Guide | How To How to Protect and Harden a Computer against Ransomware

The associated guide may contain user-generated or external content.

ParaXY

Level 6
Verified
Mar 14, 2017
273
Just a few questions

What are the consequences of

a) renaming vssadmin
b) disabling Windows Script Host
c) disable Windows PowerShell

What software will be affected or under what circumstances are the above not to be modified? Any exclusion/exception can be made for them if they have been modified?

Is there any 3rd-party software to simplify the above modification like just having tickboxes?

Thanks

I have disabled all of the programs you mentioned above for my SUA account using exception rules in AppLocker and have been running it this way for about a month now without any issues.

If I need to use Powershell or run a script then I just launch it as an admin and run it that way.

All in all I have blocked almost 70 system executable's from running on my system for my SUA and so far so good! :) These executables can be used by malware so I think I have reduced my attack surface quite a bit.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
if you use backup software such as macrium reflect for instance, I don't think that you can disable vssadmin.

But the other two processes mentioned can be safely disabled without affecting normal computer use.

The best way to do this is with process lasso, it works even in the free edition.
see this thread: Process Lasso 101

this is my list of disallowed processes, in process lasso:
I later discovered that Process Lasso does not always terminate a light process, such as windows script host, fast enough to prevent a script from running. So it is an imperfect solution, in my opinion.

As for vssadmin, I discovered that Macrium Reflect can run just fine without it.
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
491
Thanks for sharing that. I just discovered Process Lasso and am using the free version. I'll try adding some of the programs to the disallowed list. For AVs, I am currently using Bitdefender Free. I read that an anti-ransomware feature is included but I don't know if it's part of the free version.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thanks for sharing that. I just discovered Process Lasso and am using the free version. I'll try adding some of the programs to the disallowed list. For AVs, I am currently using Bitdefender Free. I read that an anti-ransomware feature is included but I don't know if it's part of the free version.
antiransomware module is not included in the free version. Only in paid versions
the dedicated BD antiransomware tool is a joke
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thanks. Is there any free program that I can use?
I highly recommend appcheck antirasomware and kaspersky antiransomware tool because of their compatibility and effectiveness. A few products can be better, stronger but they may break something of your PC or they are not free

or you can use Voodooshield free in autopilot mode. It's an anti-everything, not just ransomwares
 
  • Like
Reactions: BugCode and shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top