Completely securing a computer without using programs

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
Can you solve it with a new batch?
It is not really meant to be run, it is a collection of tweaks, which suit my computer, you should pick only what suits you. This is a lighter version, still pretty strict.

[Batch] Windows Tweaks Light - Pastebin.com

By default it blocks all inbound/outbound (maybe that is why it blocked your internet) and enforces signatures, you might want to use this:

Code:
netsh advfirewall set PublicProfile firewallpolicy blockinboundalways,allowoutbound
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ValidateAdminCodeSignatures" /t REG_DWORD /d "0" /f
 
  • Like
Reactions: Emanuel.

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
And the start button?
It works fine on mine, not that I ever use it, but it used be problem prior to 1709. Terminating "ShellExperienceHost.exe" will restart it and Start should work.

A task can be created to run with 1 minute delay after logon to do this:
Code:
taskkill /f /im ShellExperienceHost.exe
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
...
There is never enough restrictions in place. I prefer to go all the way using unconventional methods, which are not known to malware coders, like disabling bash malware simply by preventing it from being enabled using DISM. If you look at how malware works (like the scary SeTcbPrivilege), it checks for restrictions, etc and once it elevates to system rights, it will change settings to whatever it wants to.

15 Ways to Bypass the PowerShell Execution Policy
That is right. But, there is not a good idea to concentrate on how to mitigate the malware that has been allowed to run on the system (especially with elevation). Of course, it is possible but very ineffective and the system is close to unusable one. Such protections like SRP, blocking or restricting scripts, blocking sponsors, blocking remote access, blocking SMB, using forced SmartScreen, etc., are directed in the first place to prevent malware from running on the system or downloading the payloads. Some elements of such protection will work also as malware mitigation, but this is a secondary purpose.
By the way, all tricks from 15 Ways to Bypass the PowerShell Execution Policy and some more can be prevented by built-in Windows security (blocking execution of scripts + PowerShell set to Constrained Language mode + blocking the PowerShell sponsors). The way such security works can be seen when analyzing @askalan tests from Malware Vault (samples) threads (21.09 - 14-10-2017). The system was protected against all malware samples (even without blocking powershell.exe) because they could not run or download malicious files.
The tweaks used by @TairikuOkami or included in Hard_Configurator, are very effective against malware in the wild. They can be bypassed (like any security) in the targetted attacks.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top