AtlantHarden
Windows ships insecure by default: legacy SMBv1, cleartext credentials cached in memory, PowerShell with no logging, browsers that ignore enterprise policy, Office that runs macros from the internet. Fixing it by hand means hundreds of registry keys and Group Policy changes, one wrong value away from a system that will not boot.




Overview
But most hardening tools overcorrect. Blindly applying a full DISA STIG to a personal or power-user machine wrecks it: it disables your password manager, kills InPrivate, turns on Controlled Folder Access that blocks your own apps, and demands a BitLocker PIN on every boot, all for compliance checkboxes that add little real security.
AtlantHarden v2.0 is built around a smarter idea: stop how malware and attackers actually get in and run, and skip the friction that does not stop them. Comprehensive when you want it with the Maximum profile, sensible by default with Recommended. Every change is backed up automatically and fully reversible.
Features
Why Harden Windows 11?
Choose Your Security Level
Basic (95 settings)
The highest-impact, effectively zero-friction core: ASR, Defender, SmartScreen, credential-theft protection. If you do nothing else, do this.
Recommended (318 settings)
The smart default. Stops real malware and exploitation while staying gaming and performance safe - it leaves your password manager, InPrivate, and history working.
Maximum (579 settings)
Everything, including the strict DISA STIG lockdowns. Full compliance for high-security and audited environments that want the friction.
Built-in Compliance Tracking
354 DISA STIG Controls
Across five products - Windows 11 (V2R7), Edge (V2R5), Chrome (V2R11), Firefox (V6R7), and Office 365 ProPlus (V3R5). Each setting tagged with its STIG ID, Vulnerability ID, and CCIs for direct cross-reference.
- Live compliance percentage on dashboard
- Per-setting STIG identification
- HTML report export with full breakdown
ACSC Essential Eight
34 settings aligned to the Australian Cyber Security Centre's hardening guide. Priority levels match the ACSC classification.
- Live ACSC compliance score
- Essential Eight requirement tracking
- Application control and macro security
What AtlantHarden Protects Against
19 Attack Surface Reduction Rules
Block Office macro abuse, ransomware behavior, credential theft from LSASS, obfuscated scripts, email executables, WMI abuse
LOLBin Firewall Rules
Block certutil, mshta, wmic, regsvr32 and other living-off-the-land binaries from making network connections
File Association Neutralization
Dangerous extensions (.bat, .cmd, .ps1, .reg, .vbs, .scr) open as text instead of executing
Browser Hardening (3 Engines)
Edge, Chrome, and Firefox hardened simultaneously - site isolation, TLS enforcement, PUA blocking, SmartScreen
Credential Protection
LSASS hardening, WDigest disabled, credential caching controls, Mimikatz defense
PowerShell Visibility
Script block logging + module logging + transcription. Full visibility into every command executed
Silent Deployment for IT Teams
AtlantHarden.exe --config policy.json --apply --silentCreate your gold image policy once in the GUI, export it, deploy across your entire fleet. Exit code 0 = success, 1 = error.
Every Change is Reversible
Automatic backups before every apply. Registry-level precision stores the exact original value. One-click restore. Windows System Restore Point integration. Up to 20 backups stored locally.
Backup format: .reg (double-click Windows restore) + JSON. Self-protection registers the app as allowed for ASR and Controlled Folder Access so it never locks itself out.
Download AtlantHarden
63.4 MB - Windows - Free - No account required
System Requirements
- Windows 10 (1709 or later) or Windows 11
- x64 architecture
- Administrator privileges
- Self-contained, no .NET runtime install required
Release Notes
- Expanded to 599 hardening settings (up from 193) across 17 categories
- 354 DISA STIG controls across five products: Windows 11 V2R7, Edge V2R5, Chrome V2R11, Firefox V6R7, and Office 365 ProPlus V3R5, each tagged with STIG ID, Vulnerability ID, and CCIs
- Per-product STIG compliance dashboard with CAT I/II/III filtering and bulk select
- Reworked profiles: Basic (95), Recommended (325), and Maximum (599), replacing the previous four-profile model
- Recommended profile redesigned to stop real malware and exploitation while staying gaming and performance safe and leaving usability features intact
- Self-protection: registers as an allowed app for ASR and Controlled Folder Access so it can always be relaunched to revert changes
- Self-contained executable, no .NET runtime install required
- STIG catalog now sourced from an auditable, regenerable PowerSTIG-based catalog refreshed quarterly
- 193+ hardening settings across 17 categories
- DISA STIG V2R3 compliance framework with per-setting tracking
- ACSC Essential Eight (July 2024) compliance framework
- 4 quick profiles: Basic, Recommended, Maximum, Gaming
- Silent deployment with --config, --apply, --silent flags
- HTML security report generation
- Configuration import/export