Guide | How To How to Protect and Harden a Computer against Ransomware

[ParaXY]

Just a few questions

What are the consequences of

a) renaming vssadmin
b) disabling Windows Script Host
c) disable Windows PowerShell

What software will be affected or under what circumstances are the above not to be modified? Any exclusion/exception can be made for them if they have been modified?

Is there any 3rd-party software to simplify the above modification like just having tickboxes?

Thanks

I have disabled all of the programs you mentioned above for my SUA account using exception rules in AppLocker and have been running it this way for about a month now without any issues.

If I need to use Powershell or run a script then I just launch it as an admin and run it that way.

All in all I have blocked almost 70 system executable's from running on my system for my SUA and so far so good! These executables can be used by malware so I think I have reduced my attack surface quite a bit.

 

[shmu26]

if you use backup software such as macrium reflect for instance, I don't think that you can disable vssadmin.

But the other two processes mentioned can be safely disabled without affecting normal computer use.

The best way to do this is with process lasso, it works even in the free edition.
see this thread: Process Lasso 101

this is my list of disallowed processes, in process lasso:

I later discovered that Process Lasso does not always terminate a light process, such as windows script host, fast enough to prevent a script from running. So it is an imperfect solution, in my opinion.

As for vssadmin, I discovered that Macrium Reflect can run just fine without it.

 

[monkeylove]

Thanks for sharing that. I just discovered Process Lasso and am using the free version. I'll try adding some of the programs to the disallowed list. For AVs, I am currently using Bitdefender Free. I read that an anti-ransomware feature is included but I don't know if it's part of the free version.

 

[Evjl's Rain]

Thanks for sharing that. I just discovered Process Lasso and am using the free version. I'll try adding some of the programs to the disallowed list. For AVs, I am currently using Bitdefender Free. I read that an anti-ransomware feature is included but I don't know if it's part of the free version.

antiransomware module is not included in the free version. Only in paid versions
the dedicated BD antiransomware tool is a joke

 

[monkeylove]

Thanks. Is there any free program that I can use?

 

[Evjl's Rain]

Thanks. Is there any free program that I can use?

I highly recommend appcheck antirasomware and kaspersky antiransomware tool because of their compatibility and effectiveness. A few products can be better, stronger but they may break something of your PC or they are not free

or you can use Voodooshield free in autopilot mode. It's an anti-everything, not just ransomwares

 

[frogboy]

Thanks. Is there any free program that I can use?

For sure a backup solution such as Macrium Reflect or Aomei Backupper both have a free and reliable version. Then yo will always be protected 100%.

 

[shmu26]

or you can use Voodooshield free in autopilot mode. It's an anti-everything, not just ransomwares

+1
Voodooshield will also give you protection against powershell, windows script host, etc.

 

[monkeylove]

For sure a backup solution such as Macrium Reflect or Aomei Backupper both have a free and reliable version. Then yo will always be protected 100%.

I have backups, thanks.