An all-in-one security and privacy editor for Windows 10 & 11
Created by milrn and async-wei
SH13LDMEΒ© is an open-source, comprehensive Windows privacy and security configuration tool that provides an intuitive interface for managing Windows registry settings that may not be easily available to non-technical users.
- Registry Scanning: Automatically scans the current state of the registry endpoints
- Backup & Restore: Creates and restores endpoint backups
- Dependency Management: Automatically handles endpoint dependencies
- User Friendly: Even inexperienced users can use the app
Important
This app is built on electron which may not be ideal for certain users. We understand the performance concerns, but this app is not meant to be run constantly. We have also taken security into consideration and have disabled almost all remote content in the app.
- Operating System: Windows 10 or Windows 11
- Privileges: Administrator rights required
Warning
Modifying Windows registry settings can affect system stability and functionality. This app has gone through extensive testing to make sure it does not break OS functionality, but use it at your own risk. Always create backups, and test changes in a controlled environment before applying to production systems!
- Download the latest release from the GitHub releases page
- Run the installer as Administrator
- Follow the installation wizard
- Launch SH13LDMEΒ© as Administrator
- Click the "Scan Now" button on the home page
- Wait for the scan to complete
- After scanning, use the navigation tabs to browse endpoints:
- Search Endpoints: Search for specific endpoints and view categories
- Secure Endpoints: View already secured endpoints
- Optional Endpoints: View endpoints that are optional to secure based on user preference
- Insecure Endpoints: View endpoints that are recommended to secure
- For each endpoint, use the dropdown menu to select your desired configuration
- Click "Apply Changes" to implement your selections
Tip
Click on the title of a category on the Search Endpoints page to view the included endpoints!
Important
This app may not configure all Windows Defender endpoints as this focuses on endpoints that can't be configured in the default UI. We also have not included endpoints that could possibly break system functionality. If you want more security, and your hardware allows it, we suggest configuring Controlled Folder Access, Tamper Protection, SmartScreen, Memory Integrity, Kernel-mode Hardware Enforced Stack Protection, Memory Access Protection, Firmware Protection, and Local Security Authority Protection. These endpoints may be added in future updates.
- Click the backup icon in the bottom-right corner
- Backups are automatically saved with timestamps in the
./backupsfolder - Backup files contain all the endpoint states configured by the app
- Backup files can be renamed to whatever you want
- Click the import backup icon in the bottom-right corner
- Select a
.jsonbackup file from the./backupsfolder - The app will automatically apply the changes needed to reach the
.jsonfile - A new endpoint scan will be performed to verify the changes
- π’ Green: Secure endpoint state
- π΄ Red: Insecure endpoint state
- π‘ Yellow: Optional endpoint state
- β« Gray: Unknown/Corrupted endpoint state
Note
Corrupted states can be fixed by simply hitting the "Apply Changes" button!
Tip
Secure states are the single state that we decided gives the best privacy, security, or combination of both than the other states. The secure state may not be the best for everyone! Choose whatever option suites you the best.
Some endpoints have dependencies on others. For example:
- Many advanced Windows Defender features require MAPS (Microsoft Advanced Protection Service) to be enabled to function
Note
SH13LDMEΒ© automatically checks and displays these dependencies with informational tooltips located on the bottom right of certain endpoint boxes. Endpoints will be grayed out until all required dependencies are met to avoid system screwups! Some endpoints may require the 'not secure' state of other endpoints. This is because some endpoints emcompass the scope of several lesser endpoints, for example, securing 'System Telemetry' will automatically disallow any collection of 'Inking And Typing Data', so that endpoint will not be available to configure as long as 'System Telemetry' is already secure.
Endpoints operate at different registry levels:
- System: System-wide endpoints affecting all users
- Current User: Endpoints specific to the current user account
Icons at the bottom right of endpoint boxes indicate the scope of each setting with helpful tooltips explaining the impact.
- Make sure Windows Defender or another antivirus isn't blocking the app from running. The app is not malware and is open source, you can compile it yourself if you have security doubts.
- If the application keeps crashing, that means a fatal error is occuring; check the log in the Program Files sh13ldme folder for details.
- If the application can't write to the log, make sure that the folder isn't included in the Protected Folders section of Windows Defender's ransomware protection.
- Some endpoint changes may require a restart to take effect.
If you find a bug, please post it in the issues tab, and someone will try to help you out. Include the relevant log and system information.
Important
Group Policy changes will overwrite changes made by this app. If Group Policy has already been configured on your computer, it is not recommended use this program.
SH13LDMEΒ© maintains error logs in log.txt in the application directory. Check this file for detailed error information if issues occur.
SH13LDME/
βββ assets/ # Application icons and images
βββ backups/ # Backups storage location (generated)
βββ main.js # Backend logic and processing
βββ renderer.js # UI logic and application processing
βββ preload.js # Exposes system APIs to the frontend
βββ endpoints.js # Endpoint definitions and categories
βββ styles.css # Application styling
βββ index.html # Application structure
βββ registry.json # Current endpoint states (generated)
βββ log.txt # Error logging (generated)
- If you want to add a new endpoint, just create a new issue tagged as a feature request with information about the endpoint you want to add.
- If you understand the endpoints.js endpoint format, you can create a pull request instead.
- If you want to make any changes to the code, create a pull request and describe the changes you made. Our code is definitely not the best, so any improvements would be great!
- Install nodejs
- Download this project as a zip file and extract it
- In the project folder, run
npm cito install all the required packages - Then, type
npm run buildto generate the .exe setup files
- App Debloating
- Firewall Telemetry Blocking
- More Endpoints