Author Topic: Separate questions about netsh.exe and powershell.exe  (Read 125 times)

Stephen

  • Jr. Member
  • **
  • Posts: 44
Separate questions about netsh.exe and powershell.exe
« on: July 17, 2019, 12:52:45 pm »
What should one do about netsh.exe? Currently I'm benig cautious and allow it to only run once (Expert mode), but this could soon become a bit irritating.

Also I read somewhere that powershell should be disabled, if possible, in order to better protect a PC from malware attacks. I allow to to run sometimes, but I'm almost never sure about it. What could I do to minimize risks?

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1461
Re: Separate questions about netsh.exe and powershell.exe
« Reply #1 on: July 17, 2019, 11:05:06 pm »
If my memory serves me, ReHIPS already has a preinstalled rule for netsh.exe.

And a preinstalled rule for powershell also. It should alert about any scripts it tries to automatically execute. It should be enough for security. But if you really want to tighten security, you can try to disable powershell. But who knows, maybe some update will try to use it and fails. Some rare used fetures are often poorly tested.

Stephen

  • Jr. Member
  • **
  • Posts: 44
Re: Separate questions about netsh.exe and powershell.exe
« Reply #2 on: July 18, 2019, 06:56:19 am »
Thank you for the information. I'll try to use my best judgment and bear in mind the ReHIPS rules for these programs.

Umbra

  • Active Testers
  • Hero Member
  • *****
  • Posts: 596
  • Beta tester
Re: Separate questions about netsh.exe and powershell.exe
« Reply #3 on: August 02, 2019, 05:08:25 am »
may i suggest rehips to be able to import rules from a text file, it will be very useful for people like me who block most of the MS LOLbins. they are so many it took ages to list them all in ReHIPS.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1461
Re: Separate questions about netsh.exe and powershell.exe
« Reply #4 on: August 02, 2019, 08:47:50 am »
We have export/import settings in our TODO list, so this one should be covered too.
BTW, don't wildcards cover this use-case?

Umbra

  • Active Testers
  • Hero Member
  • *****
  • Posts: 596
  • Beta tester
Re: Separate questions about netsh.exe and powershell.exe
« Reply #5 on: August 02, 2019, 10:43:39 am »
We have export/import settings in our TODO list, so this one should be covered too.


Quote
BTW, don't wildcards cover this use-case?
for those both in system32 and syswow64 yes, but you have around a hundred of those useless LOLbins to block, and making/modifying a rule for each of them is an hassle i prefer to avoid.