Joined
Mar 14, 2017
Messages
279
#21
Just a few questions

What are the consequences of

a) renaming vssadmin
b) disabling Windows Script Host
c) disable Windows PowerShell

What software will be affected or under what circumstances are the above not to be modified? Any exclusion/exception can be made for them if they have been modified?

Is there any 3rd-party software to simplify the above modification like just having tickboxes?

Thanks
I have disabled all of the programs you mentioned above for my SUA account using exception rules in AppLocker and have been running it this way for about a month now without any issues.

If I need to use Powershell or run a script then I just launch it as an admin and run it that way.

All in all I have blocked almost 70 system executable's from running on my system for my SUA and so far so good! :) These executables can be used by malware so I think I have reduced my attack surface quite a bit.
 

shmu26

Level 71
Content Creator
Verified
Joined
Jul 3, 2015
Messages
6,042
Operating System
Windows 10
#22
if you use backup software such as macrium reflect for instance, I don't think that you can disable vssadmin.

But the other two processes mentioned can be safely disabled without affecting normal computer use.

The best way to do this is with process lasso, it works even in the free edition.
see this thread: Process Lasso 101

this is my list of disallowed processes, in process lasso:
I later discovered that Process Lasso does not always terminate a light process, such as windows script host, fast enough to prevent a script from running. So it is an imperfect solution, in my opinion.

As for vssadmin, I discovered that Macrium Reflect can run just fine without it.
 
Joined
Mar 9, 2014
Messages
84
#23
Thanks for sharing that. I just discovered Process Lasso and am using the free version. I'll try adding some of the programs to the disallowed list. For AVs, I am currently using Bitdefender Free. I read that an anti-ransomware feature is included but I don't know if it's part of the free version.
 

Evjl's Rain

Level 39
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,801
Operating System
Windows 8.1
Antivirus
Avast
#24
Thanks for sharing that. I just discovered Process Lasso and am using the free version. I'll try adding some of the programs to the disallowed list. For AVs, I am currently using Bitdefender Free. I read that an anti-ransomware feature is included but I don't know if it's part of the free version.
antiransomware module is not included in the free version. Only in paid versions
the dedicated BD antiransomware tool is a joke
 

Evjl's Rain

Level 39
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,801
Operating System
Windows 8.1
Antivirus
Avast
#26
Thanks. Is there any free program that I can use?
I highly recommend appcheck antirasomware and kaspersky antiransomware tool because of their compatibility and effectiveness. A few products can be better, stronger but they may break something of your PC or they are not free

or you can use Voodooshield free in autopilot mode. It's an anti-everything, not just ransomwares