From afab466367880b9693d38cfbfd75cd3261bbfe50 Mon Sep 17 00:00:00 2001 From: NexusOne23 Date: Tue, 9 Dec 2025 06:38:01 +0100 Subject: [PATCH] Fix: README + FEATURES accuracy - ASR 17+2, Privacy Strict, AntiAI 15 features, Strict vs Paranoid UCC --- Docs/FEATURES.md | 14 ++++++++------ README.md | 14 +++++++------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/Docs/FEATURES.md b/Docs/FEATURES.md index d05b850..b5460c7 100644 --- a/Docs/FEATURES.md +++ b/Docs/FEATURES.md @@ -15,7 +15,7 @@ | **ASR** | 19 | ✅ v2.2.0 | Attack Surface Reduction rules | | **DNS** | 5 | ✅ v2.2.0 | Secure DNS with DoH encryption | | **Privacy** | 77 | ✅ v2.2.0 | Telemetry control, OneDrive hardening (Strict: 69 Registry + 2 Services + 6 OneDrive) | -| **AntiAI** | 32 | ✅ v2.2.0 | AI lockdown (13 features, 32 compliance checks) | +| **AntiAI** | 32 | ✅ v2.2.0 | AI lockdown (15 features, 32 compliance checks) | | **EdgeHardening** | 24 | ✅ v2.2.0 | Microsoft Edge browser security (24 policies) | | **AdvancedSecurity** | 50 | ✅ v2.2.0 | Advanced hardening beyond MS Baseline (incl. Wireless Display, Discovery Protocols, IPv6) | | **TOTAL** | **632** | ✅ **100%** | **Complete Framework (Paranoid mode)** | @@ -234,9 +234,9 @@ Clipchamp.Clipchamp, SpotifyAB.SpotifyMusic ## 🤖 Module 5: AntiAI (32 Policies) -**Description:** Disable 13 Windows AI features via 32 registry policies (v2.2.0) +**Description:** Disable 15 Windows AI features via 32 registry policies (v2.2.0) -### 13 AI Features Disabled: +### 15 AI Features Disabled: | # | Feature | Policies | Description | |---|---------|----------|-------------| @@ -250,9 +250,11 @@ Clipchamp.Clipchamp, SpotifyAB.SpotifyMusic | 8 | **Notepad AI** | 1 | Write, Summarize, Rewrite features (GPT) | | 9 | **Settings Agent** | 1 | AI-powered Settings search | | 10 | **Recall Export Block** | 1 | Prevents export of Recall data | -| 11 | **Edge Copilot Sidebar** | 3 | EdgeSidebarEnabled, ShowHubsSidebar, HubsSidebarEnabled | -| 12 | **Edge Copilot Context** | 2 | CopilotPageContext, CopilotCDPPageContext | -| 13 | **File Explorer AI Actions** | 1 | HideAIActionsMenu in Explorer context menu | +| 11 | **Copilot URI Handlers** | 1 | Blocks ms-copilot:// and ms-chat:// URI schemes | +| 12 | **Edge Copilot Sidebar** | 3 | EdgeSidebarEnabled, ShowHubsSidebar, HubsSidebarEnabled | +| 13 | **Region Policy Override** | 1 | Prevents region bypass for AI features | +| 14 | **Copilot Network Block** | 1 | Blocks Copilot endpoints via hosts file | +| 15 | **File Explorer AI Actions** | 1 | HideAIActionsMenu in Explorer context menu | ### Recall Enterprise Protection: - **App Deny List:** Browser, Terminal, Password managers, RDP never captured diff --git a/README.md b/README.md index 448d62e..fe2c90d 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ **🔒 Privacy Layer** - DNS: Block telemetry, tracking, ads (DoH) - Telemetry: 3 modes (MSRecommended/Strict/Paranoid) -- AntiAI: 13 features disabled (Recall, Copilot, Paint AI, Notepad AI, Edge AI) +- AntiAI: 15 AI features disabled (Recall, Copilot, Paint AI, Notepad AI, Edge AI, etc.) - Bloatware: 24 pre-installed apps removed **🎯 The Result:** A hardened system that's both secure against attacks and private from surveillance. @@ -120,7 +120,7 @@ |:---:|:---:|:---:|:---:| | **Microsoft Baseline 25H2** | **AI Lockdown** | **Professional Quality** | **100% Reversible** | | 630+ Security Settings | No Recall / Copilot / AI | 100% Verification Coverage | BAVR Architecture | -| 19 ASR Rules (Block Mode) | Telemetry & Ads Blocked | Detailed Logging | Exact Pre-State Restore | +| 19 ASR Rules (17 Block + 2 Configurable) | Telemetry & Ads Blocked | Detailed Logging | Exact Pre-State Restore | | Zero-Day CVE-2025-9491 | DNS-over-HTTPS (DoH) | Modular Design | Designed for Zero Data Loss | | VBS & Credential Guard | Edge Browser Hardened | Open Source / Auditable | Safe for Production | @@ -197,18 +197,18 @@ **3 Operating Modes** - **MSRecommended** (Default) MS-supported, max compatibility -- **Strict** Maximum privacy (AllowTelemetry=0 Enterprise/Education only, Force Deny breaks UCC apps) -- **Paranoid** Hardcore (not recommended) +- **Strict** Maximum privacy (AllowTelemetry=0 Ent/Edu only, Teams/Zoom work) +- **Paranoid** Hardcore (Force Deny ALL - BREAKS Teams/Zoom!) **Features:** - Telemetry minimized to Security-Essential level - Bloatware removal (policy-based on 25H2+ Ent/Edu) - OneDrive telemetry off (sync functional) -- App permissions default-deny +- App permissions configurable per mode ### 🤖 AI Lockdown (32 Policies) -**13 AI Features Disabled (incl. Master Switch)** +**15 AI Features Disabled (incl. Master Switch)** - **Master Switch** Disables generative AI models system-wide - **Windows Recall** Complete deactivation (component removal + protection) - **Windows Copilot** System-wide disabled + hardware key remapped @@ -391,7 +391,7 @@ cd noid-privacy | **ASR** | 19 | Attack Surface Reduction Rules | v2.2.0 | | **DNS** | 5 | Secure DNS with DoH encryption | v2.2.0 | | **Privacy** | 77 | Telemetry, Bloatware, OneDrive hardening (Strict) | v2.2.0 | -| **AntiAI** | 32 | AI lockdown (13 features, 32 compliance checks) | v2.2.0 | +| **AntiAI** | 32 | AI lockdown (15 features, 32 compliance checks) | v2.2.0 | | **EdgeHardening** | 24 | Microsoft Edge security (24 policies) | v2.2.0 | | **AdvancedSecurity** | 50 | Beyond MS Baseline (SRP, Legacy protocols, Wireless Display, Discovery Protocols, IPv6) | v2.2.0 | | **TOTAL** | **632** | **Complete Framework (Paranoid mode)** | **Production** |