Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
How to set PS script to TRUSTED but only let it access ETC_Hosts file in system32?
Message
<blockquote data-quote="bazang" data-source="post: 1118645" data-attributes="member: 114717"><p>As [USER=32260]@Andy Ful[/USER] points out, if you make the script itself static - which it should be in the first place - then the script itself, when executed by PowerShell, will only modify the hosts file.</p><p></p><p>It is not the script itself that has access, it is the interpreter - PowerShell that accesses, modifies, and executes. If PowerShell can execute scripts then it has full access to most parts of the system.</p><p></p><p>There is no safe way to use PowerShell if you intend not to disable it after you are done using it. Constrained language mode will provide many security benefits, but overall, if your priority is hardened security, then you just don't allow PowerShell to execute on any system. If it is enabled on a system, particularly in a Windows administrator's account, and that system is breached, PowerShell is one of the most commonly abused "features" of Windows. It is used as a download cradle, to modify many parts of a system, and to pivot from system to system across a network. It can even encrypt files just like ransomware (PowerShell ransomware). Then it can be used as a reverse malicious agent on a system.</p><p></p><p>There are many aspects to PowerShell security. To cover them all here would take walls of text. Then it would take quite a bit of effort on your part to figure it all out and make it work securely for you. Unless you have the inclination to spend a month or so devoting time and effort to it, the best thing is not to use PowerShell in the first place.</p><p></p><p>The people at Microsoft Security said 10 or 15 years ago they didn't know what Microsoft was thinking when it developed and shipped PowerShell with Windows. The initial iterations of PowerShell (1.0 and 2.) were extremely insecure. Since then Microsoft has done what it can to make it more secure, but threat actors always find the gaps and holes that Microsoft's development teams leave within PowerShell that can be exploited.</p><p></p><p>Users HostMan instead:</p><p></p><p>[URL unfurl="true"]https://www.abelhadigital.com/hostsman/[/URL]</p></blockquote><p></p>
[QUOTE="bazang, post: 1118645, member: 114717"] As [USER=32260]@Andy Ful[/USER] points out, if you make the script itself static - which it should be in the first place - then the script itself, when executed by PowerShell, will only modify the hosts file. It is not the script itself that has access, it is the interpreter - PowerShell that accesses, modifies, and executes. If PowerShell can execute scripts then it has full access to most parts of the system. There is no safe way to use PowerShell if you intend not to disable it after you are done using it. Constrained language mode will provide many security benefits, but overall, if your priority is hardened security, then you just don't allow PowerShell to execute on any system. If it is enabled on a system, particularly in a Windows administrator's account, and that system is breached, PowerShell is one of the most commonly abused "features" of Windows. It is used as a download cradle, to modify many parts of a system, and to pivot from system to system across a network. It can even encrypt files just like ransomware (PowerShell ransomware). Then it can be used as a reverse malicious agent on a system. There are many aspects to PowerShell security. To cover them all here would take walls of text. Then it would take quite a bit of effort on your part to figure it all out and make it work securely for you. Unless you have the inclination to spend a month or so devoting time and effort to it, the best thing is not to use PowerShell in the first place. The people at Microsoft Security said 10 or 15 years ago they didn't know what Microsoft was thinking when it developed and shipped PowerShell with Windows. The initial iterations of PowerShell (1.0 and 2.) were extremely insecure. Since then Microsoft has done what it can to make it more secure, but threat actors always find the gaps and holes that Microsoft's development teams leave within PowerShell that can be exploited. Users HostMan instead: [URL unfurl="true"]https://www.abelhadigital.com/hostsman/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
