Separate questions about netsh.exe and powershell.exe

Started by Stephen, July 17, 2019, 12:52:45 PM

Previous topic - Next topic

Stephen

What should one do about netsh.exe? Currently I'm benig cautious and allow it to only run once (Expert mode), but this could soon become a bit irritating.

Also I read somewhere that powershell should be disabled, if possible, in order to better protect a PC from malware attacks. I allow to to run sometimes, but I'm almost never sure about it. What could I do to minimize risks?

fixer

If my memory serves me, ReHIPS already has a preinstalled rule for netsh.exe.

And a preinstalled rule for powershell also. It should alert about any scripts it tries to automatically execute. It should be enough for security. But if you really want to tighten security, you can try to disable powershell. But who knows, maybe some update will try to use it and fails. Some rare used fetures are often poorly tested.

Stephen

Thank you for the information. I'll try to use my best judgment and bear in mind the ReHIPS rules for these programs.

Umbra

may i suggest rehips to be able to import rules from a text file, it will be very useful for people like me who block most of the MS LOLbins. they are so many it took ages to list them all in ReHIPS.

fixer

We have export/import settings in our TODO list, so this one should be covered too.
BTW, don't wildcards cover this use-case?

Umbra

Quote from: fixer on August 02, 2019, 08:47:50 AM
We have export/import settings in our TODO list, so this one should be covered too.


QuoteBTW, don't wildcards cover this use-case?
for those both in system32 and syswow64 yes, but you have around a hundred of those useless LOLbins to block, and making/modifying a rule for each of them is an hassle i prefer to avoid.