This repo contains ultimate security configurations against hacking such as memory space access, malware, credential theft - including some denial of service attacks + rootkit deployments: milsec for many Microsoft Windows programs. Following apps are protected (click categories to show list):
Web Browsers
- Google Chrome
- Mozilla Firefox
- Internet Explorer
- Librewolf
- Opera
- Safari
- Thorium
- Edge
- DuckDuckGo
- Brave
- Waterfox
Media Tools
- Audacity
- butt audio streaming
- Virtual DJ
- Traktor
- Photoshop
- Groove Music
- Winamp
- foobar2000
- iTunes
- Windows Media Player
- NDIRecord
- StreamDeck
- Yamaha Steinberg USB
- vMix64
- BlackMagic Video
- VLC Media Player
Communication Apps
- Skype
- Lync
- Pidgin
- Telegram
- MS Outlook
- Thunderbird
- Windows Live Mail
- Google Talk
- Slack
- Wire
- Armcord (a Discord client)
- Discord
- Zoom
Gaming
- Steam
- Ubisoft
- BlueStacks X
- EA - Electronic Arts
- GOG Galaxy (edit version number in .XML file accordingly)
- EasyAntiCheat
- The Sims 4
- Cyberpunk 2077
- Firestorm (for Second Life)
- Radegast
Networking
- dnscrypt-proxy
- Tor
- Torifier
- WARP 1.1.1.1
- OpenVPN
- WireGuard
- VPN Unlimited
- Comodo Internet Security
- YogaDNS
Common Software
- Notepad++
- Obsidian
- OneNote
- Acrobat Reader PDF
- Sumatra PDF
- Foxit PDF Reader
- Java
- MS Access
- MS Excel
- MS PowerPoint
- MS Word
- MS Wordpad
- MS Notepad
- PowerShell
- PowerShell ISE
- Visio
- WinZip
- WinRAR
- 7Z
- ...
Microsoft Services
- Literally all (!) basic Windows programs from boot. Beyond recommendations (took a few bluescreens >.<)
- OneDrive
- File Explorer
- Smartscreen
- Windows Settings
- Task Manager
- Windows Store
- Command terminal
- search index
- SSH
- svchost
- smss
- csrss
- lpcapsvc
- conhost
- dashost
- OOBEbroker
- WMI
- wininit
- winlogon
- WerFault
- lsalso & lsass
- and many more (everything on Windows 10 & 11)
Other Executables
- Adobe (services)
- AMD (GPU driver)
- Citrix Workspace App
- Crash_handler
- DuckyRGB
- Edge Webview2 (works for Citrix Workspace, DuckDuckGo, Edge...)
- Everything
- Element
- Garmin Express
- Front
- Faststone viewer
- HP (drivers)
- Intel (drivers)
- irfanview64
- Jellyfin
- KeePassXC & proxy
- Open SSL
- NVIDIA
- MPV
- µTorrent
- Qbittorrent
- Qt Web Engine
- Real Converter
- RealPlay
- Realtek Audio
- SwitchDefaultDeny(x64)
- SyncThing
- Thunderbolt
- ...
Check separate settings when specific features don't work as they are fully tested & all programs will start.
Windows Settings > Security & Privacy > Windows Security > App & browser control > Exploit protection settings > Program settings
Help update XploitProtection.xml and keep this repo growing with new entries. This list & extra security settings below are focused on Windows Home & Pro consumers, gamers & small businesses (including privacy geeks) where agility is everything. By using PoE (process of elimination) while applying WEPS and keeping the .xml file here up to date, together we keep the most complete list online.
Run XPROT.exe to change WEPS quickly. Update every so often (this will not remove any existing settings) & reboot to activate, also after manually importing with this command:
Set-ProcessMitigation -PolicyFilePath "$HOME\Downloads\XploitProtection.xml"
Some installations require temporarily removing protection: reboot & install the software, run again or import your own local XML. After restart, these policies block intrusions like botnets, cache exploits and more!
The standalone GUI (you can also use PowerShell ISE to run this script) brings dramatic improvements to the interface that Windows offers today - WEPS Manager excels in speed for bulk actions & repetitive implementations, running tighter security with no trouble: remove & import settings again whenever you need & be up to date in a few seconds.
- Use encrypted DNS (f.e. 9.9.9.9, dnslow.me,...) via Windows network settings or a third-party program
- https://github.com/AndyFul/ConfigureDefender (hardening of Windows)
- windows_hardening.cmd (includes mimikatz exploit protection & more security!)
- https://github.com/Sycnex/Windows10Debloater (debloat Windows 10 & 11)
- https://www.thewindowsclub.com/ultimate-windows-tweaker-5-for-windows-11
- https://github.com/jdgregson/Exploit-Protection-Settings as to support Microsoft Office
- Added https://github.com/Strana-Mechty/ExploitProtection-Templates including Adobe, Telegram & more
- Calibrated with original https://github.com/microsoft/ExploitProtectionConfiguration
⭐ Star & help others find better protection.
#WindowsHome #WindowsPro #Windows10 #Windows11 #Microsoft #WindowsExploitProtectionSettings #Hardening #Cybersecurity #ExploitProtection #Defender #WindowsDefender #Gaming #Mimikatz #Defense #Botnet #Antibotnet #Antivirus #Glitch #Virus #Infection #Privacy #SVC #Vulnerabilities #Cyberdefense #Protection #Gaming #Stackpivot #CFG #SEHOP #ASLR #Heapcorruption #Safeboot #VPN #OpenVPN #WireGuard #Tor #Proxy #Redhat #Whitehat #Anonymous #DEFCON #Opensource #Interface #Tool #Qt #Quantum #Spacetime #ProtectionSettings #Manager #Security #Software #GUI #Productivity #CallerCheck #HandleUsage #Fonts #Images #dll #services #taskhost #svchost #PowerShell #TLS
© FrenzyPenguin Media