What should one do about netsh.exe? Currently I'm benig cautious and allow it to only run once (Expert mode), but this could soon become a bit irritating.
Also I read somewhere that powershell should be disabled, if possible, in order to better protect a PC from malware attacks. I allow to to run sometimes, but I'm almost never sure about it. What could I do to minimize risks?
If my memory serves me, ReHIPS already has a preinstalled rule for netsh.exe.
And a preinstalled rule for powershell also. It should alert about any scripts it tries to automatically execute. It should be enough for security. But if you really want to tighten security, you can try to disable powershell. But who knows, maybe some update will try to use it and fails. Some rare used fetures are often poorly tested.
Thank you for the information. I'll try to use my best judgment and bear in mind the ReHIPS rules for these programs.
may i suggest rehips to be able to import rules from a text file, it will be very useful for people like me who block most of the MS LOLbins. they are so many it took ages to list them all in ReHIPS.
We have export/import settings in our TODO list, so this one should be covered too.
BTW, don't wildcards cover this use-case?
Quote from: fixer on August 02, 2019, 08:47:50 AM
We have export/import settings in our TODO list, so this one should be covered too.
QuoteBTW, don't wildcards cover this use-case?
for those both in system32 and syswow64 yes, but you have around a hundred of those useless LOLbins to block, and making/modifying a rule for each of them is an hassle i prefer to avoid.