Sentinel Shield

Your Personal Windows Security Toolkit

A curated collection of PowerShell scripts and AI-powered tools to harden your Windows OS. Copy, paste, and execute in an elevated PowerShell terminal to apply security configurations.

AI Threat Analyzer
Analyze Sysmon logs for anomalies using AI. Paste your logs to get a detailed security analysis and identify potential threats.
Windows Update Automation
Ensure your system is always up-to-date by forcing update checks and installations.

Check Status

Verify the Windows Update service is running.

Get-Service -Name wuauserv

Force Updates

Force check, download, and install all updates. This may restart your PC.

If (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) {
    Install-Module -Name PSWindowsUpdate -Force -Confirm:$false
}
Import-Module PSWindowsUpdate
Get-WindowsUpdate -MicrosoftUpdate -Install -AcceptAll -AutoReboot -Verbose
Service Lockdown
Reduce attack surface by disabling non-essential Windows services.

Account Manager
Create standard user accounts to follow the principle of least privilege for daily tasks.
Antimalware Automation
Verify Windows Defender status and automate the installation of Malwarebytes.

Check Windows Defender

Verify real-time protection is enabled.

Get-MpPreference | Select-Object RealtimeProtectionEnabled

Install Malwarebytes via Chocolatey

First, install Chocolatey package manager if you haven't.

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1' ))

Then, install Malwarebytes (Free version).

choco install malwarebytes -y
Firewall Fortification
Harden your Windows Firewall by blocking unsolicited inbound connections.

This script enables the firewall, blocks all incoming connections by default, and allows all outgoing connections. For stricter security, you can block outgoing connections and create specific allow rules.

# Enable the Windows Firewall for all profiles
Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled True

# Set the default action to block inbound connections
Set-NetFirewallProfile -Profile Domain,Private,Public -DefaultInboundAction Block

# Set the default action to allow outbound connections
Set-NetFirewallProfile -Profile Domain,Private,Public -DefaultOutboundAction Allow

Write-Host "Basic Windows Firewall hardening applied."
Sysmon Deployment
Install and configure Sysmon for detailed system activity logging.

Step 1: Download & Extract Sysmon

# Define destination directory
$SysmonDir = "C:\Sysmon"
If (-not (Test-Path $SysmonDir)) { New-Item -Path $SysmonDir -ItemType Directory }

# Download Sysmon
$SysmonUrl = "https://download.sysinternals.com/files/Sysmon.zip"
$SysmonZip = Join-Path $SysmonDir "Sysmon.zip"
Invoke-WebRequest -Uri $SysmonUrl -OutFile $SysmonZip

# Extract Sysmon
Expand-Archive -Path $SysmonZip -DestinationPath $SysmonDir -Force

Write-Host "Sysmon downloaded and extracted to $SysmonDir"

Step 2: Install & Configure Sysmon

This uses a popular configuration file from SwiftOnSecurity and assumes a 64-bit system.

# Download recommended config from SwiftOnSecurity
$SysmonConfigUrl = "https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml"
$SysmonConfigFile = Join-Path "C:\Sysmon" "sysmonconfig.xml"
Invoke-WebRequest -Uri $SysmonConfigUrl -OutFile $SysmonConfigFile

# Install Sysmon service with the configuration (use Sysmon64.exe for 64-bit systems)
& "C:\Sysmon\Sysmon64.exe" -accepteula -i "$SysmonConfigFile"

Write-Host "Sysmon installed and configured."