Native Windows applications for application control and system hardening, built entirely on official Microsoft security features.
Windows Security Studio includes two WinUI 3 desktop apps that harden Windows using built-in, documented Microsoft security technologies.
No third-party drivers. No undocumented registry hacks. No external security engines.
Both apps are compiled with Native AOT and distributed as self-contained MSIX packages.
Manages Windows Defender Application Control (WDAC), the allowlisting technology built into Windows.
- Build base, supplemental, and deny policies from scans or event logs
- Visually edit CI policy XML (rule options, signers, and file rules)
- Simulate enforcement before deployment
- Deploy and remove policies locally or through Intune
- Merge and validate policies
Applies, verifies, and manages hardening settings across Windows.
- Security baselines and Microsoft 365 Apps hardening
- Defender and ASR management, including exploit mitigations
- BitLocker configuration and compliance verification
- Device Guard controls (Credential Guard, VBS, HVCI)
- Network and firewall hardening, including TLS controls and LOLBin blocking
- System and management controls across UAC, audit policy, Group Policy, and Intune/CSP inspection
- Download the latest Install Kit
.zipfrom Releases - Extract and run
Install.cmd(auto-elevates, imports the signing certificate, and installs the package)
The apps can check GitHub for new versions and update in place.
Requirements:
- Visual Studio 2022 17.12+
- .NET 10 SDK
- Windows App SDK
- Rust nightly toolchain (App Control Studio only)
# App Control Studio
cd "App Control Studio"
.\Build-AppControlStudio.ps1
# System Security Studio
cd "System Security Studio"
.\Build-SystemSecurityStudio.ps1| UI | WinUI 3 (Windows App SDK) |
| Languages | C# (.NET 10), Rust, C++ |
| Compilation | Native AOT, trimming, Control Flow Guard, CET Shadow Stack |
| Packaging | MSIX / MSIXBundle |
| CI/CD | GitHub Actions |
| Platform | Windows 10 22H2+ (build 22621), x64 |