CodeXtremeOS
Win Optimizer

Firewall and Security

Advanced Windows system optimization

🛡️

Firewall and Security

Optimization Category

Disable Unnecessary App Firewall Rules

Medium

Disable firewall rules for built-in Windows apps that may not be needed

💡 Reduces attack surface and network exposure for unused applications

Disable Windows App Firewall Rules

Disables firewall rules for built-in Windows applications like Cortana, Feedback Hub, Photos, etc. Only disable if you don't use these apps.
PowerShell / CMD
netsh advfirewall firewall set rule group="Connect" new enable=no netsh advfirewall firewall set rule group="Contact Support" new enable=no netsh advfirewall firewall set rule group="Cortana" new enable=no netsh advfirewall firewall set rule group="DiagTrack" new enable=no netsh advfirewall firewall set rule group="Feedback Hub" new enable=no netsh advfirewall firewall set rule group="Microsoft Photos" new enable=no netsh advfirewall firewall set rule group="OneNote" new enable=no netsh advfirewall firewall set rule group="Remote Assistance" new enable=no netsh advfirewall firewall set rule group="Windows Spotlight" new enable=no

Block SMB Port 445

Medium

Block incoming SMB traffic on port 445 to prevent ransomware attacks

💡 Significantly improves security by blocking major attack vector for ransomware and worms

Block Port 445

Adds firewall rule to block incoming SMB traffic. SMB port 445 is frequently targeted by WannaCry, Petya, and other ransomware.
PowerShell / CMD
netsh advfirewall firewall add rule name=deny445 dir=in action=block protocol=TCP localport=445

Security Note

⚠️
Port 445 is the primary vector for ransomware propagation on Windows networks. Blocking is highly recommended unless you require SMB shares.

Configure Firewall Profiles

Medium

Enable firewall on all profiles and restrict local firewall rules

💡 Ensures consistent firewall protection across all network scenarios

Enable Firewall Profiles

Enables Windows Firewall on Domain, Public, and Private profiles. Disallows local firewall rule modifications to prevent tampering.
PowerShell / CMD
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True -AllowLocalFirewallRules False

Protection

ℹ️
Prevents malware from disabling firewall or creating exceptions for network access.

Disable NetBIOS and LMHOSTS

Medium

Disable legacy NetBIOS protocol that can expose system information

💡 Reduces exposure of computer names and network discovery attacks

Disable NetBIOS/LMHOSTS

NetBIOS is a legacy protocol that broadcasts computer names on local networks. Modern systems use DNS instead.
PowerShell / CMD
New-ItemProperty -Force -Path "HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" -Name "EnableLMHOSTS" -PropertyType DWord -Value 0

Disable Unnecessary Network Adapters

Medium

Disable unused network components like Pacer, SMB Server, LLDP, and LLTD

💡 Reduces network exposure and removes potentially vulnerable network services

Disable Network Components

Disables Pacer (QoS), SMB Server, LLDP (Link Layer Discovery Protocol), and LLTD (Link-Layer Topology Discovery). These are rarely needed for gaming or productivity.
PowerShell / CMD
# Pacer (QoS) Disable-NetAdapterBinding -Name "*" -ComponentID "ms_pacer" # SMB Server Disable-NetAdapterBinding -Name "*" -ComponentID "ms_server" # LLDP Disable-NetAdapterBinding -Name "*" -ComponentID "ms_lldp" # LLTD Disable-NetAdapterBinding -Name "*" -ComponentID "ms_lltdio" Disable-NetAdapterBinding -Name "*" -ComponentID "ms_rspndr"

Disable IPv6

Medium

Disable IPv6 protocol if you only use IPv4

💡 Reduces network complexity and potential security gaps from unused protocols

Disable IPv6

Disables IPv6 on network adapters. Only disable if your network exclusively uses IPv4. Some applications may require IPv6.
PowerShell / CMD
Disable-NetAdapterBinding -Name "*" -ComponentID "ms_tcpip6" New-ItemProperty -Force -Path "HKLM:\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters" -Name "DisabledComponents" -PropertyType DWord -Value 0xFFFFFFFF

Warning

⚠️
Only disable if you exclusively use IPv4. Disabling IPv6 may break some applications or services that depend on it.

Disable SMBv1 Protocol

Medium

Disable insecure SMBv1 file sharing protocol

💡 Eliminates WannaCry and Petya ransomware attack vector

Disable SMBv1

SMBv1 has critical vulnerabilities and should always be disabled. Modern systems use SMB2/3.
PowerShell / CMD
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name SMB1 -Value 0

Security Critical

⚠️
SMBv1 has been exploited by major ransomware attacks. Disabling is strongly recommended.

Disable File and Printer Sharing

Medium

Disable firewall rules for file and printer sharing if not needed

💡 Prevents unauthorized access to shared files and printers on network

Disable Sharing Rules

Disables firewall rules allowing file and printer sharing. Only disable if you don't share files or printers on your network.
PowerShell / CMD
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=no

Impact

ℹ️
If you use network file/printer sharing, you'll need to enable these rules separately.

Credential Hardening

Medium

Configure token and credential policies to prevent credential theft attacks

💡 Protects administrator tokens from local privilege escalation attacks

Enable Credential Protection

Enables User Account Control (UAC) hardening, administrator token filtering, and local account token policies. Prevents credential theft via token impersonation.
PowerShell / CMD
Set-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 0 Set-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name FilterAdministratorToken -Value 1 Set-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -Value 1

UAC Effect

ℹ️
Ensures UAC prompts for all administrative operations, preventing silent privilege escalation.

Cleartext Password Protection

Medium

Prevent storage of passwords in cleartext and enable token leak detection

💡 Prevents credential harvesting attacks that exploit cleartext password storage

Disable Cleartext Passwords

Disables WDigest cleartext password storage and enables token leak detection. WDigest stores passwords in memory in cleartext, creating severe security risk.
PowerShell / CMD
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -Name UseLogonCredential -Value 0 Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name TokenLeakDetectDelaySecs -Value 30

Security Critical

⚠️
WDigest cleartext passwords allow attackers to harvest credentials using tools like Mimikatz after system compromise.

Accessibility Tools

Current size: 100%

🍪
WE USE COOKIES: We use our own and third-party cookies to improve your browsing experience, analyze site traffic, and personalize content. You can accept all cookies, reject them, or customize your preferences. More information