Advice Request Windows PowerShell is still active although I blocked it using Hard Configurator!

Please provide comments and solutions that are helpful to the author of this topic.

DDE_Server

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
although i turned on block power shell scripts in hard configurator it still not disabled in windows features as shown in the below screen shot:

Windows power shell feature.png
hard configurator screenshot.png

is this a bug in the hard configurator tool or just I misunderstand something @Andy Ful :unsure::unsure::unsure: ??
 
  • Like
Reactions: Gandalf_The_Grey, boutthatlife, blackice and 2 others
9

93803123

No, it is all working as designed and intended.

DDE_Server said:
although i turned on block power shell scripts in hard configurator it still not disabled in windows features as shown in the below screen shot:

View attachment 226639
Click to expand...

Using the Windows Features wizard only disables PowerShell version 2.0.

There are multiple versions of PowerShell that ship with Windows. PowerShell version 5.X is the latest on Windows 10. At a basic level, Powershell version 2.0 continues to be shipped and activated by default. It should be disabled always. In fact, it should not even ship with Windows in this day and age. Microsoft sacrifices everyone's security to provide backwards compatibility convenience to only a minuscule number of users that still cling to Powershell 2.0.

Here is some basic level discussion of Powershell and its versions: Differences between PowerShell versions

DDE_Server said:
View attachment 226638
is this a bug in the hard configurator tool or just I misunderstand something @Andy Ful :unsure::unsure::unsure: ??
Click to expand...

The above setting blocks the execution of Powershell script file types themselves. The setting does not block the execution of Powershell. By setting it to on, I know it definitely blocks .ps1 files. It might also block .ps2, powershell module file types (e.g. .psm1), but I assume those file types are included in @Andy Ful's extended file type blocking feature.

If you want to disable the default Powershell version on your system, then select "Powershell" under LOLBins.

More about Powershell file types: PowerShell file extensions
 
  • Like
Reactions: Parsh, Gandalf_The_Grey, boutthatlife and 8 others
DDE_Server

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
zhuzhangspankspank said:
No, it is all working as designed and intended.



Using the Windows Features wizard only disables PowerShell version 2.0.

There are multiple versions of PowerShell that ship with Windows. PowerShell version 5.X is the latest on Windows 10. At a basic level, Powershell version 2.0 continues to be shipped and activated by default. It should be disabled always. In fact, it should not even ship with Windows in this day and age. Microsoft sacrifices everyone's security to provide backwards compatibility convenience to only a minuscule number of users that still cling to Powershell 2.0.

Here is some basic level discussion of Powershell and its versions: Differences between PowerShell versions



The above setting blocks the execution of Powershell script file types themselves. The setting does not block the execution of Powershell. By setting it to on, I know it definitely blocks .ps1 files. It might also block .ps2, powershell module file types (e.g. .psm1), but I assume those file types are included in @Andy Ful's extended file type blocking feature.

If you want to disable the default Powershell version on your system, then select "Powershell" under LOLBins.

More about Powershell file types: PowerShell file extensions
Click to expand...
ok thanks for the explanation :)
 
  • Like
Reactions: Gandalf_The_Grey, boutthatlife, blackice and 3 others

Similar threads

Victor M
    • Wow
    • Like
Hot Take ASUS VivoBook BIOS disable WiFi does not disable. Peer Mode Attack
Replies
3
Views
915
Hardware Discussions
Victor M
Victor M
C
    • Like
    • +Reputation
App Review ESET Internet Security 2023
Replies
2
Views
1,791
Written Reviews - Security and Privacy
ForgottenSeer 103564
F
Lymphocyte
    • Like
    • +Reputation
Security News ESET repports that OilRig’s persistent attacks using cloud service-powered downloaders
Replies
0
Views
1,941
Security News
Lymphocyte
Lymphocyte

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top