- Dec 23, 2014
- 8,598
Thanks.I downloaded it and I liked it, but one little thing: I couldn't get it to block powershell, although it blocked wscript just fine. What did I do wrong?
windows 10 x64
This reg tweak disables PowerShell script execution, when you are trying to run PS1 files by 'Run by PowerShell' from Explorer context menu. The PowerShell console is showing up, but the script cannot run. When you are trying to run PS1 file by double click like any executable, the script should be opened by default with notepad. You can still use PowerShell commands in the PowerShell console, but not external scripts.
Windows Script Host registry tweak disables it completely by SAFER API, even if you copy wscript.exe or jscript.exe to another folder, or rename those executables.
EDIT.
The PowerShell reg tweak works also, when malware tries to bypass PowerShell 'AllSigned' (or other execution policy) using command prompt or shortcut with commands like:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'Path_to_the_script'"
Last edited: