamlined maintenance, making this adjustment particularly advantageous for these user groups.
The Edit-SignedWDACConfig and Edit-WDACConfig commands now support the same levels that the ConvertTo-WDACPolicy supports when creating policy based on the event logs.
Improved globalization to ensure compatibility with any culture.
Provided ready to use Visual Studio solution (.NET 9).
ConvertTo-WDACPolicy -PolicyToAddLogsTo now supports policies that contain Macros.
What's New
The ConvertTo-WDACPolicy command now shows blocked and audited events by default unless you use the
-LogTypeparameter to narrow it down. The previous default behavior was Audit logs only.The ConvertTo-WDACPolicy now has a new optional parameter called -Level. The level determining rule generation can be one of the following: Auto, FilePublisher, Publisher, or Hash.
The fallback level is always Hash.
By default, which is the same as not using this parameter, the most secure levels are prioritized. If a log contains the requisite details for the FilePublisher level, it will be utilized. If not, the Publisher level will be attempted. Should this also fail, the Hash level will be employed.
Enterprises and organizations typically favor the Publisher level over FilePublisher for its streamlined maintenance, making this adjustment particularly advantageous for these user groups.
The
Edit-SignedWDACConfigandEdit-WDACConfigcommands now support the same levels that theConvertTo-WDACPolicysupports when creating policy based on the event logs.Improved globalization to ensure compatibility with any culture.
Provided ready to use Visual Studio solution (.NET 9).
ConvertTo-WDACPolicy -PolicyToAddLogsTonow supports policies that contain Macros.