Hardening Tools

There's a few really good hardening tools that you can use for Windows. Using one of these will have a pretty big boost to the security of your computer. I recommend using only one of them, or you could end up with some pretty glitchy results. As always, if you use one, make sure to backup your data. It would also be a good idea for you to do some testing in a VM before you try this on any of your main computers to make sure you are comfortable enough with using it, especially with HardeningKitty.

There's two main tools I like, each one has it's particular strengths and each one has varying degrees of difficulty in applying it. There's ConfigureDefender and Harden Windows Security by HotCakeX. ConfigureDefender is the easiest one to work with. It's simple to apply new settings and to roll settings back if something is causing an issue. The tool from HotCakeX is a bit more difficult to use and rollback, though not a lot. HardeningKitty is more difficult to use and depending on the settings you apply, can be near impossible to roll back. This tool isn't nearly as forgiving if you make a mistake and isn't as straightforward to use for home users. If you really want to use it, I would recommend carefully reading through the install instructions on the GitHub page.

Before going any further, I don't see a point in using these tools if you use a third party AV suite. Defender is pretty solid but it still has a ways to go. Anyone who would like to see something more definitive can check out videos from Leo at The PC Security Channel. Third party AV still way outperforms Defender in real world testing, especially against ransomware.


Let's cover the easiest tool to use first. There's a GUI that comes with this tool and it also has a help button to explain what the settings do. I won't cover them in detail as the tool does a good job at that. There are four different settings; default, high, interactive, and max. A lot of people that use this program like the high settings as it hardens Defender enough to make it better, but no to the point of having legit programs being blocked from running. I've tested out max quite a bit and have had very few issues with legitimate stuff being blocked.

There's a few settings to be mindful of. The first one is cloud protection level. If you set the tool to max, this option is changed to block. This setting will have Defender scan a file before being executed. The issue that can sometimes happen with this is that if you have a relatively new file and you lose internet connection, Windows can't upload it for analysis to make sure it's clean. This'll cause it to block the app from being able to run, even if you know it to be legit.

The other settings is controlled folder access near the bottom of the page. When set to max, this will be on. This setting sounds great in theory, but is a pain in the ass in practice. It hasn't improved much since its release. You'll have to deal with frequent popups of safe files being blocked from doing what they need to do. This is in stark contrast to ransomware protection built into third party AV suites, which works well by just being in the background. If you don't want to deal with constant popups and having to allow stuff, you can disable this setting.

Other than that, you can play around with individual settings if you want to or you can just use the preset options. If for some reason you are having something getting to work right, you can open this up and dial the settings back to get an app to run. Just keep in mind that Defender may have blocked the app for good reason.


This tool is only slightly harder to use than ConfigureDefender, though it's really damn good. This tool is ran through PowerShell and it walks you through each step asking if you want to apply each specific measure. Normally I would have specific instructions to use something like this, but I have to give applause to HotCakeX for writing excellent documentation regarding how to use it. You can find the link to the GitHub project here which will guide you through the install process.