- May 1, 2018
- 229
Set-ExecutionPolicy Restricted in powershell 5.0 in admin mode
Thanks guys for yours anwers
Thanks guys for yours anwers
Windows Defender vs GandCrab Ransomware: video review
- Thread starter RoboMan
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Microsoft made easy bypasses for it.
Unless you are actively using PoSh all the time, you really should disable it.
SRP is good. @Andy Ful 's Hard_Configurator will do it. Also, disable the PoSh DLL.
Tip: locate system.management.automation.dll on the system in all locations and rename it to system.management.automation.dll_
PoSh is a menace, but wscript.exe is another menace.
- Jul 3, 2015
- 8,153
SUA is Standard user account. It is the opposite of Admin account.
To put PS in constrained language, which is much stronger than, Restrained, run this script in PS:
[Environment]::SetEnvironmentVariable('__PSLockdownPolicy', '4', 'Machine')
If you have Constrained language, and you are in SUA, you have already prevented many attacks. But don't forget about Windows Script Host, like Lockdown mentioned.
To put PS in constrained language, which is much stronger than, Restrained, run this script in PS:
[Environment]::SetEnvironmentVariable('__PSLockdownPolicy', '4', 'Machine')
If you have Constrained language, and you are in SUA, you have already prevented many attacks. But don't forget about Windows Script Host, like Lockdown mentioned.
- May 1, 2018
- 229
I have a Windows 10 pro version. I keeep lerning to play with gpedit. And there is a option for example tur off script execution or somethin like that.
I can modified a smart screen to block baypass it by malware or untrusted programs
I can modified a smart screen to block baypass it by malware or untrusted programs
- Jul 3, 2015
- 8,153
There is no one setting in GPO to turn off all script execution, AFAIK. Blocking Powershell by GPO is not strong. But blocking Windows Script Host should work, if you find such a setting in GPO.
- Jul 3, 2015
- 8,153
I meant to say that there are lots of different processes that can execute scripts. You won't find one setting in Group Policy that turns off them all.
- May 1, 2018
- 229
Good to know that, thanks for yours advices.
Of course wscript has been turned off in regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings string value-enabled set to 0
Of course wscript has been turned off in regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings string value-enabled set to 0
- Jul 3, 2015
- 8,153
Looks good! That one is responsible for most of the simple file-based script attacks. For most users, it is Enemy Number One.
- Oct 22, 2016
- 409
OT. it would be interesting and useful to collect, in a single post, the settings to disable Powershell, Wscript and other vulnerable processes. (provided that there is already a post like this)
- Dec 23, 2014
- 8,482
Unfortunately, the __PSLockdownPolicy can also be bypassed as standard user. It should be strengthened by disabling PowerShell script execution policy.
Built-in Windows Software Restriction Policies + PowerShell 5.0 can apply Constrained Language mode without bypass loop-hole for processes running as standard user.
- May 1, 2018
- 229
In this situation, I'm happy.
I will make a small summary of my security settings in windows 10 with windows Defender and smartscreen and Edge browser.
Windows defender - blocked the option of disabling protection in gpedit.
Windows Defender - PUP Enabled
Smartscreen - blocked bypass option.
Disabled windows script host in regedit
Disabled flash player in MS Edge and windows
Uninstalled - Internet explorer, SMB protocol, SMB direct, Powershell 2.0
In Powershell 5.0 - entered [Environment] :: SetEnvironmentVariable ('__ PSLockdownPolicy', '4', 'Machine')
But I have a question - where to look for "Tip: locate system.management.automation.dll" on the system in all locations and rename it to system.management.automation.dll_ "should I look in the file explorator?
I wonder if I should add Secureaplus because I have a premium license, but install without a clamav engine.
And whether it is possible or will it be necessary to block the network activity of scripts after entering all these settings?
I will make a small summary of my security settings in windows 10 with windows Defender and smartscreen and Edge browser.
Windows defender - blocked the option of disabling protection in gpedit.
Windows Defender - PUP Enabled
Smartscreen - blocked bypass option.
Disabled windows script host in regedit
Disabled flash player in MS Edge and windows
Uninstalled - Internet explorer, SMB protocol, SMB direct, Powershell 2.0
In Powershell 5.0 - entered [Environment] :: SetEnvironmentVariable ('__ PSLockdownPolicy', '4', 'Machine')
But I have a question - where to look for "Tip: locate system.management.automation.dll" on the system in all locations and rename it to system.management.automation.dll_ "should I look in the file explorator?
I wonder if I should add Secureaplus because I have a premium license, but install without a clamav engine.
And whether it is possible or will it be necessary to block the network activity of scripts after entering all these settings?
Last edited:
- May 1, 2018
- 229
yeah, if a collect today all security options i`ll post it in a new thread
- May 1, 2018
- 229
What is wrong with Poland ? No one use SpyShelter ? It baffles me. SpyShelter Firewall is one of the most powerful protection programs.
- May 1, 2018
- 229
Why are you making yourself vulgar and hitting nationality?
Do you see what programs to protect pc move?
I use spyshelter and MKS_Vir myself.
But I approach the subject of PC protection in a hobby and I wonder how the user can, on his own, raise the protection level built into windows.
Not everyone can use programs that you can.
Not everyone can afford to buy such a program for several machines if it has more than one.
And not even everyone needs such programs.
Following the path of your confusion, Avasta should use Czech, Bitdefender Romanians etc ...
I do not understand why you wrote it and I think it was not needed in this topic
Pay for Windows and programms? You crazy? Free internet, Free programms, Free virus.
- May 4, 2018
- 2,261
Good informative video. Least Window Script Host on this system is disabled already xD
~LDogg
~LDogg
- Jul 3, 2015
- 8,153
Hey, don't worry, Lockdown loves Poles, I think he meant to say that Poles should be more proud of their great product, SpyShelter, and use it, despite the fact that it costs too much for most people...
And everyone definately needs Windows Defender pushed by Microsoft with defaults settings as seen by this video, yep users are protected.
Similar threads
