diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6a82046a64..10e2589311 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2644,7 +2644,7 @@ set_target_properties(test-programs PROPERTIES FOLDER "Tests")
 if (WIN32)
 	file (TO_NATIVE_PATH ${CMAKE_SOURCE_DIR}/tools/Get-HardenFlags.ps1 _win_harden_flags)
 	add_custom_target(hardening-check
-		COMMAND ${POWERSHELL_COMMAND} "${_win_harden_flags}" "${CMAKE_BINARY_DIR}"
+		COMMAND ${POWERSHELL_COMMAND} "${_win_harden_flags}" "${_dll_output_dir_win}"
 		DEPENDS ${PROGLIST}
 		COMMENT "Checking binaries for security features"
 	)
diff --git a/tools/Get-HardenFlags.ps1 b/tools/Get-HardenFlags.ps1
index fcb3edf73a..a5b300eb33 100644
--- a/tools/Get-HardenFlags.ps1
+++ b/tools/Get-HardenFlags.ps1
@@ -70,8 +70,59 @@ Param(
     $BinaryDir
 )
 
+# Create a list of 3rd party binaries that are not hardened
+$SoftBins = (
+    "libpixmap.dll",
+    "libwimp.dll",
+    "libgail.dll",
+    "airpcap.dll",
+    "comerr32.dll",
+    "gspawn-win32-helper-console.exe",
+    "gspawn-win32-helper.exe",
+    "k5sprt32.dll",
+    "krb5_32.dll",
+    "libatk-1.0-0.dll",
+    "libcairo-2.dll",
+    "libffi-6.dll",
+    "libfontconfig-1.dll",
+    "libfreetype-6.dll",
+    "libgcc_s_sjlj-1.dll",
+    "libgcrypt-20.dll",
+    "libgdk-win32-2.0-0.dll",
+    "libgdk_pixbuf-2.0-0.dll",
+    "libGeoIP-1.dll",
+    "libgio-2.0-0.dll",
+    "libglib-2.0-0.dll",
+    "libgmodule-2.0-0.dll",
+    "libgmp-10.dll",
+    "libgnutls-28.dll",
+    "libgobject-2.0-0.dll",
+    "libgpg-error-0.dll",
+    "libgtk-win32-2.0-0.dll",
+    "libharfbuzz-0.dll",
+    "libhogweed-2-4.dll",
+    "libintl-8.dll",
+    "libjasper-1.dll",
+    "libjpeg-8.dll",
+    "liblzma-5.dll",
+    "libnettle-4-6.dll",
+    "libp11-kit-0.dll",
+    "libpango-1.0-0.dll",
+    "libpangocairo-1.0-0.dll",
+    "libpangoft2-1.0-0.dll",
+    "libpangowin32-1.0-0.dll",
+    "libpixman-1-0.dll",
+    "libpng15-15.dll",
+    "libtasn1-6.dll",
+    "libtiff-5.dll",
+    "libxml2-2.dll",
+# Unfortunately the nsis uninstaller is not hardened.
+    "uninstall.exe"
+)
+
 # CD into the bindir, allows Resolve-Path to work in relative mode.
-Push-Location $BinDir
+Push-Location $BinaryDir
+[Console]::Error.WriteLine("Checking in $BinaryDir for unhardened binaries:")
 
 # Retrieve the list of binaries.  -Filter is quicker than -Include, but can only handle one item
 $Binaries = Get-ChildItem -Path $BinaryDir -Recurse -Include *.exe,*.dll
@@ -92,7 +143,10 @@ $Binaries | ForEach-Object {
         # Write-Error outputs error records, we simply want the filename
         [Console]::Error.WriteLine((Resolve-Path $_ -Relative))
 
-        $Count++
+        # Don't count files that won't ever be OK
+        if ($SoftBins -notcontains (Split-Path $_ -Leaf)) {
+            $Count++
+        }
     }
 }