Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Suggestion]: Offer Removal of telemetry and pre-installed apps from the OS in Harden Windows Security Module #479

Closed
1 task done
HotCakeX opened this issue Dec 25, 2024 · 3 comments · Fixed by #510
Closed
1 task done

[Suggestion]: Offer Removal of telemetry and pre-installed apps from the OS in Harden Windows Security Module #479

HotCakeX opened this issue Dec 25, 2024 · 3 comments · Fixed by #510
Assignees
@HotCakeX
Labels
Suggestion ⚡ Label used to describe New Security Measure Suggestions

Comments

@HotCakeX
Copy link
Owner

Are you sure the Security measure is not already implemented?

  • Yes, I have checked and the Security measure I'm suggesting to be implemented is not duplicate. 🫡

Please explain your new Security measure suggestion

Basically implement what Microsoft suggests in here
https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services
@HotCakeX HotCakeX added the Suggestion ⚡ Label used to describe New Security Measure Suggestions label Dec 25, 2024
@HotCakeX HotCakeX self-assigned this Dec 25, 2024
@HotCakeX HotCakeX added this to Roadmap Dec 25, 2024
@HotCakeX HotCakeX moved this to Harden Windows Security Module in Roadmap Dec 25, 2024
@HotCakeX
Copy link
Owner Author

Related discussion
#462

Repository owner deleted a comment from agpt8 Dec 25, 2024
@HotCakeX HotCakeX mentioned this issue Jan 5, 2025
Merged
HotCakeX added a commit that referenced this issue Jan 5, 2025
@HotCakeX
Implemented Apps and Windows Features Removal (#506)
26cc92c 
New Feature: Introduced the ability to remove built-in apps using the Harden Windows Security module. This functionality is available on a dedicated page. The list of removable apps is stored in a JSON file, providing flexibility and extensibility.

New Feature: Added a new page for managing Optional Windows Features. While the Harden Windows Security module already includes an Optional Features category in the hardening measures section, this new page allows for granular control, enabling you to fine-tune which features to enable or disable. It also includes additional optional features that can be removed.

Compliance Checking Enhancement: Added support for VBScript compliance checks.

Code Improvements: Implemented several code enhancements and optimizations.

UI Enhancements: Updated the button styles on the ASR Rules and Unprotect pages. The new design replaces the previous animated buttons with play icons, offering a cleaner and more modern look.

This PR also completes the first half of this feature request: [Suggestion]: Offer Removal of telemetry and pre-installed apps from the OS in Harden Windows Security Module #479
@HotCakeX
Copy link
Owner Author

HotCakeX commented Jan 5, 2025

First half of this is already done: #506

@HotCakeX HotCakeX linked a pull request Jan 7, 2025 that will close this issue
Added reduced telemetry policies #510
Merged
@github-project-automation github-project-automation bot moved this from Harden Windows Security Module to WDACConfig module in Roadmap Jan 7, 2025
@HotCakeX
Copy link
Owner Author

HotCakeX commented Jan 7, 2025

Finished this PR, implemented the following 14 policies as a sub-category of the Miscellaneous category, called "Reduced Telemetry".

  • Disable Online Tips. Rotating green checkmark denoting CSP CSP

  • Disable Find My Device feature. Rotating green checkmark denoting CSP CSP

  • Disable Automatic Update of Speech Data. Rotating green checkmark denoting CSP CSP

  • Turn off the advertising ID. Rotating green checkmark denoting CSP CSP

  • Turn off cloud optimized content. Rotating green checkmark denoting CSP CSP

  • Do not show Windows tips. Rotating green checkmark denoting CSP CSP

  • Do not show feedback notifications. Rotating green checkmark denoting CSP CSP

  • Turn off Automatic Download and Update of Map Data. Rotating green checkmark denoting CSP CSP

  • Disable Message Service Cloud Sync for cellular text messages. Rotating green checkmark denoting CSP CSP

  • Disable support for web-to-app linking with app URI handlers. Rotating green checkmark denoting CSP CSP

  • Disable "Continue experiences on this device" feature. Rotating green checkmark denoting CSP CSP

  • Disable Font Providers. Rotating green checkmark denoting CSP CSP

  • Don't search the web or display web results in Search. Rotating green checkmark denoting CSP CSP

  • Do not allow web search. More Info


Windows Restricted Traffic Limited Functionality Baseline provided here https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services, isn't recommended to be used at all. It disables important security functionalities.

What I implemented in the Harden Windows Security module consist of 14 policies for now and they do not harm security at all. More policies can be added in the future after further review and tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HotCakeX HotCakeX

Labels
Suggestion ⚡ Label used to describe New Security Measure Suggestions
Projects
Roadmap
Status: AppControl Manager
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added reduced telemetry policies HotCakeX/Harden-Windows-Security
1 participant
@HotCakeX