Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Windows Home/Pro owner? Use Software Restriction Policies!
Message
<blockquote data-quote="Andy Ful" data-source="post: 544099" data-attributes="member: 32260"><p>Here is the vbs script that works on my Windows 10 Home. It is in the alpha stage (not tested on other machines).</p><p>Anybody can optimize and modify it.</p><p>If You want to bypass SRP the script must be wrapped to exe file for asking admin rights.</p><p>Some executable extensions have to be removed from SRP ( BAT, CMD, JS, JSE, MSI, VBE, VBS, WSF), if You want to run them with "Run As Smartscreen". I noticed that they are still protected by SRP. The difference is that they are blocked when sponsors (cmd.exe, wscript.exe, msiexex.exe) try to get files in the User Space.</p><p>.</p><p>.</p><p>RunAsSmartScreen.vbs</p><p>****************************************************************************************************************************************</p><p>Set WshShell = CreateObject("WScript.Shell")</p><p>'****** Put the path of the file to fsoFile variable ******</p><p>Set fso = CreateObject("Scripting.FileSystemObject")</p><p>Set fsoFile = fso.GetFile(WScript.Arguments.Item(0))</p><p>'****** Check if the file is in the System Space ******</p><p>If InStr(chr(34)&fsoFile&chr(34), "C:\Windows\") = 2 Then</p><p> WshShell.Run(chr(34)&fsoFile&chr(34))</p><p> WScript.Quit</p><p>Else</p><p> If InStr(chr(34)&fsoFile&chr(34),"C:\Program Files\") = 2 Then</p><p> WshShell.Run(chr(34)&fsoFile&chr(34))</p><p> WScript.Quit</p><p> Else</p><p> If InStr(chr(34)&fsoFile&chr(34),"C:\Program Files (x86)\") = 2 Then</p><p> WshShell.Run(chr(34)&fsoFile&chr(34))</p><p> WScript.Quit</p><p> Else</p><p>'****** Clear all file attributes</p><p> fsoFile.Attributes = fsoFile.Attributes AND 0</p><p>'****** Create, run and delete another script AddZoneIdentifierToFile.vbs , that adds the proper ADS ******</p><p> Set f = fso.CreateTextFile("C:\Windows\temp\AddZoneIdentifierToFile.vbs")</p><p> f.WriteLine ("Set WshShell = CreateObject(" & chr(34) & "WScript.Shell" & chr(34)&")")</p><p> f.WriteLine ("Set fso = CreateObject(" & chr(34) & "Scripting.FileSystemObject" & chr(34)&")")</p><p> f.WriteLine ("Set f = fso.CreateTextFile(" & chr(34) & fsoFile & ":Zone.Identifier" & chr(34)&")")</p><p> f.WriteLine ("f.WriteLine " & chr(34) & "[ZoneTransfer]" & chr(34))</p><p> f.WriteLine ("f.WriteLine " & chr(34) & "ZoneId=3" & chr(34))</p><p> f.WriteLine ("f.close")</p><p> WshShell.Run ("C:\Windows\Temp\AddZoneIdentifierToFile.vbs")</p><p> Set f = fs<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite120" alt="o_O" title="Er... what? o_O" loading="lazy" data-shortname="o_O" />penTextFile("C:\Windows\Temp\AddZoneIdentifierToFile.vbs", 1)</p><p> f.Close</p><p> WScript.Sleep 1000</p><p> fso.DeleteFile("C:\Windows\Temp\AddZoneIdentifierToFile.vbs")</p><p>'****** Run the file ******</p><p> WshShell.Run(chr(34)&fsoFile&chr(34))</p><p> End If</p><p> End If</p><p>End If </p><p>Set WshShell = Nothing</p><p>WScript.Quit</p><p></p><p>****************************************************************************************************************************************</p><p>I do not know why there is the yellow face in the vbs code. You must replace it by dotOdot, similarly to the fso.DeleteFile command.</p><p>.</p><p>.</p><p>Run_As_SmartScreen.reg</p><p>***************************************************************************************</p><p>Windows Registry Editor Version 5.00</p><p></p><p>[HKEY_CLASSES_ROOT\*\shell\Run As SmartScreen]</p><p>"Icon"="%windir%\\system32\\SmartScreenSettings.exe"</p><p>[HKEY_CLASSES_ROOT\*\shell\Run As SmartScreen\command]</p><p>@="C:\\Windows\\RunAsSmartscreen.exe \"%1\" %*"</p><p>***************************************************************************************</p><p>.</p><p>.</p><p>Installation:</p><p>Wrap RunAsSmartscreen.vbs to RunAsSmartscreen.exe</p><p>Copy RunAsSmartscreen.exe to the "C:\Windows\" folder.</p><p>Import Run_As_SmartScreen.reg to the Windows Registry.</p><p>.</p><p>.</p><p>Deinstallation:</p><p>Remove RunAsSmartscreen.exe from "C:\Windows\" folder.</p><p>Delete the registry key: [HKEY_CLASSES_ROOT\*\shell\Run with SmartScreen]</p><p>.</p><p>.</p><p>This is the more convenient "Run As SmartScreen" solution. I also tried solutions with RunAsSmartscreen.bat or RunAsSmartscreen.vbs without wrapping, but then the launcher is needed, to run the file from the script with admin rights, to bypass SRP. On my machine, the Nirsoft program "nircmd.exe" worked well.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 544099, member: 32260"] Here is the vbs script that works on my Windows 10 Home. It is in the alpha stage (not tested on other machines). Anybody can optimize and modify it. If You want to bypass SRP the script must be wrapped to exe file for asking admin rights. Some executable extensions have to be removed from SRP ( BAT, CMD, JS, JSE, MSI, VBE, VBS, WSF), if You want to run them with "Run As Smartscreen". I noticed that they are still protected by SRP. The difference is that they are blocked when sponsors (cmd.exe, wscript.exe, msiexex.exe) try to get files in the User Space. . . RunAsSmartScreen.vbs **************************************************************************************************************************************** Set WshShell = CreateObject("WScript.Shell") '****** Put the path of the file to fsoFile variable ****** Set fso = CreateObject("Scripting.FileSystemObject") Set fsoFile = fso.GetFile(WScript.Arguments.Item(0)) '****** Check if the file is in the System Space ****** If InStr(chr(34)&fsoFile&chr(34), "C:\Windows\") = 2 Then WshShell.Run(chr(34)&fsoFile&chr(34)) WScript.Quit Else If InStr(chr(34)&fsoFile&chr(34),"C:\Program Files\") = 2 Then WshShell.Run(chr(34)&fsoFile&chr(34)) WScript.Quit Else If InStr(chr(34)&fsoFile&chr(34),"C:\Program Files (x86)\") = 2 Then WshShell.Run(chr(34)&fsoFile&chr(34)) WScript.Quit Else '****** Clear all file attributes fsoFile.Attributes = fsoFile.Attributes AND 0 '****** Create, run and delete another script AddZoneIdentifierToFile.vbs , that adds the proper ADS ****** Set f = fso.CreateTextFile("C:\Windows\temp\AddZoneIdentifierToFile.vbs") f.WriteLine ("Set WshShell = CreateObject(" & chr(34) & "WScript.Shell" & chr(34)&")") f.WriteLine ("Set fso = CreateObject(" & chr(34) & "Scripting.FileSystemObject" & chr(34)&")") f.WriteLine ("Set f = fso.CreateTextFile(" & chr(34) & fsoFile & ":Zone.Identifier" & chr(34)&")") f.WriteLine ("f.WriteLine " & chr(34) & "[ZoneTransfer]" & chr(34)) f.WriteLine ("f.WriteLine " & chr(34) & "ZoneId=3" & chr(34)) f.WriteLine ("f.close") WshShell.Run ("C:\Windows\Temp\AddZoneIdentifierToFile.vbs") Set f = fso_OpenTextFile("C:\Windows\Temp\AddZoneIdentifierToFile.vbs", 1) f.Close WScript.Sleep 1000 fso.DeleteFile("C:\Windows\Temp\AddZoneIdentifierToFile.vbs") '****** Run the file ****** WshShell.Run(chr(34)&fsoFile&chr(34)) End If End If End If Set WshShell = Nothing WScript.Quit **************************************************************************************************************************************** I do not know why there is the yellow face in the vbs code. You must replace it by dotOdot, similarly to the fso.DeleteFile command. . . Run_As_SmartScreen.reg *************************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\Run As SmartScreen] "Icon"="%windir%\\system32\\SmartScreenSettings.exe" [HKEY_CLASSES_ROOT\*\shell\Run As SmartScreen\command] @="C:\\Windows\\RunAsSmartscreen.exe \"%1\" %*" *************************************************************************************** . . Installation: Wrap RunAsSmartscreen.vbs to RunAsSmartscreen.exe Copy RunAsSmartscreen.exe to the "C:\Windows\" folder. Import Run_As_SmartScreen.reg to the Windows Registry. . . Deinstallation: Remove RunAsSmartscreen.exe from "C:\Windows\" folder. Delete the registry key: [HKEY_CLASSES_ROOT\*\shell\Run with SmartScreen] . . This is the more convenient "Run As SmartScreen" solution. I also tried solutions with RunAsSmartscreen.bat or RunAsSmartscreen.vbs without wrapping, but then the launcher is needed, to run the file from the script with admin rights, to bypass SRP. On my machine, the Nirsoft program "nircmd.exe" worked well. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
