Page 1 of 2 12 LastLast
  1.    15 Aug 2016 #1
    Join Date : Jun 2015
    Posts : 286
    windows 10 pro x64 stable build

    how to disable powershell


    I unticked it in windows features,
    but if I type "powershell" in search box, I get two versions of it, and they both execute.
    So how do I disable this thing?

    While we are at it, how can I disable other exploitable processes that the standard Windows user doesn't need?
      My ComputerSystem Spec
  2.    15 Aug 2016 #2
    Join Date : Oct 2014
    Trnava
    Posts : 2,758
    Windows 10.4 Home 1709 x64

    I disable it by Taking Ownership and removing all users from those folders. You can easily re-enable it by adding a user.

    C:\Program Files (x86)\WindowsPowerShell
    C:\Program Files\WindowsPowerShell
    C:\Windows\System32\WindowsPowerShell
    C:\Windows\SysWOW64\WindowsPowerShell

    I used to remove it, but some windows updates re-install it.

    You definitely have to disable Windows Script Host (used for executing scripts via .JS, .JSE, .VBS, .VBE)
    reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    POC: A closer look at the Locky ransomware
    Attached Thumbnails Attached Thumbnails capture_08152016_174005.jpg  
    Last edited by Brink; 15 Aug 2016 at 17:59.
      My ComputerSystem Spec
  3.    15 Aug 2016 #3
    Join Date : Jun 2015
    Posts : 286
    windows 10 pro x64 stable build
    Thread Starter

    Quote Originally Posted by TairikuOkami View Post
    I disable it by Taking Ownership and removing all users from those folders. You can easily re-enable it by adding a user.

    C:\Program Files (x86)\WindowsPowerShell
    C:\Program Files\WindowsPowerShell
    C:\Windows\System32\WindowsPowerShell
    C:\Windows\SysWOW64\WindowsPowerShell

    I used to remove it, but some windows updates re-install it.

    You definitely have to disable Windows Script Host (used for executing scripts via .JS, .JSE, .VBS, .VBE)
    reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    POC: A closer look at the Locky ransomware
    thanks
    how to add those reg entries?
    Last edited by Brink; 15 Aug 2016 at 17:59.
      My ComputerSystem Spec
  4.    15 Aug 2016 #4
    Join Date : Oct 2014
    Trnava
    Posts : 2,758
    Windows 10.4 Home 1709 x64

    Just open CMD as admin and copy/paste/enter.
      My ComputerSystem Spec
  5.    15 Aug 2016 #5
    Join Date : Jun 2015
    Posts : 286
    windows 10 pro x64 stable build
    Thread Starter

    Quote Originally Posted by TairikuOkami View Post
    I disable it by removing all users from those folders. Y

    C:\Program Files (x86)\WindowsPowerShell
    C:\Program Files\WindowsPowerShell
    C:\Windows\System32\WindowsPowerShell
    C:\Windows\SysWOW64\WindowsPowerShell

    I used to remove it, but some windows updates re-install it.
    thanks
    and how to remove all users? I think I did it wrong. I removed access for all users, but powershell still executes...
    windows 10 x64
      My ComputerSystem Spec
  6.    15 Aug 2016 #6
    Join Date : Oct 2014
    Trnava
    Posts : 2,758
    Windows 10.4 Home 1709 x64

    Sorry, it seems, that I was wrong, very wrong. It still has to be removed in order to prevent it from running.
    I guess I should thank you, without you, I would have never found out. Now to check time to time, if it is still out.
      My ComputerSystem Spec
  7.    15 Aug 2016 #7
    Join Date : Jun 2015
    Posts : 286
    windows 10 pro x64 stable build
    Thread Starter

    Quote Originally Posted by TairikuOkami View Post
    Sorry, it seems, that I was wrong, very wrong. It still has to be removed in order to prevent it from running.
    I guess I should thank you, without you, I would have never found out. Now to check time to time, if it is still out.
    no problem, now I got everything set up. the two powershell exe files are renamed, and windows script host is disabled through registry.
    the malware is going to be very disappointed if it visits me.
      My ComputerSystem Spec
  8.    15 Aug 2016 #8
    Join Date : Sep 2014
    Nashville, TN
    Posts : 3,143
    Windows 10 Pro

    Quote Originally Posted by shmu26 View Post
    While we are at it, how can I disable other exploitable processes that the standard Windows user doesn't need?
    What do you mean by "exploitable processes"? It's nor more exploitable than the command prompt. In fact, it has significant security above and beyond what Command Prompt offers to prevent exploits.

    Are you just trying to remove the ability for users to run it? If so, that can be done from Group Policy.
      My ComputerSystem Spec
  9.    16 Aug 2016 #9
    Join Date : Jun 2015
    Posts : 286
    windows 10 pro x64 stable build
    Thread Starter

    Quote Originally Posted by Mystere View Post
    What do you mean by "exploitable processes"? It's nor more exploitable than the command prompt. In fact, it has significant security above and beyond what Command Prompt offers to prevent exploits.

    Are you just trying to remove the ability for users to run it? If so, that can be done from Group Policy.
    I am trying to make it harder for malware to do damage to my system, by disabling windows processes that are commonly abused by malware, and are not normally needed by a standard user. A prime example of this is powershell.
      My ComputerSystem Spec
  10.    16 Aug 2016 #10
    Join Date : Jun 2015
    Posts : 286
    windows 10 pro x64 stable build
    Thread Starter

    Quote Originally Posted by Mystere View Post
    that can be done from Group Policy.
    could you explain how?
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Solved PowerShell
I have a 64-bit laptop running Win 10 Home. I just notice in All apps, there is an entry of PowerShell and PowerShell (x86). I realize the former is for 64-bit and the latter is for 32-bit. Question : In my 64-bit laptop, when I open...
Performance & Maintenance
Solved Different kinds of Powershell?
I've recently used Powershell, but there appear to be several different versions of this utility. Some of them work--some of them merely report not being able to find something or call up something else. For instance, when I call up Powershell from...
General Support
Solved Can't disable Ctrl Alt Disable on Windows 10 Login screen
Hello my friends, I activated the ctrl alt disable login screen for Windows 10 by using this registry key from this forum.(Lock Screen - Enable or Disable in Windows 10 - Windows 10 Forums). I downloaded and installed the key to disable only...
General Support
Powershell glitch
Hi fellow W10 users, This week I switched to using Windows 10, but I have this strange problem/glitch in PowerShell. At first I did an upgrade from Windows 8.1 to Windows 10, after which I did a full clean install. Now here it comes......
Software and Apps
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 23:18.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums