Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Simple Stupid Security vs. free AV
Message
<blockquote data-quote="Andy Ful" data-source="post: 779014" data-attributes="member: 32260"><p>In some way, the PowerShell scripts and macros are blocked by default (for the users). But, that is not the same as saying that they are disabled by default in the system.</p><p></p><p>If the user wants to open the .ps1 script by the mouse-click, then the script will not be executed, but opened in the notepad. So, it is true - in some way it will be disabled for the user.</p><p>In the default settings, If the user will choose to open the .ps1 script by the option "Run with PowerShell", then in Windows 10 Home (ver. 1809), the PowerShell console will be opened with some options (Y option will allow running the scripts until reboot).</p><p>If the exploit wants to run the .ps1 script, then it will use -bypass switch in the command line to bypass PowerShell execution policy. But, usually it will use the scripts from the remote locations or will not use scripts but PowerShell commandlines, which easily can bypass the execution policy.</p><p>So, the PowerShell scripts are restricted by default for the users, but not for the exploits, or the other Windows scripts (VBScript, JScript, etc. can run PowerShell scripts and command lines).</p><p></p><p>In MS Office (versions supported by Microsoft), macros in documents downloaded from the Internet will be blocked, because documents will be opened in the "Protected view". Yet, the user still has the option to open the documents normally. Most average users usually choose to open documents normally, especially when they can see the instruction that it is necessary (known phishing trick).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 779014, member: 32260"] In some way, the PowerShell scripts and macros are blocked by default (for the users). But, that is not the same as saying that they are disabled by default in the system. If the user wants to open the .ps1 script by the mouse-click, then the script will not be executed, but opened in the notepad. So, it is true - in some way it will be disabled for the user. In the default settings, If the user will choose to open the .ps1 script by the option "Run with PowerShell", then in Windows 10 Home (ver. 1809), the PowerShell console will be opened with some options (Y option will allow running the scripts until reboot). If the exploit wants to run the .ps1 script, then it will use -bypass switch in the command line to bypass PowerShell execution policy. But, usually it will use the scripts from the remote locations or will not use scripts but PowerShell commandlines, which easily can bypass the execution policy. So, the PowerShell scripts are restricted by default for the users, but not for the exploits, or the other Windows scripts (VBScript, JScript, etc. can run PowerShell scripts and command lines). In MS Office (versions supported by Microsoft), macros in documents downloaded from the Internet will be blocked, because documents will be opened in the "Protected view". Yet, the user still has the option to open the documents normally. Most average users usually choose to open documents normally, especially when they can see the instruction that it is necessary (known phishing trick). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
