AtlantHarden

v1.1.0WindowsFree

Windows ships insecure by default. Open ports, weak protocols, disabled logging, legacy compatibility that attackers exploit daily. Fixing it manually means hundreds of registry keys and Group Policy changes - one mistake breaks the system. AtlantHarden fixes all of it in one click. With full backup protection.

Download Free (317 KB)Windows - x64 architecture - No account needed

193+Hardening Settings

17Security Categories

2Compliance Frameworks

4Quick Profiles

19ASR Rules

100%Free

Why Harden Windows 11?

Windows Defender is only partially enabled out of the box - 8 critical settings are left off

Attack Surface Reduction rules that block ransomware and credential theft are disabled by default

SMB signing, LDAP signing, and NTLMv2 enforcement are not configured - network attacks work out of the box

PowerShell logging is off - attackers run scripts with zero visibility

TLS 1.0 and 1.1 are still enabled - downgrade attacks work

Dangerous file extensions (.bat, .vbs, .ps1) execute on double-click

Choose Your Security Level

Basic

Low-risk settings only. Zero workflow disruption. Safe for any machine.

Maximum

All 193+ settings. Controlled Folder Access, LOLBin blocking, USB lockdown.

Gaming

Essential security without performance impact. Skips privacy and bloatware.

Built-in Compliance Tracking

DISA STIG V2R3

Every applicable Windows 11 STIG requirement mapped and tracked. Each setting tagged with its STIG ID for direct cross-reference.

Live compliance percentage on dashboard
Per-setting STIG identification
HTML report export with full breakdown

ACSC Essential Eight

34 settings aligned to the Australian Cyber Security Centre's hardening guide. Priority levels match the ACSC classification.

Live ACSC compliance score
Essential Eight requirement tracking
Application control and macro security

What AtlantHarden Protects Against

19 Attack Surface Reduction Rules

Block Office macro abuse, ransomware behavior, credential theft from LSASS, obfuscated scripts, email executables, WMI abuse

LOLBin Firewall Rules

Block certutil, mshta, wmic, regsvr32 and other living-off-the-land binaries from making network connections

File Association Neutralization

Dangerous extensions (.bat, .cmd, .ps1, .reg, .vbs, .scr) open as text instead of executing

Browser Hardening (3 Engines)

Edge, Chrome, and Firefox hardened simultaneously - site isolation, TLS enforcement, PUA blocking, SmartScreen

Credential Protection

LSASS hardening, WDigest disabled, credential caching controls, Mimikatz defense

PowerShell Visibility

Script block logging + module logging + transcription. Full visibility into every command executed

Silent Deployment for IT Teams

AtlantHarden.exe --config policy.json --apply --silent

Create your gold image policy once in the GUI, export it, deploy across your entire fleet. Exit code 0 = success, 1 = error.

Every Change is Reversible

Automatic backups before every apply. Registry-level precision stores the exact original value. One-click restore. Windows System Restore Point integration. Up to 20 backups stored locally.

Backup format: .ashb (JSON, human-readable) + .reg (double-click Windows restore)

Download AtlantHarden

317 KB - Windows - Free - No account required

Download Now

System Requirements

Windows 10 or Windows 11
x64 architecture
Administrator privileges
.NET 8 runtime (self-contained, no install needed)

Release Notes

v1.1.02026-03-15

193+ hardening settings across 17 categories
DISA STIG V2R3 compliance framework with per-setting tracking
ACSC Essential Eight (July 2024) compliance framework
4 quick profiles: Basic, Recommended, Maximum, Gaming
Silent deployment with --config, --apply, --silent flags
HTML security report generation
Configuration import/export

Important: AtlantHarden modifies Windows security settings at the registry level. Always create a System Restore Point before your first run. Enabling Maximum profile will significantly change system behavior - review high-risk settings individually.