HardeningKitty icon indicating copy to clipboard operation
HardeningKitty copied to clipboard
verified publisher icon scipag

I am executing HardeningKitty in a spanish Windows and I have errors. Can anyone help me? Thank you

Open picstar opened this issue 4 months ago โ€ข 19 comments

The result of my execution is:

=^._.^=
 _(      )/  HardeningKitty 0.9.3-1726808773

[*] 02/12/2025 21:16:48 - Starting HardeningKitty

[] 02/12/2025 21:16:48 - Getting machine information [] Hostname: ************* [] Domain: ********** [] Domain role: StandaloneWorkstation [] Install date: 07/23/2025 19:43:24 [] Last Boot Time: 12/01/2025 18:45:40 (American date...) [] Uptime: 1.02:31:08.5158567 [] Windows: Microsoft Windows 11 Pro [] Windows edition: Professional [] Windows version: 2009 [] Windows build: 26100.1.amd64fre.ge_release.240331-1435 [] System-locale: es-ES [*] Powershell Version: 5.1

[*] 02/12/2025 21:16:52 - Language warning [?] 02/12/2025 21:16:52 - HardeningKitty was developed for the system language 'en-US'. This system uses 'es-ES' Language-dependent analyses can sometimes produce false results. Please create an issue if this occurs.

[] 02/12/2025 21:16:52 - Getting user information [] Username: ************************* [*] Is Admin: True

[] 02/12/2025 21:16:52 - HardeningKitty is done [] 02/12/2025 21:16:52 - Your HardeningKitty score is: 1. HardeningKitty Statistics: Total checks: 0 - Passed: 0, Low: 0, Medium: 0, High: 0.

Can anyone help me? Thank you

picstar avatar Dec 02 '25 22:12 picstar

Could you please share the command that you used? It looks like there are no finding lists or findings available

0x6d69636b avatar Dec 03 '25 16:12 0x6d69636b

My commands: Import-Module .\HardeningKitty.psm1. It didn't return any result. Invoke-HardeningKitty -EmojiSupport: For this, first time the error was these: "The finding list \finding_list_0x6d69636b_machine.csv was not found", but I solved it creating the empty file. After that, I executed it again and it didn't return any result, only the score: "[] 02/12/2025 21:16:52 - Your HardeningKitty score is: 1. HardeningKitty Statistics: Total checks: 0 - Passed: 0, Low: 0, Medium: 0, High: 0"

Thank you

picstar avatar Dec 03 '25 19:12 picstar

  • "The finding < p a t h >\list \finding_list_0x6d69636b_machine.csv

picstar avatar Dec 03 '25 19:12 picstar

You'll need a finding list, as it contains all the settings to check. The lists folder a variety of lists, including my own recommendations, CIS Benchmark, and Microsoft Security Baselines. You'll need to select one of these to audit your system

0x6d69636b avatar Dec 04 '25 18:12 0x6d69636b

I have found two scripts: finding_list_msft_security_baseline_windows_11_24h2_machine.csv finding_list_msft_security_baseline_windows_11_24h2_user.csv Yes, my win 11 profeesional is 24h2 version. Are enough? I cannot find cis script for windows 11 proffesional.

I executed scripts again and the result has been the same: [] 05/12/2025 11:50:46 - HardeningKitty is done [] 05/12/2025 11:50:46 - Your HardeningKitty score is: 1. HardeningKitty Statistics: Total checks: 0 - Passed: 0, Low: 0, Medium: 0, High: 0.

The folder structure respect Kitty scripts is the follow:

Image

Is it correct? Why the script fail?

Thank you very much

picstar avatar Dec 05 '25 11:12 picstar

The default list is finding_list_0x6d69636b_machine.csv. If you want to use a different list, you need to specify the path to it in the -FileFindingList parameter

0x6d69636b avatar Dec 05 '25 17:12 0x6d69636b

But, What content must have the script finding_list_0x6d69636b_machine.csv and where must be it? Sorry. Thank you

picstar avatar Dec 05 '25 20:12 picstar

I have found two: https://github.com/scipag/HardeningKitty/blob/master/lists/finding_list_0x6d69636b_user.csv https://github.com/scipag/HardeningKitty/blob/master/lists/finding_list_0x6d69636b_machine.csv What's the diference between them? Do I need two?

picstar avatar Dec 05 '25 21:12 picstar

But, What content must have the script finding_list_0x6d69636b_machine.csv and where must be it?

In the list subdirectory and the content is here. Alternatively, you can use the -FileFindingList parameter to define where the list is stored. The documentation may help.

What's the diference between them? Do I need two?

The hardening settings are split into Machine and User settings. Therefore, there are two lists and a complete audit/hardening requires both.

0x6d69636b avatar Dec 06 '25 06:12 0x6d69636b

Thank you. I'll try them

picstar avatar Dec 06 '25 16:12 picstar

My last execution (finally) works:

PS C:\Users\Usuario\Documents\Windows\PowerShell\Modules\HardeningKitty\0.9.2> Invoke-HardeningKitty -EmojiSupport

  =^._.^=
 _(      )/  HardeningKitty 0.9.3-1726808773

[*] 08/12/2025 10:55:06 - Starting HardeningKitty

[] 08/12/2025 10:55:06 - Getting machine information [] Hostname: DESKTOP-TS3DFCC [] Domain: WORKGROUP [] Domain role: StandaloneWorkstation [] Install date: 07/23/2025 19:43:24 [] Last Boot Time: 12/07/2025 21:44:40 [] Uptime: 13:10:25.9640666 [] Windows: Microsoft Windows 11 Pro [] Windows edition: Professional [] Windows version: 2009 [] Windows build: 26100.1.amd64fre.ge_release.240331-1435 [] System-locale: es-ES [*] Powershell Version: 5.1

[*] 08/12/2025 10:55:10 - Language warning [?] 08/12/2025 10:55:10 - HardeningKitty was developed for the system language 'en-US'. This system uses 'es-ES' Language-dependent analyses can sometimes produce false results. Please create an issue if this occurs.

[] 08/12/2025 10:55:10 - Getting user information [] Username: DESKTOP-TS3DFCC\Admin [*] Is Admin: False

[*] 08/12/2025 10:55:10 - Starting Category Features [!] 08/12/2025 10:55:10 - ID 1000, SMBv1 Support, Method WindowsOptionalFeature requires admin privileges. Test skipped.

[*] 08/12/2025 10:55:10 - Starting Category Account Policies [!] 08/12/2025 10:55:10 - ID 1103, Store passwords using reversible encryption, Method secedit requires admin privileges. Test skipped. [๐Ÿ˜ผ] ID 1101, Account lockout duration, Result=10, Recommended=15, Severity=Low [๐Ÿ˜บ] ID 1100, Account lockout threshold, Result=10, Recommended=10, Severity=Passed [!] 08/12/2025 10:55:10 - ID 1104, Allow Administrator account lockout, Method secedit requires admin privileges. Test skipped. [๐Ÿ˜ผ] ID 1102, Reset account lockout counter, Result=10, Recommended=15, Severity=Low

[*] 08/12/2025 10:55:10 - Starting Category User Rights Assignment [!] 08/12/2025 10:55:10 - ID 1200, Access this computer from the network, Method accesschk requires admin privileges. Test skipped. [!] 08/12/2025 10:55:10 - ID 1201, Allow log on locally, Method accesschk requires admin privileges. Test skipped. [!] 08/12/2025 10:55:10 - ID 1202, Debug programs, Method accesschk requires admin privileges. Test skipped. [!] 08/12/2025 10:55:10 - ID 1203, Deny access to this computer from the network, Method accesschk requires admin privileges. Test skipped. [!] 08/12/2025 10:55:10 - ID 1204, Deny log on as a batch job, Method accesschk requires admin privileges. Test skipped. [!] 08/12/2025 10:55:10 - ID 1205, Deny log on as a service, Method accesschk requires admin privileges. Test skipped. [!] 08/12/2025 10:55:10 - ID 1206, Deny log on through Remote Desktop Services, Method accesschk requires admin privileges. Test skipped.

[*] 08/12/2025 10:55:10 - Starting Category Security Options [๐Ÿ˜ผ] ID 1300, Accounts: Block Microsoft accounts, Result=0, Recommended=3, Severity=Low [๐Ÿ˜บ] ID 1301, Audit: Force audit policy subcategory settings to override audit policy category settings, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ผ] ID 1302, Interactive logon: Do not require CTRL+ALT+DEL, Result=1, Recommended=0, Severity=Low [๐Ÿ˜ผ] ID 1303, Interactive logon: Don't display last signed-in, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 1304, Interactive logon: Don't display username at sign-in, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ฟ] ID 1305, Microsoft network client: Digitally sign communications (always), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1306, Microsoft network client: Digitally sign communications (if server agrees), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1307, Microsoft network server: Digitally sign communications (always), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1308, Microsoft network server: Digitally sign communications (if client agrees), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1309, Network access: Do not allow anonymous enumeration of SAM accounts, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1310, Network access: Do not allow anonymous enumeration of SAM accounts and shares, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1311, Network access: Do not allow storage of passwords and credentials for network authentication, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1324, Network access: Restrict anonymous access to Named Pipes and Shares, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1325, Network access: Restrict clients allowed to make remote calls to SAM, Result=, Recommended=O:BAG:BAD:(A;;RC;;;BA), Severity=Medium [๐Ÿ˜บ] ID 1312, Network security: Allow LocalSystem NULL session fallback, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1326, Network security: Do not store LAN Manager hash value on next password change, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1313, Network security: LAN Manager authentication level, Result=3, Recommended=5, Severity=Medium [๐Ÿ˜บ] ID 1314, Network security: LDAP client signing requirements, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1315, Network security: Minimum session security for NTLM SSP based (including secure RPC) clients, Result=536870912, Recommended=537395200, Severity=Medium [๐Ÿ˜ฟ] ID 1316, Network security: Minimum session security for NTLM SSP based (including secure RPC) servers, Result=536870912, Recommended=537395200, Severity=Medium [๐Ÿ˜ฟ] ID 1317, Network security: Restrict NTLM: Audit Incoming NTLM Traffic, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1318, Network security: Restrict NTLM: Audit NTLM authentication in this domain, Result=0, Recommended=7, Severity=Medium [๐Ÿ˜ฟ] ID 1319, Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1320, Shutdown: Allow system to be shut down without having to log on, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1321, User Account Control: Admin Approval Mode for the Built-in Administrator account, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1322, User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1323, User Account Control: Behavior of the elevation prompt for standard users, Result=3, Recommended=1, Severity=Medium

[*] 08/12/2025 10:55:11 - Starting Category Windows Firewall [๐Ÿ˜ฟ] ID 1400, EnableFirewall (Domain Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1418, EnableFirewall (Domain Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1401, Inbound Connections (Domain Profile, Policy), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1419, Inbound Connections (Domain Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1402, Outbound Connections (Domain Profile, Policy), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1420, Outbound Connections (Domain Profile), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1403, Log size limit (Domain Profile, Policy), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1421, Log size limit (Domain Profile), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1404, Log dropped packets (Domain Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1422, Log dropped packets (Domain Profile), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 1405, Log successful connections (Domain Profile, Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 1423, Log successful connections (Domain Profile), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ฟ] ID 1406, EnableFirewall (Private Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1424, EnableFirewall (Private Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1407, Inbound Connections (Private Profile, Policy), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1425, Inbound Connections (Private Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1408, Outbound Connections (Private Profile, Policy), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1426, Outbound Connections (Private Profile), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1409, Log size limit (Private Profile, Policy), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1427, Log size limit (Private Profile), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1410, Log dropped packets (Private Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1428, Log dropped packets (Private Profile), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 1411, Log successful connections (Private Profile, Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 1429, Log successful connections (Private Profile), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ฟ] ID 1412, EnableFirewall (Public Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1430, EnableFirewall (Public Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1413, Inbound Connections (Public Profile, Policy), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1431, Inbound Connections (Public Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1414, Outbound Connections (Public Profile, Policy), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1432, Outbound Connections (Public Profile), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1415, Log size limit (Public Profile, Policy), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1433, Log size limit (Public Profile), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1416, Log dropped packets (Public Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1434, Log dropped packets (Public Profile), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 1417, Log successful connections (Public Profile, Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 1435, Log successful connections (Public Profile), Result=0, Recommended=1, Severity=Low

[*] 08/12/2025 10:55:11 - Starting Category Advanced Audit Policy Configuration [!] 08/12/2025 10:55:11 - ID 1500, Credential Validation, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1501, Security Group Management, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1502, User Account Management, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1503, DPAPI Activity, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1504, Plug and Play Events, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1505, Process Creation, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1506, Account Lockout, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1507, Group Membership, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1508, Logon, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1509, Other Logon/Logoff Events, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1510, Special Logon, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1511, Detailed File Share, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1512, File Share, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1513, Kernel Object, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1514, Other Object Access Events, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1515, Removable Storage, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1516, SAM, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1517, Audit Policy Change, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1518, Authentication Policy Change, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1519, MPSSVC Rule-Level Policy Change, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1520, Other Policy Change Events, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1521, Sensitive Privilege Use, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1522, Other System Events, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1523, Security State Change, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1524, Security System Extension, Method auditpol requires admin privileges. Test skipped. [!] 08/12/2025 10:55:11 - ID 1525, System Integrity, Method auditpol requires admin privileges. Test skipped.

[*] 08/12/2025 10:55:11 - Starting Category Administrative Templates: Control Panel [๐Ÿ˜ผ] ID 1600, Personalization: Prevent enabling lock screen camera, Result=0, Recommended=1, Severity=Low

[*] 08/12/2025 10:55:11 - Starting Category Administrative Templates: Network [๐Ÿ˜ฟ] ID 1601, DNS Client: Turn off multicast name resolution (LLMNR), Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1602, Lanman Workstation: Enable insecure guest logons, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1603, Turn off Microsoft Peer-to-Peer Networking Services, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1604, WLAN Settings: Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services, Result=1, Recommended=0, Severity=Medium

[] 08/12/2025 10:55:11 - Starting Category Administrative Templates: PowerShellCore [๐Ÿ˜ผ] ID 2108, Turn on PowerShell Module Logging, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2109, Turn on PowerShell Module Logging (PowerShell Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2110, Turn on PowerShell Module Logging - Module Names, Result=, Recommended=, Severity=Low [๐Ÿ˜ฟ] ID 2111, Turn on PowerShell Script Block Logging, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 2112, Turn on PowerShell Script Block Logging (Invocation), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2113, Turn on PowerShell Script Block Logging (PowerShell Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2116, Turn on PowerShell Transcription, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2114, Turn on PowerShell Transcription (Invocation), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ฟ] ID 2115, Turn on PowerShell Transcription (PowerShell Policy), Result=0, Recommended=1, Severity=Medium

[*] 08/12/2025 10:55:11 - Starting Category Administrative Templates: Printers [๐Ÿ˜ฟ] ID 1772, Configure Redirection Guard, Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1768, Only use Package Point and Print (CVE-2021-36958), Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1769, Package Point and Print - Approved servers (CVE-2021-36958), Result=, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1764, Point and Print Restrictions: When installing drivers for a new connection (CVE-2021-34527), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1765, Point and Print Restrictions: When updating drivers for an existing connection (CVE-2021-34527), Result=0, Recommended=0, Severity=Passed

[*] 08/12/2025 10:55:11 - Starting Category Administrative Templates: Start Menu and Taskbar [๐Ÿ˜ฟ] ID 1771, Notifications: Turn off notifications network usage, Result=0, Recommended=1, Severity=Medium

[*] 08/12/2025 10:55:11 - Starting Category Administrative Templates: System [๐Ÿ˜ฟ] ID 1605, Credentials Delegation: Allow delegation default credentials, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜บ] ID 1606, Credentials Delegation: Encryption Oracle Remediation, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1699, Credentials Delegation: Remote host allows delegation of non-exportable credentials, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1607, Device Installation: Device Installation Restrictions: Prevent installation of devices that match an ID, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1608, Device Installation: Device Installation Restrictions: Prevent installation of devices that match an ID (Retroactive), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1609, Device Installation: Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0010 (Firewire), Result=0, Recommended=PCI\CC_0C0010, Severity=Medium [๐Ÿ˜ฟ] ID 1610, Device Installation: Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0A (Thunderbolt), Result=0, Recommended=PCI\CC_0C0A, Severity=Medium [๐Ÿ˜ฟ] ID 1611, Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup class, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1612, Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup class (Retroactive), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1613, Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match d48179be-ec20-11d1-b6b8-00c04fa372a7 (SBP-2 drive), Result=0, Recommended=d48179be-ec20-11d1-b6b8-00c04fa372a7, Severity=Medium [๐Ÿ˜บ] ID 1614, Device Guard: Virtualization Based Security Status, Result=2, Recommended=2, Severity=Passed [๐Ÿ˜บ] ID 1615, Device Guard: Available Security Properties: Secure Boot, Result=2, Recommended=2, Severity=Passed [๐Ÿ˜ฟ] ID 1616, Device Guard: Available Security Properties: DMA protection, Result=Not available, Recommended=3, Severity=Medium [๐Ÿ˜ฟ] ID 1617, Device Guard: Security Services Configured: Credential Guard, Result=Not available, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1619, Device Guard: Security Services Running: Credential Guard, Result=Not available, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1618, Device Guard: Security Services Configured: HVCI, Result=2, Recommended=2, Severity=Passed [๐Ÿ˜บ] ID 1620, Device Guard: Security Services Running: HVCI, Result=2, Recommended=2, Severity=Passed [๐Ÿ˜ฟ] ID 1623, Device Guard: Require UEFI Memory Attributes Table (Policy), Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1621, Device Guard: Secure Launch Configuration (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1622, Device Guard: Windows Defender Application Control deployed (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1630, Early Launch Antimalware: Boot-Start Driver Initialization Policy, Result=0, Recommended=3, Severity=Medium [๐Ÿ˜ผ] ID 1631, Group Policy: Process even if the Group Policy objects have not changed, Result=1, Recommended=0, Severity=Low [๐Ÿ˜บ] ID 1632, Group Policy: Do not apply during periodic background processing, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1640, Internet Communication Management: Internet Communication settings: Turn off the Windows Messenger Customer Experience Improvement Program, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1641, Internet Communication Management: Internet Communication settings: Turn off downloading of print drivers over HTTP, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1642, Internet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 1, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1643, Internet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 2, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1644, Internet Communication Management: Internet Communication settings: Turn off Internet download for Web publishing and online ordering wizards, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1645, Internet Communication Management: Internet Communication settings: Turn off Windows Customer Experience Improvement Program, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1650, Kernel DMA Protection: Enumeration policy for external devices incompatible with Kernel DMA Protection, Result=2, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1660, Logon: Turn on convenience PIN sign-in, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1661, Logon: Turn off app notifications on the lock screen, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1662, Logon: Do not display network selection UI, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1670, Mitigation Options: Untrusted Font Blocking, Result=0, Recommended=1000000000000, Severity=Medium [๐Ÿ˜ฟ] ID 1680, OS Policies: Allow Clipboard synchronization across devices, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1685, Sleep Settings: Require a password when a computer wakes (plugged in), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1686, Sleep Settings: Require a password when a computer wakes (on battery), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1687, Sleep Settings: Allow standby states (S1-S3) when sleeping (plugged in), Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1688, Sleep Settings: Allow standby states (S1-S3) when sleeping (on battery), Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1690, Remote Assistance: Configure Offer Remote Assistance, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1691, Remote Assistance: Configure Solicited Remote Assistance, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1692, Remote Procedure Call: Enable RPC Endpoint Mapper Client Authentication, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1693, Remote Procedure Call: Restrict Unauthenticated RPC clients, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1694, Security Settings: Enable svchost.exe mitigation options, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1695, Windows Performance PerfTrack: Enable/Disable PerfTrack, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1696, User Profiles: Turn off the advertising ID, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1697, Time Providers: Enable Windows NTP Client, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1698, Time Providers: Enable Windows NTP Server, Result=0, Recommended=0, Severity=Passed

[*] 08/12/2025 10:55:12 - Starting Category Administrative Templates: Windows Components [๐Ÿ˜ฟ] ID 1700, App Package Deployment: Allow a Windows app to share application data between users, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1701, App Privacy: Let Windows apps activate with voice while the system is locked, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1702, App runtime: Block launching Universal Windows apps with Windows Runtime API access from hosted content, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1703, Application Compatibility: Turn off Application Telemetry, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1704, AutoPlay Policies: Turn off Autoplay, Result=0, Recommended=255, Severity=Medium [๐Ÿ˜ฟ] ID 1705, AutoPlay Policies: Disallow Autoplay for non-volume devices, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1706, AutoPlay Policies: Set the default behavior for AutoRun, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1707, Biometrics: Allow the use of biometrics, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1773, Biometrics: Facial Features: Configure enhanced anti-spoofing, Result=, Recommended=1, Severity=Medium [!] 08/12/2025 10:55:12 - ID 1708, BitLocker Drive Encryption: Volume status, Method BitLockerVolume requires admin privileges. Test skipped. [๐Ÿ˜บ] ID 1761, BitLocker Drive Encryption: Choose drive encryption method and cipher strength (for operating system drives), Result=6, Recommended=6, Severity=Passed [!] 08/12/2025 10:55:12 - ID 1762, BitLocker Drive Encryption: Drive encryption method (for operating system drives), Method BitLockerVolume requires admin privileges. Test skipped. [๐Ÿ˜ฟ] ID 1709, BitLocker Drive Encryption: Disable new DMA devices when this computer is locked, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1710, BitLocker Drive Encryption: Operating System Drives: Allow Secure Boot for integrity validation, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1711, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1715, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Allow BitLocker without a compatible TPM, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜บ] ID 1716, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1717, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup PIN, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1718, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup key, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1719, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup key and PIN, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1712, BitLocker Drive Encryption: Operating System Drives: Allow enhanced PINs for startup, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1713, BitLocker Drive Encryption: Operating System Drives: Configure use of hardware-based encryption for operating system drives, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1763, BitLocker Drive Encryption: Operating System Drives: Configure minimum PIN length for startup, Result=, Recommended=8, Severity=Medium [๐Ÿ˜ฟ] ID 1720, Cloud Content: Do not show Windows tips, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1721, Cloud Content: Turn off Microsoft consumer experiences, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1722, Credential User Interface: Do not display the password reveal button, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1724, Credential User Interface: Enumerate administrator accounts on elevation, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1725, Data Collection and Preview Builds: Allow Diagnostic Data, Result=2, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1726, Data Collection and Preview Builds: Allow device name to be sent in Windows diagnostic data, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1727, Delivery Optimization: Download Mode, Result=1, Recommended=99, Severity=Medium [๐Ÿ˜ฟ] ID 1728, Event Log Service: Application: Specify the maximum log file size (KB), Result=4096, Recommended=32768, Severity=Medium [๐Ÿ˜ฟ] ID 1729, Event Log Service: Security: Specify the maximum log file size (KB), Result=4096, Recommended=196608, Severity=Medium [๐Ÿ˜ฟ] ID 1730, Event Log Service: System: Specify the maximum log file size (KB), Result=4096, Recommended=32768, Severity=Medium [๐Ÿ˜ฟ] ID 1774, Event Log Service: Microsoft-Windows-PowerShell/Operational: Specify the maximum log file size (KB), Result=15728640, Recommended=268435456, Severity=Medium [๐Ÿ˜ฟ] ID 1775, Event Log Service: PowerShellCore/Operational: Specify the maximum log file size (KB), Result=15728640, Recommended=268435456, Severity=Medium [๐Ÿ˜บ] ID 1731, File Explorer: Allow the use of remote paths in file shortcut icons, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1732, HomeGroup: Prevent the computer from joining a homegroup, Result=0, Recommended=1, Severity=Medium

[*] 08/12/2025 10:55:13 - Starting Category Microsoft Defender Antivirus [๐Ÿ˜บ] ID 1800, Turn off Microsoft Defender Antivirus, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1826, Enable Tamper Protection (Status), Result=True, Recommended=True, Severity=Passed [๐Ÿ˜ฟ] ID 1801, Configure detection for potentially unwanted applications, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1806, Exclusions: Extension Exclusions (Policy), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1813, Exclusions: Extension Exclusions (Intune), Result=, Recommended=, Severity=Passed [!] 08/12/2025 10:55:14 - ID 1807, Exclusions: Extension Exclusions, Method MpPreferenceExclusion requires admin privileges. Test skipped. [๐Ÿ˜บ] ID 1808, Exclusions: Path Exclusions (Policy), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1814, Exclusions: Path Exclusions (Intune), Result=, Recommended=, Severity=Passed [!] 08/12/2025 10:55:14 - ID 1809, Exclusions: Path Exclusions, Method MpPreferenceExclusion requires admin privileges. Test skipped. [๐Ÿ˜บ] ID 1810, Exclusions: Process Exclusions (Policy), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1815, Exclusions: Process Exclusions (Intune), Result=, Recommended=, Severity=Passed [!] 08/12/2025 10:55:14 - ID 1811, Exclusions: Process Exclusions, Method MpPreferenceExclusion requires admin privileges. Test skipped. [๐Ÿ˜ฟ] ID 1816, MAPS: Join Microsoft MAPS, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1817, MAPS: Configure the 'Block at First Sight' feature, Result=, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1818, MAPS: Send file samples when further analysis is required, Result=, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1819, MpEngine: Enable file hash computation feature, Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1820, MpEngine: Select cloud protection level, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜บ] ID 1821, Real-time Protection: Scan all downloaded files and attachments, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1822, Real-time Protection: Turn off real-time protection, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1823, Real-time Protection: Turn on behavior monitoring (Policy), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1824, Real-time Protection: Turn on script scanning, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1825, Scan: Scan removable drives, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1812, Enable sandboxing for Microsoft Defender Antivirus, Result=0, Recommended=1, Severity=Medium

[*] 08/12/2025 10:55:14 - Starting Category Microsoft Defender Exploit Guard [๐Ÿ˜ฟ] ID 1900, Attack Surface Reduction rules, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1901, ASR: Block executable content from email client and webmail (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1916, ASR: Block executable content from email client and webmail, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1933, ASR: Block executable content from email client and webmail (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1902, ASR: Block all Office applications from creating child processes (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1917, ASR: Block all Office applications from creating child processes, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1934, ASR: Block all Office applications from creating child processes (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1903, ASR: Block Office applications from creating executable content (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1918, ASR: Block Office applications from creating executable content, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1935, ASR: Block Office applications from creating executable content (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1904, ASR: Block Office applications from injecting code into other processes (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1919, ASR: Block Office applications from injecting code into other processes, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1936, ASR: Block Office applications from injecting code into other processes (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1905, ASR: Block JavaScript or VBScript from launching downloaded executable content (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1920, ASR: Block JavaScript or VBScript from launching downloaded executable content, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1937, ASR: Block JavaScript or VBScript from launching downloaded executable content (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1906, ASR: Block execution of potentially obfuscated scripts (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1921, ASR: Block execution of potentially obfuscated scripts, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1938, ASR: Block execution of potentially obfuscated scripts (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1907, ASR: Block Win32 API calls from Office macros (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1922, ASR: Block Win32 API calls from Office macros, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1939, ASR: Block Win32 API calls from Office macros (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1908, ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1923, ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1940, ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1909, ASR: Use advanced protection against ransomware (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1924, ASR: Use advanced protection against ransomware, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1941, ASR: Use advanced protection against ransomware (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1910, ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1925, ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1942, ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1911, ASR: Block process creations originating from PSExec and WMI commands (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1926, ASR: Block process creations originating from PSExec and WMI commands, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1943, ASR: Block process creations originating from PSExec and WMI commands (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1912, ASR: Block untrusted and unsigned processes that run from USB (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1927, ASR: Block untrusted and unsigned processes that run from USB, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1944, ASR: Block untrusted and unsigned processes that run from USB (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1913, ASR: Block Office communication application from creating child processes (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1928, ASR: Block Office communication application from creating child processes, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1945, ASR: Block Office communication application from creating child processes (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1914, ASR: Block Adobe Reader from creating child processes (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1929, ASR: Block Adobe Reader from creating child processes, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1946, ASR: Block Adobe Reader from creating child processes (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1915, ASR: Block persistence through WMI event subscription (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1930, ASR: Block persistence through WMI event subscription, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1947, ASR: Block persistence through WMI event subscription (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1931, ASR: Block abuse of exploited vulnerable signed drivers (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1932, ASR: Block abuse of exploited vulnerable signed drivers, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1948, ASR: Block abuse of exploited vulnerable signed drivers (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1966, ASR: Exclude files and paths from Attack Surface Reduction Rules (Policy), Result=, Recommended=, Severity=Passed [!] 08/12/2025 10:55:15 - ID 1967, ASR: Exclude files and paths from Attack Surface Reduction Rules, Method MpPreferenceExclusion requires admin privileges. Test skipped. [๐Ÿ˜บ] ID 1968, ASR: Exclude files and paths from Attack Surface Reduction Rules (Intune), Result=, Recommended=, Severity=Passed [๐Ÿ˜ฟ] ID 1965, Network Protection: Prevent users and apps from accessing dangerous websites, Result=, Recommended=1, Severity=Medium

[*] 08/12/2025 10:55:15 - Starting Category Administrative Templates: Windows Components [๐Ÿ˜ฟ] ID 1767, News and interests: Enable news and interests on the taskbar, Result=, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1733, OneDrive: Prevent the usage of OneDrive for file storage, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1734, Remote Desktop Connection Client: Do not allow passwords to be saved, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1735, Remote Desktop Session Host: Allow users to connect remotely by using Remote Desktop Services, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1736, Remote Desktop Session Host: Device and Resource Redirection: Do not allow drive redirection, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1737, Remote Desktop Session Host: Security: Always prompt for password upon connection, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1738, Remote Desktop Session Host: Security: Require secure RPC communication, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1739, Remote Desktop Session Host: Security: Set client connection encryption level, Result=0, Recommended=3, Severity=Medium [๐Ÿ˜ฟ] ID 1740, Search: Allow Cloud Search, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1741, Search: Allow Cortana, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1742, Search: Allow Cortana above lock screen, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1743, Search: Allow indexing of encrypted files, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1744, Search: Allow search and Cortana to use location, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1745, Search: Set what information is shared in Search, Result=1, Recommended=3, Severity=Medium [๐Ÿ˜ฟ] ID 1746, Windows Error Reporting: Disable Windows Error Reporting, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 1747, Windows Game Recording and Broadcasting: Enables or disables Windows Game Recording and Broadcasting, Result=1, Recommended=0, Severity=Low [๐Ÿ˜ฟ] ID 1748, Windows Ink Workspace: Allow Windows Ink Workspace, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜บ] ID 1749, Windows Installer: Always install with elevated privileges, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1750, Windows Installer: Allow user control over installs, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1751, Windows Installer: Prevent Internet Explorer security prompt for Windows Installer scripts, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1752, Windows Logon Options: Sign-in and lock last interactive user automatically after a restart, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1770, Windows Installer: Disable Co-Installer (USB AutoInstall), Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1753, WinRM Client: Allow Basic authentication, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1754, WinRM Client: Allow unencrypted traffic, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1755, WinRM Client: Disallow Digest authentication, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1756, WinRM Service: Allow remote server management through WinRM, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1757, WinRM Service: Allow Basic authentication, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1758, WinRM Service: Allow unencrypted traffic, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1759, WinRM Service: Disallow WinRM from storing RunAs credentials, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1760, Windows Remote Shell: Allow Remote Shell Access, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 2000, File Explorer: Configure Windows Defender SmartScreen, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 2001, File Explorer: Configure Windows Defender SmartScreen to warn and prevent bypass, Result=Warn, Recommended=Block, Severity=Medium

[] 08/12/2025 10:55:15 - Starting Category PowerShell [๐Ÿ˜ผ] ID 2105, Turn on PowerShell Module Logging, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2106, Turn on PowerShell Module Logging - Module Names, Result=, Recommended=, Severity=Low [๐Ÿ˜ฟ] ID 2100, Turn on PowerShell Script Block Logging, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 2101, Turn on PowerShell Script Block Logging (Invocation), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2102, Turn on PowerShell Transcription, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2107, Turn on PowerShell Transcription (Invocation), Result=0, Recommended=1, Severity=Low [!] 08/12/2025 10:55:15 - ID 2103, Disable PowerShell version 2, Method WindowsOptionalFeature requires admin privileges. Test skipped. [!] 08/12/2025 10:55:15 - ID 2104, Disable PowerShell version 2 (root), Method WindowsOptionalFeature requires admin privileges. Test skipped.

[*] 08/12/2025 10:55:15 - Starting Category MS Security Guide [๐Ÿ˜ฟ] ID 2200, LSA Protection, Result=2, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 2201, Lsass.exe audit mode, Result=8, Recommended=8, Severity=Passed [๐Ÿ˜ฟ] ID 2202, NetBT NodeType configuration, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜บ] ID 2203, WDigest Authentication, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 2209, Enable Structured Exception Handling Overwrite Protection (SEHOP), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 2210, Limits print driver installation to Administrators, Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 2211, Configure RPC packet level privacy setting for incoming connections, Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 2212, Manage processing of Queue-specific files, Result=, Recommended=1, Severity=Medium

[*] 08/12/2025 10:55:15 - Starting Category MSS (Legacy) [๐Ÿ˜ฟ] ID 2204, MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 2205, MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing), Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 2206, MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing), Result=1, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 2207, MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 2208, MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers, Result=0, Recommended=1, Severity=Medium

[*] 08/12/2025 10:55:15 - Starting Category Scheduled Task [๐Ÿ˜ฟ] ID 2400, XblGameSave Standby Task, Result=Ready, Recommended=Disabled, Severity=Medium

[*] 08/12/2025 10:55:17 - Starting Category System Services [๐Ÿ˜ฟ] ID 2411, Disable mDNS in Dnscache service, Result=, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 2401, Print Spooler (Spooler), Result=2, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2402, Print Spooler (Spooler) (Service Startup type), Result=Automatic, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2412, WebClient (WebClient), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2413, WebClient (WebClient) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2403, Xbox Accessory Management Service (XboxGipSvc), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2404, Xbox Accessory Management Service (XboxGipSvc) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2405, Xbox Live Auth Manager (XblAuthManager), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2406, Xbox Live Auth Manager (XblAuthManager) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2407, Xbox Live Game Save (XblGameSave), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2408, Xbox Live Game Save (XblGameSave) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2409, Xbox Live Networking Service (XboxNetApiSvc), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2410, Xbox Live Networking Service (XboxNetApiSvc) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium

[*] 08/12/2025 10:55:17 - Starting Category Microsoft Defender Exploit Guard [๐Ÿ˜ฟ] ID 1950, Exploit protection: Control flow guard (CFG), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜ฟ] ID 1951, Exploit protection: Data Execution Prevention (DEP), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1952, Exploit protection: Override Data Execution Prevention (DEP), Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1954, Exploit protection: Force randomization for images (Mandatory ASLR), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1955, Exploit protection: Override force randomization for images (Mandatory ASLR), Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1956, Exploit protection: Randomize memory allocations (Bottom-up ASLR), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1957, Exploit protection: Override randomize memory allocations (Bottom-up ASLR), Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1958, Exploit protection: High-entropy ASLR, Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1959, Exploit protection: Override high-entropy ASLR, Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1960, Exploit protection: Validate exception chains (SEHOP), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜ฟ] ID 1961, Exploit protection: Validate exception chains (SEHOP (Telemetry only), Result=NOTSET, Recommended=OFF, Severity=Medium [๐Ÿ˜บ] ID 1962, Exploit protection: Override validate exception chains (SEHOP), Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1963, Exploit protection: Validate heap integrity, Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1964, Exploit protection: Override validate heap integrity, Result=False, Recommended=False, Severity=Passed [!] 08/12/2025 10:55:17 - ID 1953, Force use of Data Execution Prevention (DEP), Method bcdedit requires admin privileges. Test skipped.

[*] 08/12/2025 10:55:17 - Starting Category Windows Firewall [๐Ÿ˜ผ] ID 2300, HardeningKitty-Block-TCP-NetBIOS, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2301, HardeningKitty-Block-TCP-RDP, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2302, HardeningKitty-Block-TCP-RPC, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2303, HardeningKitty-Block-TCP-SMB, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2304, HardeningKitty-Block-TCP-WinRM, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2305, HardeningKitty-Block-UDP-NetBIOS, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2306, HardeningKitty-Block-UDP-RPC, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2307, HardeningKitty-Block-calc-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2308, HardeningKitty-Block-calc-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2309, HardeningKitty-Block-certutil-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2310, HardeningKitty-Block-certutil-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2311, HardeningKitty-Block-conhost-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2312, HardeningKitty-Block-conhost-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2313, HardeningKitty-Block-cscript-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2314, HardeningKitty-Block-cscript-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2315, HardeningKitty-Block-mshta-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2316, HardeningKitty-Block-mshta-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2317, HardeningKitty-Block-notepad-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2318, HardeningKitty-Block-notepad-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2319, HardeningKitty-Block-RunScriptHelper-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2320, HardeningKitty-Block-RunScriptHelper-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2321, HardeningKitty-Block-wscript-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2322, HardeningKitty-Block-wscript-x86, Result=, Recommended=True, Severity=Low

[] 08/12/2025 10:55:33 - HardeningKitty is done [!] 08/12/2025 10:55:33 - During the execution of HardeningKitty errors occurred due to missing admin rights or tools. For a complete result, these errors should be resolved. Total errors: 45 [] 08/12/2025 10:55:33 - Your HardeningKitty score is: 3.11. HardeningKitty Statistics: Total checks: 343 - Passed: 62, Low: 50, Medium: 231, High: 0.

PS C:\Users*****\Documents\Windows\PowerShell\Modules\HardeningKitty\0.9.2>

These lines are very remarkable: [] 08/12/2025 10:55:10 - Getting user information [] Username: DESKTOP-TS3DFCC\Admin [*] Is Admin: False

Yes, i know I have my computer compromised, I know my Admin user is restricted, by example, when I execute a "netstat /naob" command or a "msconfig" command, Windows reply me "La operaciรณn requiere elevaciรณn" (Operation requires elevation)".

Which is the solution? Please, don't say me reinstall system, because is a hard operation (I'll need to do a full backup) and they'll hack my system again. Configure the firewall? Is a hard operation too and they will pass it. Firewalls are passable.

3.11 ยฟout of 5? ยฟout of 10?

Thank you very much

picstar avatar Dec 08 '25 11:12 picstar

My guess, you got the [*] Is Admin: False output because the PowerShell shell was not started elevated (Run as admin).

The best possible HardeningKittyScore is 6.

0x6d69636b avatar Dec 08 '25 16:12 0x6d69636b

Thank you. If you see title of the command window i put six or seven messages back, you can see in the title that I am executing it with Administrator user. Yes, I think my Administrator user is emasculated. I must do a forencsics analisys to the runas.exe file because it fail when I try execute some commmands with admin privileges from a plain user account.

picstar avatar Dec 09 '25 12:12 picstar

Any suggestion?

picstar avatar Dec 10 '25 12:12 picstar

Another sample:

Image

picstar avatar Dec 10 '25 13:12 picstar

Thank you

picstar avatar Dec 10 '25 13:12 picstar

The screenshot does not look like an elevated prompt (normally the path is C:\Windows\System32). Can you open an elevated tab in Windows Terminal (CTRL and the Plus) and try again?

If you suspect your system is compromised, I recommend a clean install and verify the installation source (hash of ISO file/image)

0x6d69636b avatar Dec 10 '25 17:12 0x6d69636b

I have found the solution. I needed reconfigure Admin user, Yes, my computer was compromised some months ago..... ....>:| Thank you.

picstar avatar Dec 10 '25 18:12 picstar

Great to hear that you found the solution :)

0x6d69636b avatar Dec 10 '25 18:12 0x6d69636b

Well, once I solved problem with my Adminitrator user, I executed HardeningKitty again and these are the results, what I must correct or improve? Thank you very much

PS C:\Users\Administrador\Documents\Windows\PowerShell\Modules\HardeningKitty\0.9.2> Invoke-HardeningKitty -EmojiSupport

                                                                                                                                                                                                                                               =^._.^=                                                                                                                                                                                                                                     _(      )/  HardeningKitty 0.9.3-1726808773

[*] 17/12/2025 21:06:58 - Starting HardeningKitty

[] 17/12/2025 21:06:58 - Getting machine information [] Hostname: ************************ [] Domain: WORKGROUP [] Domain role: StandaloneWorkstation [] Install date: 07/23/2025 19:43:24 [] Last Boot Time: 12/14/2025 19:34:49 [] Uptime: 3.01:32:09.7696587 [] Windows: Microsoft Windows 11 Pro [] Windows edition: Professional [] Windows version: 2009 [] Windows build: 26100.1.amd64fre.ge_release.240331-1435 [] System-locale: es-ES [*] Powershell Version: 5.1

[*] 17/12/2025 21:07:01 - Language warning [?] 17/12/2025 21:07:01 - HardeningKitty was developed for the system language 'en-US'. This system uses 'es-ES' Language-dependent analyses can sometimes produce false results. Please create an issue if this occurs.

[] 17/12/2025 21:07:01 - Getting user information [] Username: DESKTOP-TS3DFCC\Administrador [*] Is Admin: True

[*] 17/12/2025 21:07:01 - Starting Category Features [๐Ÿ˜บ] ID 1000, SMBv1 Support, Result=Disabled, Recommended=Disabled, Severity=Passed

[*] 17/12/2025 21:07:02 - Starting Category Account Policies [๐Ÿ˜บ] ID 1103, Store passwords using reversible encryption, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ผ] ID 1101, Account lockout duration, Result=10, Recommended=15, Severity=Low [๐Ÿ˜บ] ID 1100, Account lockout threshold, Result=10, Recommended=10, Severity=Passed [๐Ÿ˜บ] ID 1104, Allow Administrator account lockout, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ผ] ID 1102, Reset account lockout counter, Result=10, Recommended=15, Severity=Low

[*] 17/12/2025 21:07:02 - Starting Category User Rights Assignment [๐Ÿ˜ฟ] ID 1200, Access this computer from the network, Result=Todos;BUILTIN\Administradores;BUILTIN\Usuarios;BUILTIN\Operadores de copia de seguridad, Recommended=BUILTIN\Administrators, Severity=Medium [๐Ÿ˜ฟ] ID 1201, Allow log on locally, Result=vmware;Invitado;BUILTIN\Administradores;BUILTIN\Usuarios;BUILTIN\Operadores de copia de seguridad, Recommended=BUILTIN\Users;BUILTIN\Administrators, Severity=Medium [๐Ÿ˜ฟ] ID 1202, Debug programs, Result=BUILTIN\Administradores, Recommended=, Severity=Medium [๐Ÿ˜ฟ] ID 1203, Deny access to this computer from the network, Result=Invitado, Recommended=BUILTIN\Guests;NT AUTHORITY\Local account, Severity=Medium [๐Ÿ˜ฟ] ID 1204, Deny log on as a batch job, Result=, Recommended=BUILTIN\Guests, Severity=Medium [๐Ÿ˜ฟ] ID 1205, Deny log on as a service, Result=, Recommended=BUILTIN\Guests, Severity=Medium [๐Ÿ˜ฟ] ID 1206, Deny log on through Remote Desktop Services, Result=, Recommended=BUILTIN\Guests;NT AUTHORITY\Local account, Severity=Medium

[*] 17/12/2025 21:07:02 - Starting Category Security Options [๐Ÿ˜ผ] ID 1300, Accounts: Block Microsoft accounts, Result=0, Recommended=3, Severity=Low [๐Ÿ˜บ] ID 1301, Audit: Force audit policy subcategory settings to override audit policy category settings, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ผ] ID 1302, Interactive logon: Do not require CTRL+ALT+DEL, Result=1, Recommended=0, Severity=Low [๐Ÿ˜ผ] ID 1303, Interactive logon: Don't display last signed-in, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 1304, Interactive logon: Don't display username at sign-in, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ฟ] ID 1305, Microsoft network client: Digitally sign communications (always), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1306, Microsoft network client: Digitally sign communications (if server agrees), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1307, Microsoft network server: Digitally sign communications (always), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1308, Microsoft network server: Digitally sign communications (if client agrees), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1309, Network access: Do not allow anonymous enumeration of SAM accounts, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1310, Network access: Do not allow anonymous enumeration of SAM accounts and shares, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1311, Network access: Do not allow storage of passwords and credentials for network authentication, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1324, Network access: Restrict anonymous access to Named Pipes and Shares, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1325, Network access: Restrict clients allowed to make remote calls to SAM, Result=, Recommended=O:BAG:BAD:(A;;RC;;;BA), Severity=Medium [๐Ÿ˜บ] ID 1312, Network security: Allow LocalSystem NULL session fallback, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1326, Network security: Do not store LAN Manager hash value on next password change, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1313, Network security: LAN Manager authentication level, Result=3, Recommended=5, Severity=Medium [๐Ÿ˜บ] ID 1314, Network security: LDAP client signing requirements, Result=1, Recommended=1, Severity=Passed [๐Ÿ˜ฟ] ID 1315, Network security: Minimum session security for NTLM SSP based (including secure RPC) clients, Result=536870912, Recommended=537395200, Severity=Medium [๐Ÿ˜ฟ] ID 1316, Network security: Minimum session security for NTLM SSP based (including secure RPC) servers, Result=536870912, Recommended=537395200, Severity=Medium [๐Ÿ˜ฟ] ID 1317, Network security: Restrict NTLM: Audit Incoming NTLM Traffic, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1318, Network security: Restrict NTLM: Audit NTLM authentication in this domain, Result=0, Recommended=7, Severity=Medium [๐Ÿ˜ฟ] ID 1319, Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1320, Shutdown: Allow system to be shut down without having to log on, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1321, User Account Control: Admin Approval Mode for the Built-in Administrator account, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1322, User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1323, User Account Control: Behavior of the elevation prompt for standard users, Result=3, Recommended=1, Severity=Medium

[*] 17/12/2025 21:07:02 - Starting Category Windows Firewall [๐Ÿ˜ฟ] ID 1400, EnableFirewall (Domain Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1418, EnableFirewall (Domain Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1401, Inbound Connections (Domain Profile, Policy), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1419, Inbound Connections (Domain Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1402, Outbound Connections (Domain Profile, Policy), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1420, Outbound Connections (Domain Profile), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1403, Log size limit (Domain Profile, Policy), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1421, Log size limit (Domain Profile), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1404, Log dropped packets (Domain Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1422, Log dropped packets (Domain Profile), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 1405, Log successful connections (Domain Profile, Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 1423, Log successful connections (Domain Profile), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ฟ] ID 1406, EnableFirewall (Private Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1424, EnableFirewall (Private Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1407, Inbound Connections (Private Profile, Policy), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1425, Inbound Connections (Private Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1408, Outbound Connections (Private Profile, Policy), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1426, Outbound Connections (Private Profile), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1409, Log size limit (Private Profile, Policy), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1427, Log size limit (Private Profile), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1410, Log dropped packets (Private Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1428, Log dropped packets (Private Profile), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 1411, Log successful connections (Private Profile, Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 1429, Log successful connections (Private Profile), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ฟ] ID 1412, EnableFirewall (Public Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1430, EnableFirewall (Public Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1413, Inbound Connections (Public Profile, Policy), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1431, Inbound Connections (Public Profile), Result=1, Recommended=1, Severity=Passed [๐Ÿ˜บ] ID 1414, Outbound Connections (Public Profile, Policy), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1432, Outbound Connections (Public Profile), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1415, Log size limit (Public Profile, Policy), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1433, Log size limit (Public Profile), Result=4096, Recommended=16384, Severity=Medium [๐Ÿ˜ฟ] ID 1416, Log dropped packets (Public Profile, Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1434, Log dropped packets (Public Profile), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 1417, Log successful connections (Public Profile, Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 1435, Log successful connections (Public Profile), Result=0, Recommended=1, Severity=Low

[*] 17/12/2025 21:07:02 - Starting Category Advanced Audit Policy Configuration [๐Ÿ˜ผ] ID 1500, Credential Validation, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜บ] ID 1501, Security Group Management, Result=Success, Recommended=Success, Severity=Passed [๐Ÿ˜ผ] ID 1502, User Account Management, Result=Success, Recommended=Success and Failure, Severity=Low [๐Ÿ˜ผ] ID 1503, DPAPI Activity, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜ผ] ID 1504, Plug and Play Events, Result=No Auditing, Recommended=Success, Severity=Low [๐Ÿ˜ผ] ID 1505, Process Creation, Result=No Auditing, Recommended=Success, Severity=Low [๐Ÿ˜ผ] ID 1506, Account Lockout, Result=Success, Recommended=Failure, Severity=Low [๐Ÿ˜ผ] ID 1507, Group Membership, Result=No Auditing, Recommended=Success, Severity=Low [๐Ÿ˜บ] ID 1508, Logon, Result=Success and Failure, Recommended=Success and Failure, Severity=Passed [๐Ÿ˜ผ] ID 1509, Other Logon/Logoff Events, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜บ] ID 1510, Special Logon, Result=Success, Recommended=Success, Severity=Passed [๐Ÿ˜ผ] ID 1511, Detailed File Share, Result=No Auditing, Recommended=Failure, Severity=Low [๐Ÿ˜ผ] ID 1512, File Share, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜ผ] ID 1513, Kernel Object, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜ผ] ID 1514, Other Object Access Events, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜ผ] ID 1515, Removable Storage, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜ผ] ID 1516, SAM, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜บ] ID 1517, Audit Policy Change, Result=Success, Recommended=Success, Severity=Passed [๐Ÿ˜บ] ID 1518, Authentication Policy Change, Result=Success, Recommended=Success, Severity=Passed [๐Ÿ˜ผ] ID 1519, MPSSVC Rule-Level Policy Change, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜ผ] ID 1520, Other Policy Change Events, Result=No Auditing, Recommended=Failure, Severity=Low [๐Ÿ˜ผ] ID 1521, Sensitive Privilege Use, Result=No Auditing, Recommended=Success and Failure, Severity=Low [๐Ÿ˜บ] ID 1522, Other System Events, Result=Success and Failure, Recommended=Success and Failure, Severity=Passed [๐Ÿ˜บ] ID 1523, Security State Change, Result=Success, Recommended=Success, Severity=Passed [๐Ÿ˜ผ] ID 1524, Security System Extension, Result=No Auditing, Recommended=Success, Severity=Low [๐Ÿ˜บ] ID 1525, System Integrity, Result=Success and Failure, Recommended=Success and Failure, Severity=Passed

[*] 17/12/2025 21:07:03 - Starting Category Administrative Templates: Control Panel [๐Ÿ˜ผ] ID 1600, Personalization: Prevent enabling lock screen camera, Result=0, Recommended=1, Severity=Low

[*] 17/12/2025 21:07:03 - Starting Category Administrative Templates: Network [๐Ÿ˜ฟ] ID 1601, DNS Client: Turn off multicast name resolution (LLMNR), Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1602, Lanman Workstation: Enable insecure guest logons, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1603, Turn off Microsoft Peer-to-Peer Networking Services, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1604, WLAN Settings: Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services, Result=1, Recommended=0, Severity=Medium

[] 17/12/2025 21:07:03 - Starting Category Administrative Templates: PowerShellCore [๐Ÿ˜ผ] ID 2108, Turn on PowerShell Module Logging, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2109, Turn on PowerShell Module Logging (PowerShell Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2110, Turn on PowerShell Module Logging - Module Names, Result=, Recommended=, Severity=Low [๐Ÿ˜ฟ] ID 2111, Turn on PowerShell Script Block Logging, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 2112, Turn on PowerShell Script Block Logging (Invocation), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2113, Turn on PowerShell Script Block Logging (PowerShell Policy), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2116, Turn on PowerShell Transcription, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2114, Turn on PowerShell Transcription (Invocation), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ฟ] ID 2115, Turn on PowerShell Transcription (PowerShell Policy), Result=0, Recommended=1, Severity=Medium

[*] 17/12/2025 21:07:03 - Starting Category Administrative Templates: Printers [๐Ÿ˜ฟ] ID 1772, Configure Redirection Guard, Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1768, Only use Package Point and Print (CVE-2021-36958), Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1769, Package Point and Print - Approved servers (CVE-2021-36958), Result=, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1764, Point and Print Restrictions: When installing drivers for a new connection (CVE-2021-34527), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1765, Point and Print Restrictions: When updating drivers for an existing connection (CVE-2021-34527), Result=0, Recommended=0, Severity=Passed

[*] 17/12/2025 21:07:03 - Starting Category Administrative Templates: Start Menu and Taskbar [๐Ÿ˜ฟ] ID 1771, Notifications: Turn off notifications network usage, Result=0, Recommended=1, Severity=Medium

[*] 17/12/2025 21:07:03 - Starting Category Administrative Templates: System [๐Ÿ˜ฟ] ID 1605, Credentials Delegation: Allow delegation default credentials, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜บ] ID 1606, Credentials Delegation: Encryption Oracle Remediation, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1699, Credentials Delegation: Remote host allows delegation of non-exportable credentials, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1607, Device Installation: Device Installation Restrictions: Prevent installation of devices that match an ID, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1608, Device Installation: Device Installation Restrictions: Prevent installation of devices that match an ID (Retroactive), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1609, Device Installation: Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0010 (Firewire), Result=0, Recommended=PCI\CC_0C0010, Severity=Medium [๐Ÿ˜ฟ] ID 1610, Device Installation: Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0A (Thunderbolt), Result=0, Recommended=PCI\CC_0C0A, Severity=Medium [๐Ÿ˜ฟ] ID 1611, Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup class, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1612, Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup class (Retroactive), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1613, Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match d48179be-ec20-11d1-b6b8-00c04fa372a7 (SBP-2 drive), Result=0, Recommended=d48179be-ec20-11d1-b6b8-00c04fa372a7, Severity=Medium [๐Ÿ˜บ] ID 1614, Device Guard: Virtualization Based Security Status, Result=2, Recommended=2, Severity=Passed [๐Ÿ˜บ] ID 1615, Device Guard: Available Security Properties: Secure Boot, Result=2, Recommended=2, Severity=Passed [๐Ÿ˜ฟ] ID 1616, Device Guard: Available Security Properties: DMA protection, Result=Not available, Recommended=3, Severity=Medium [๐Ÿ˜ฟ] ID 1617, Device Guard: Security Services Configured: Credential Guard, Result=Not available, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1619, Device Guard: Security Services Running: Credential Guard, Result=Not available, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1618, Device Guard: Security Services Configured: HVCI, Result=2, Recommended=2, Severity=Passed [๐Ÿ˜บ] ID 1620, Device Guard: Security Services Running: HVCI, Result=2, Recommended=2, Severity=Passed [๐Ÿ˜ฟ] ID 1623, Device Guard: Require UEFI Memory Attributes Table (Policy), Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1621, Device Guard: Secure Launch Configuration (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1622, Device Guard: Windows Defender Application Control deployed (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1630, Early Launch Antimalware: Boot-Start Driver Initialization Policy, Result=0, Recommended=3, Severity=Medium [๐Ÿ˜ผ] ID 1631, Group Policy: Process even if the Group Policy objects have not changed, Result=1, Recommended=0, Severity=Low [๐Ÿ˜บ] ID 1632, Group Policy: Do not apply during periodic background processing, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1640, Internet Communication Management: Internet Communication settings: Turn off the Windows Messenger Customer Experience Improvement Program, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1641, Internet Communication Management: Internet Communication settings: Turn off downloading of print drivers over HTTP, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1642, Internet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 1, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1643, Internet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 2, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1644, Internet Communication Management: Internet Communication settings: Turn off Internet download for Web publishing and online ordering wizards, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1645, Internet Communication Management: Internet Communication settings: Turn off Windows Customer Experience Improvement Program, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1650, Kernel DMA Protection: Enumeration policy for external devices incompatible with Kernel DMA Protection, Result=2, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1660, Logon: Turn on convenience PIN sign-in, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1661, Logon: Turn off app notifications on the lock screen, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1662, Logon: Do not display network selection UI, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1670, Mitigation Options: Untrusted Font Blocking, Result=0, Recommended=1000000000000, Severity=Medium [๐Ÿ˜ฟ] ID 1680, OS Policies: Allow Clipboard synchronization across devices, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1685, Sleep Settings: Require a password when a computer wakes (plugged in), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1686, Sleep Settings: Require a password when a computer wakes (on battery), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1687, Sleep Settings: Allow standby states (S1-S3) when sleeping (plugged in), Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1688, Sleep Settings: Allow standby states (S1-S3) when sleeping (on battery), Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1690, Remote Assistance: Configure Offer Remote Assistance, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1691, Remote Assistance: Configure Solicited Remote Assistance, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1692, Remote Procedure Call: Enable RPC Endpoint Mapper Client Authentication, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1693, Remote Procedure Call: Restrict Unauthenticated RPC clients, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1694, Security Settings: Enable svchost.exe mitigation options, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1695, Windows Performance PerfTrack: Enable/Disable PerfTrack, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1696, User Profiles: Turn off the advertising ID, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1697, Time Providers: Enable Windows NTP Client, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1698, Time Providers: Enable Windows NTP Server, Result=0, Recommended=0, Severity=Passed

[*] 17/12/2025 21:07:03 - Starting Category Administrative Templates: Windows Components [๐Ÿ˜ฟ] ID 1700, App Package Deployment: Allow a Windows app to share application data between users, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1701, App Privacy: Let Windows apps activate with voice while the system is locked, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1702, App runtime: Block launching Universal Windows apps with Windows Runtime API access from hosted content, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1703, Application Compatibility: Turn off Application Telemetry, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1704, AutoPlay Policies: Turn off Autoplay, Result=0, Recommended=255, Severity=Medium [๐Ÿ˜ฟ] ID 1705, AutoPlay Policies: Disallow Autoplay for non-volume devices, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1706, AutoPlay Policies: Set the default behavior for AutoRun, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1707, Biometrics: Allow the use of biometrics, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1773, Biometrics: Facial Features: Configure enhanced anti-spoofing, Result=, Recommended=1, Severity=Medium [๐Ÿ™€] ID 1708, BitLocker Drive Encryption: Volume status, Result=FullyDecrypted, Recommended=FullyEncrypted, Severity=High [๐Ÿ˜บ] ID 1761, BitLocker Drive Encryption: Choose drive encryption method and cipher strength (for operating system drives), Result=6, Recommended=6, Severity=Passed [๐Ÿ˜ฟ] ID 1762, BitLocker Drive Encryption: Drive encryption method (for operating system drives), Result=None, Recommended=XtsAes128, Severity=Medium [๐Ÿ˜ฟ] ID 1709, BitLocker Drive Encryption: Disable new DMA devices when this computer is locked, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1710, BitLocker Drive Encryption: Operating System Drives: Allow Secure Boot for integrity validation, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1711, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1715, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Allow BitLocker without a compatible TPM, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜บ] ID 1716, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1717, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup PIN, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1718, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup key, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1719, BitLocker Drive Encryption: Operating System Drives: Require additional authentication at startup: Configure TPM startup key and PIN, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1712, BitLocker Drive Encryption: Operating System Drives: Allow enhanced PINs for startup, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1713, BitLocker Drive Encryption: Operating System Drives: Configure use of hardware-based encryption for operating system drives, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1763, BitLocker Drive Encryption: Operating System Drives: Configure minimum PIN length for startup, Result=, Recommended=8, Severity=Medium [๐Ÿ˜ฟ] ID 1720, Cloud Content: Do not show Windows tips, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1721, Cloud Content: Turn off Microsoft consumer experiences, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1722, Credential User Interface: Do not display the password reveal button, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1724, Credential User Interface: Enumerate administrator accounts on elevation, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1725, Data Collection and Preview Builds: Allow Diagnostic Data, Result=2, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1726, Data Collection and Preview Builds: Allow device name to be sent in Windows diagnostic data, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1727, Delivery Optimization: Download Mode, Result=1, Recommended=99, Severity=Medium [๐Ÿ˜ฟ] ID 1728, Event Log Service: Application: Specify the maximum log file size (KB), Result=4096, Recommended=32768, Severity=Medium [๐Ÿ˜ฟ] ID 1729, Event Log Service: Security: Specify the maximum log file size (KB), Result=4096, Recommended=196608, Severity=Medium [๐Ÿ˜ฟ] ID 1730, Event Log Service: System: Specify the maximum log file size (KB), Result=4096, Recommended=32768, Severity=Medium [๐Ÿ˜ฟ] ID 1774, Event Log Service: Microsoft-Windows-PowerShell/Operational: Specify the maximum log file size (KB), Result=15728640, Recommended=268435456, Severity=Medium [๐Ÿ˜ฟ] ID 1775, Event Log Service: PowerShellCore/Operational: Specify the maximum log file size (KB), Result=15728640, Recommended=268435456, Severity=Medium [๐Ÿ˜บ] ID 1731, File Explorer: Allow the use of remote paths in file shortcut icons, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1732, HomeGroup: Prevent the computer from joining a homegroup, Result=0, Recommended=1, Severity=Medium

[*] 17/12/2025 21:07:05 - Starting Category Microsoft Defender Antivirus [๐Ÿ˜บ] ID 1800, Turn off Microsoft Defender Antivirus, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1826, Enable Tamper Protection (Status), Result=True, Recommended=True, Severity=Passed [๐Ÿ˜ฟ] ID 1801, Configure detection for potentially unwanted applications, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1806, Exclusions: Extension Exclusions (Policy), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1813, Exclusions: Extension Exclusions (Intune), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1807, Exclusions: Extension Exclusions, Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1808, Exclusions: Path Exclusions (Policy), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1814, Exclusions: Path Exclusions (Intune), Result=, Recommended=, Severity=Passed [๐Ÿ˜ฟ] ID 1809, Exclusions: Path Exclusions, Result=C:\Users\Usuario\AppData\Local\JetBrains\PyCharm2025.2;D:\Varios\Cursos\0. Cursos Seguridad\4. RedTeam Universia The Bridge\2. Conocimientos previos\Mรณdulo 3. Criptografรญa\5. Reto, Recommended=, Severity=Medium [๐Ÿ˜บ] ID 1810, Exclusions: Process Exclusions (Policy), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1815, Exclusions: Process Exclusions (Intune), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1811, Exclusions: Process Exclusions, Result=, Recommended=, Severity=Passed [๐Ÿ˜ฟ] ID 1816, MAPS: Join Microsoft MAPS, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 1817, MAPS: Configure the 'Block at First Sight' feature, Result=, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1818, MAPS: Send file samples when further analysis is required, Result=, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1819, MpEngine: Enable file hash computation feature, Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1820, MpEngine: Select cloud protection level, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜บ] ID 1821, Real-time Protection: Scan all downloaded files and attachments, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1822, Real-time Protection: Turn off real-time protection, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1823, Real-time Protection: Turn on behavior monitoring (Policy), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 1824, Real-time Protection: Turn on script scanning, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1825, Scan: Scan removable drives, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1812, Enable sandboxing for Microsoft Defender Antivirus, Result=0, Recommended=1, Severity=Medium

[*] 17/12/2025 21:07:05 - Starting Category Microsoft Defender Exploit Guard [๐Ÿ˜ฟ] ID 1900, Attack Surface Reduction rules, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1901, ASR: Block executable content from email client and webmail (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1916, ASR: Block executable content from email client and webmail, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1933, ASR: Block executable content from email client and webmail (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1902, ASR: Block all Office applications from creating child processes (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1917, ASR: Block all Office applications from creating child processes, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1934, ASR: Block all Office applications from creating child processes (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1903, ASR: Block Office applications from creating executable content (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1918, ASR: Block Office applications from creating executable content, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1935, ASR: Block Office applications from creating executable content (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1904, ASR: Block Office applications from injecting code into other processes (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1919, ASR: Block Office applications from injecting code into other processes, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1936, ASR: Block Office applications from injecting code into other processes (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1905, ASR: Block JavaScript or VBScript from launching downloaded executable content (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1920, ASR: Block JavaScript or VBScript from launching downloaded executable content, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1937, ASR: Block JavaScript or VBScript from launching downloaded executable content (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1906, ASR: Block execution of potentially obfuscated scripts (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1921, ASR: Block execution of potentially obfuscated scripts, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1938, ASR: Block execution of potentially obfuscated scripts (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1907, ASR: Block Win32 API calls from Office macros (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1922, ASR: Block Win32 API calls from Office macros, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1939, ASR: Block Win32 API calls from Office macros (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1908, ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1923, ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1940, ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1909, ASR: Use advanced protection against ransomware (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1924, ASR: Use advanced protection against ransomware, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1941, ASR: Use advanced protection against ransomware (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1910, ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1925, ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1942, ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1911, ASR: Block process creations originating from PSExec and WMI commands (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1926, ASR: Block process creations originating from PSExec and WMI commands, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1943, ASR: Block process creations originating from PSExec and WMI commands (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1912, ASR: Block untrusted and unsigned processes that run from USB (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1927, ASR: Block untrusted and unsigned processes that run from USB, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1944, ASR: Block untrusted and unsigned processes that run from USB (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1913, ASR: Block Office communication application from creating child processes (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1928, ASR: Block Office communication application from creating child processes, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1945, ASR: Block Office communication application from creating child processes (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1914, ASR: Block Adobe Reader from creating child processes (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1929, ASR: Block Adobe Reader from creating child processes, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1946, ASR: Block Adobe Reader from creating child processes (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1915, ASR: Block persistence through WMI event subscription (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1930, ASR: Block persistence through WMI event subscription, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1947, ASR: Block persistence through WMI event subscription (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1931, ASR: Block abuse of exploited vulnerable signed drivers (Policy), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1932, ASR: Block abuse of exploited vulnerable signed drivers, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1948, ASR: Block abuse of exploited vulnerable signed drivers (Intune), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 1966, ASR: Exclude files and paths from Attack Surface Reduction Rules (Policy), Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1967, ASR: Exclude files and paths from Attack Surface Reduction Rules, Result=, Recommended=, Severity=Passed [๐Ÿ˜บ] ID 1968, ASR: Exclude files and paths from Attack Surface Reduction Rules (Intune), Result=, Recommended=, Severity=Passed [๐Ÿ˜ฟ] ID 1965, Network Protection: Prevent users and apps from accessing dangerous websites, Result=, Recommended=1, Severity=Medium

[*] 17/12/2025 21:07:06 - Starting Category Administrative Templates: Windows Components [๐Ÿ˜ฟ] ID 1767, News and interests: Enable news and interests on the taskbar, Result=, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1733, OneDrive: Prevent the usage of OneDrive for file storage, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1734, Remote Desktop Connection Client: Do not allow passwords to be saved, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1735, Remote Desktop Session Host: Allow users to connect remotely by using Remote Desktop Services, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1736, Remote Desktop Session Host: Device and Resource Redirection: Do not allow drive redirection, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1737, Remote Desktop Session Host: Security: Always prompt for password upon connection, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1738, Remote Desktop Session Host: Security: Require secure RPC communication, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1739, Remote Desktop Session Host: Security: Set client connection encryption level, Result=0, Recommended=3, Severity=Medium [๐Ÿ˜ฟ] ID 1740, Search: Allow Cloud Search, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1741, Search: Allow Cortana, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1742, Search: Allow Cortana above lock screen, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1743, Search: Allow indexing of encrypted files, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1744, Search: Allow search and Cortana to use location, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1745, Search: Set what information is shared in Search, Result=1, Recommended=3, Severity=Medium [๐Ÿ˜ฟ] ID 1746, Windows Error Reporting: Disable Windows Error Reporting, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 1747, Windows Game Recording and Broadcasting: Enables or disables Windows Game Recording and Broadcasting, Result=1, Recommended=0, Severity=Low [๐Ÿ˜ฟ] ID 1748, Windows Ink Workspace: Allow Windows Ink Workspace, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜บ] ID 1749, Windows Installer: Always install with elevated privileges, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 1750, Windows Installer: Allow user control over installs, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1751, Windows Installer: Prevent Internet Explorer security prompt for Windows Installer scripts, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1752, Windows Logon Options: Sign-in and lock last interactive user automatically after a restart, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1770, Windows Installer: Disable Co-Installer (USB AutoInstall), Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1753, WinRM Client: Allow Basic authentication, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1754, WinRM Client: Allow unencrypted traffic, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1755, WinRM Client: Disallow Digest authentication, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1756, WinRM Service: Allow remote server management through WinRM, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1757, WinRM Service: Allow Basic authentication, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1758, WinRM Service: Allow unencrypted traffic, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 1759, WinRM Service: Disallow WinRM from storing RunAs credentials, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 1760, Windows Remote Shell: Allow Remote Shell Access, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 2000, File Explorer: Configure Windows Defender SmartScreen, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 2001, File Explorer: Configure Windows Defender SmartScreen to warn and prevent bypass, Result=Warn, Recommended=Block, Severity=Medium

[] 17/12/2025 21:07:06 - Starting Category PowerShell [๐Ÿ˜ผ] ID 2105, Turn on PowerShell Module Logging, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2106, Turn on PowerShell Module Logging - Module Names, Result=, Recommended=, Severity=Low [๐Ÿ˜ฟ] ID 2100, Turn on PowerShell Script Block Logging, Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ผ] ID 2101, Turn on PowerShell Script Block Logging (Invocation), Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2102, Turn on PowerShell Transcription, Result=0, Recommended=1, Severity=Low [๐Ÿ˜ผ] ID 2107, Turn on PowerShell Transcription (Invocation), Result=0, Recommended=1, Severity=Low No se puede llamar a un mรฉtodo en una expresiรณn con valor NULL. En C:\Users\Usuario\Documents\Windows\PowerShell\Modules\HardeningKitty\0.9.2\HardeningKitty.psm1: 1524 Carรกcter: 38

  • ... ains" { If ($Result.ToString().Contains($Finding.RecommendedValue)) { ...
  •             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (:) [], RuntimeException
    • FullyQualifiedErrorId : InvokeMethodOnNull

[๐Ÿ˜ฟ] ID 2103, Disable PowerShell version 2, Result=, Recommended=Disabled, Severity=Medium No se puede llamar a un mรฉtodo en una expresiรณn con valor NULL. En C:\Users\Usuario\Documents\Windows\PowerShell\Modules\HardeningKitty\0.9.2\HardeningKitty.psm1: 1524 Carรกcter: 38

  • ... ains" { If ($Result.ToString().Contains($Finding.RecommendedValue)) { ...
  •             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (:) [], RuntimeException
    • FullyQualifiedErrorId : InvokeMethodOnNull

[๐Ÿ˜ฟ] ID 2104, Disable PowerShell version 2 (root), Result=, Recommended=Disabled, Severity=Medium

[*] 17/12/2025 21:07:07 - Starting Category MS Security Guide [๐Ÿ˜ฟ] ID 2200, LSA Protection, Result=2, Recommended=1, Severity=Medium [๐Ÿ˜บ] ID 2201, Lsass.exe audit mode, Result=8, Recommended=8, Severity=Passed [๐Ÿ˜ฟ] ID 2202, NetBT NodeType configuration, Result=0, Recommended=2, Severity=Medium [๐Ÿ˜บ] ID 2203, WDigest Authentication, Result=0, Recommended=0, Severity=Passed [๐Ÿ˜บ] ID 2209, Enable Structured Exception Handling Overwrite Protection (SEHOP), Result=0, Recommended=0, Severity=Passed [๐Ÿ˜ฟ] ID 2210, Limits print driver installation to Administrators, Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 2211, Configure RPC packet level privacy setting for incoming connections, Result=, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 2212, Manage processing of Queue-specific files, Result=, Recommended=1, Severity=Medium

[*] 17/12/2025 21:07:07 - Starting Category MSS (Legacy) [๐Ÿ˜ฟ] ID 2204, MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended), Result=0, Recommended=1, Severity=Medium [๐Ÿ˜ฟ] ID 2205, MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing), Result=0, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 2206, MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing), Result=1, Recommended=2, Severity=Medium [๐Ÿ˜ฟ] ID 2207, MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes, Result=1, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 2208, MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers, Result=0, Recommended=1, Severity=Medium

[*] 17/12/2025 21:07:07 - Starting Category Scheduled Task [๐Ÿ˜ฟ] ID 2400, XblGameSave Standby Task, Result=Ready, Recommended=Disabled, Severity=Medium

[*] 17/12/2025 21:07:07 - Starting Category System Services [๐Ÿ˜ฟ] ID 2411, Disable mDNS in Dnscache service, Result=, Recommended=0, Severity=Medium [๐Ÿ˜ฟ] ID 2401, Print Spooler (Spooler), Result=2, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2402, Print Spooler (Spooler) (Service Startup type), Result=Automatic, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2412, WebClient (WebClient), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2413, WebClient (WebClient) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2403, Xbox Accessory Management Service (XboxGipSvc), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2404, Xbox Accessory Management Service (XboxGipSvc) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2405, Xbox Live Auth Manager (XblAuthManager), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2406, Xbox Live Auth Manager (XblAuthManager) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2407, Xbox Live Game Save (XblGameSave), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2408, Xbox Live Game Save (XblGameSave) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium [๐Ÿ˜ฟ] ID 2409, Xbox Live Networking Service (XboxNetApiSvc), Result=3, Recommended=4, Severity=Medium [๐Ÿ˜ฟ] ID 2410, Xbox Live Networking Service (XboxNetApiSvc) (Service Startup type), Result=Manual, Recommended=Disabled, Severity=Medium

[*] 17/12/2025 21:07:07 - Starting Category Microsoft Defender Exploit Guard [๐Ÿ˜ฟ] ID 1950, Exploit protection: Control flow guard (CFG), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜ฟ] ID 1951, Exploit protection: Data Execution Prevention (DEP), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1952, Exploit protection: Override Data Execution Prevention (DEP), Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1954, Exploit protection: Force randomization for images (Mandatory ASLR), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1955, Exploit protection: Override force randomization for images (Mandatory ASLR), Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1956, Exploit protection: Randomize memory allocations (Bottom-up ASLR), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1957, Exploit protection: Override randomize memory allocations (Bottom-up ASLR), Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1958, Exploit protection: High-entropy ASLR, Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1959, Exploit protection: Override high-entropy ASLR, Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1960, Exploit protection: Validate exception chains (SEHOP), Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜ฟ] ID 1961, Exploit protection: Validate exception chains (SEHOP (Telemetry only), Result=NOTSET, Recommended=OFF, Severity=Medium [๐Ÿ˜บ] ID 1962, Exploit protection: Override validate exception chains (SEHOP), Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1963, Exploit protection: Validate heap integrity, Result=NOTSET, Recommended=ON, Severity=Medium [๐Ÿ˜บ] ID 1964, Exploit protection: Override validate heap integrity, Result=False, Recommended=False, Severity=Passed [๐Ÿ˜ฟ] ID 1953, Force use of Data Execution Prevention (DEP), Result=OptIn, Recommended=AlwaysOn, Severity=Medium

[*] 17/12/2025 21:07:07 - Starting Category Windows Firewall [๐Ÿ˜ผ] ID 2300, HardeningKitty-Block-TCP-NetBIOS, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2301, HardeningKitty-Block-TCP-RDP, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2302, HardeningKitty-Block-TCP-RPC, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2303, HardeningKitty-Block-TCP-SMB, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2304, HardeningKitty-Block-TCP-WinRM, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2305, HardeningKitty-Block-UDP-NetBIOS, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2306, HardeningKitty-Block-UDP-RPC, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2307, HardeningKitty-Block-calc-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2308, HardeningKitty-Block-calc-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2309, HardeningKitty-Block-certutil-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2310, HardeningKitty-Block-certutil-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2311, HardeningKitty-Block-conhost-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2312, HardeningKitty-Block-conhost-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2313, HardeningKitty-Block-cscript-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2314, HardeningKitty-Block-cscript-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2315, HardeningKitty-Block-mshta-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2316, HardeningKitty-Block-mshta-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2317, HardeningKitty-Block-notepad-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2318, HardeningKitty-Block-notepad-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2319, HardeningKitty-Block-RunScriptHelper-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2320, HardeningKitty-Block-RunScriptHelper-x86, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2321, HardeningKitty-Block-wscript-x64, Result=, Recommended=True, Severity=Low [๐Ÿ˜ผ] ID 2322, HardeningKitty-Block-wscript-x86, Result=, Recommended=True, Severity=Low

[] 17/12/2025 21:07:22 - HardeningKitty is done [] 17/12/2025 21:07:22 - Your HardeningKitty score is: 3.2. HardeningKitty Statistics: Total checks: 388 - Passed: 76, Low: 68, Medium: 243, High: 1.

picstar avatar Dec 17 '25 20:12 picstar

I executed HardeningKitty again and these are the results, what I must correct or improve? Thank you very much

Well, I personally implement all of the settings. The only exceptions are Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0A (Thunderbolt) and Credential Guard (my system is not domain-joined). If your system is a laptop that leaves your place, you should activate BitLocker first.

Afterwards, I recommend going through all the settings to understand what they do. The CIS Benchmark might help because it describes all the settings โ€” you just have to register with an email address: https://www.cisecurity.org/benchmark/microsoft_windows_desktop

0x6d69636b avatar Dec 18 '25 17:12 0x6d69636b

Thank you very much. I'll do it

picstar avatar Dec 18 '25 21:12 picstar

People who are ruinning my life and have hacked my computer don't permit me download the CIS Benchmark. Please,k can you help me? Could you send it to me by email?

picstar avatar Dec 20 '25 21:12 picstar

Could you please contact CIS, I'm not sure if I am legally allowed to share these documents

0x6d69636b avatar Dec 21 '25 08:12 0x6d69636b

Please, I am seeing downloads page, but I cannot know what benchmarks i must download because they are hacking me the page

CIS downloads.pdf

picstar avatar Mar 09 '26 18:03 picstar

Please, could you provide me the benchmarks? I can give you my PC and Windows specifications. I can give you my email or linkedin page.

picstar avatar Mar 09 '26 18:03 picstar

The CIS benchmarks are free for non-comercial use.

picstar avatar Mar 09 '26 18:03 picstar