Hardentools – Utility to Disable Risky Windows Features

Hardentools is a collection of simple utilities designed to disable a number of “features” exposed by operating systems (Microsoft Windows, for now), and primary consumer applications.

These features, commonly thought for enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim’s computer.

Hardentools - Utility to Disable Risky Windows Features
Hardentools – Utility to Disable Risky Windows Features

Disabled Features on Windows OS:

  • Disable Windows Script Host. Windows Script Host allows the execution of VBScript and Javascript files on Windows operating systems. This is very commonly used by regular malware (such as ransomware) as well as targeted malware.
  • Disabling AutoRun and AutoPlay. Disables AutoRun / AutoPlay for all devices. For example, this should prevent applicatons from automatically executing when you plug a USB stick into your computer.
  • Disables powershell.exe, powershell_ise.exe and cmd.exe execution via Windows Explorer. You will not be able to use the terminal and it should prevent the use of PowerShell by malicious code trying to infect the system.
  • Sets User Account Control (UAC) to always ask for permission (even on configuration changes only) and to use “secure desktop”.
  • Disable file extensions mainly used for malicious purposes. Disables the “.hta”, “.js”, “.JSE”, “.WSH”, “.WSF”, “.scf”, “.scr”, “.vbs”, “.vbe” and “.pif” file extensions for the current user (and for system wide defaults, which is only relevant for newly created users).
  • Shows file extensions and hidden files in explorer.
  • Windows Defender Attack Surface Reduction (ASR).

Among the risky features that this tool will disable is for Microsoft Office and Acrobat product. You can read more and download this tool over here: https://github.com/securitywithoutborders/hardentool