Releases: Harvester57/Security-ADMX
Releases · Harvester57/Security-ADMX
[v1.2.3] - 2026-02-29
Added
- Policy to configure secure mode for batch file processing (LockBatchFilesWhenInUse)
Additional changes
- actions: bump github/codeql-action from 4.32.2 to 4.32.3 in the actions-dependencies group by @dependabot[bot] in #95
- actions: bump github/codeql-action from 4.32.3 to 4.32.4 in the actions-dependencies group by @dependabot[bot] in #96
- actions: bump step-security/harden-runner from 2.14.2 to 2.15.0 in the actions-dependencies group by @dependabot[bot] in #97
Full Changelog: 1.2.2...1.2.3
[v1.2.2] - 2026-02-11
Added
- Policy to configure NTLMv1 blocking behavior (Audit/Enforce)
- Added
DisableRPCOverTCPandDisableRemoteScmEndpointspolicies toAdditionalSystemHardening.admx, to disable remote access to the Service Control Manager. - Option to enable ECDHE-only ciphersuites in the TLS ciphersuite selection policy dropdown menu.
- Installation instructions in the README.md file.
Fixed
- Updated the Secure Boot related policy, to implement latest recommendations from Microsoft.
Full Changelog: 1.2.1...1.2.2
[v1.2.1] - 2026-01-05
Added
- Policy to enable AMSI Authenticode signature verification
- Defender ASR policy: "Block execution of files related to Remote Monitoring and Management tools"
Fixed
- String format for the TLS ciphersuites (extra blank spaces were removed)
- Typos in descriptions
Changed
- Cleanup of the Microsoft legacy ADMX and ADML files (improved descriptions and XML formatting)
Full Changelog: 1.2.0...1.2.1
[v1.2.0] - 2025-05-13
Added
- Policy to enable or disable detailed BSODs
- Policies to control Attack Surface Reduction rules in Windows Defender
- Credits to @MichaelGrafnetter and his project: https://github.com/MichaelGrafnetter/defender-asr-admx
- Policy to enable or disable remote DCOM traffic
Changed
- Updated translations, wording and descriptions for consistency in en-US and fr-FR
- Fixed a typo in Microsoft's SecGuide template
Full Changelog: 1.1.1...1.2.0
[v1.1.1] - 2024-12-08
Added
- New policy to enable or disable the Windows Defender sandbox
Fixed
- Indentation value for REG_SZ-based policies
[v1.1] - 2024-12-08
Changed
- Major refactoring of the codebase
- Better consistency of indentation and formatting
- Split in several file for network, system and debugging categories
Added
- Additional settings from the Microsoft Security Guide and the legacy MSS settings
- Not translated to fr-FR for now
- Settings were removed if already present in the main ADMX files
[v1.0.37] - 2024-11-12
Added
- New policy to enable or disable the support for KASAN
Fixed
- Fix the Registry path for the Mandatory VBS flag introduced in v1.0.36
[v1.0.36] - 2024-11-03
Added
- New policy to configure the Mandatory mode for Virtualization-Based Security
[v1.0.35] - 2024-10-18
Added
- New policy to configure the behavior of the Sudo command, introduced in Windows 11 24H2
- Cf. @mobilejon blog post about the command: https://mobile-jon.com/2024/10/14/deep-dive-into-windows-sudo/
- New policy to control the state of the generative AI features in Acrobat and Acrobat Reader products
[v1.0.34] - 2024-09-27
Added
- Added all the steps required to update the bootloader against the BlackLotus vulnerability CVE-2023-24932