[SOLVED] Any downside to disabling this?

[LilyLoo]

Hi

I recently had a virus on my PC which I later found out was running via cmd.exe.

I have cleaned my PC and beefed up my security with better (paid) AV and Malwarebytes free.

I read that malware running on the command prompt and powershell are on the rise (affecting me too!) and harder to stop so I took the decision to disable them both in the registry so they cannot be opened. If I ever needed to I could by changing the registry back but I wondered....

Is there any downside to this? I hardly ever need them myself (never used powershell) but are there any other tasks which this might affect?

Thanks

Lily

 

[Colif]

Downsides to disabling powershell and CMD? Why yes, there is, windows can't work without either.

You are shooting windows in the foot to stop an attack that if you have Bitdefender & malwarebytes shouldn't get to you.

did you make a backup of registry before the changes? I would roll back to it now. Before restarting PC

Another fix that might help is run system restore

 

[LilyLoo]

Downsides to disabling powershell and CMD? Why yes, there is, windows can't work without either.

You are shooting windows in the foot to stop an attack that if you have Bitdefender & malwarebytes shouldn't get to you.

did you make a backup of registry before the changes? I would roll back to it now. Before restarting PC

Another fix that might help is run system restore

Thanks, what will it stop please?

I saw it recommended elsewhere but was curious, hence asking really.

 

[Colif]

many applications and parts of windows use either of these to run, file explorer for instance. Most applications use hidden Command window to do the tasks you ask them to do.

I would enable them now as not having them is more destructive them letting them run.

Bitdefender should be enough protection for most of us (I use it too)

 

[LilyLoo]

many applications and parts of windows use either of these to run, file explorer for instance. Most applications use hidden Command windows windows to do the tasks you ask them to do.

I would enable them now as not having them is more destructive them letting them run.

Bitdefender should be enough protection for most of us (I use it too)

thanks, I am just a bit scared after what happened last time and didnt want it to happen again.

 

[LilyLoo]

I managed to change everything back, luckily I had printed the instructions I had followed.

 

[Colif]

DO you use Ublock Origin on all browsers? It is a nice extra

You don't want to let them win. you have to move on and be careful what files you open. Removing core functions of Win 10 to stop other people maybe using them against you is not how to win.

 

[rubix_1011]

thanks, I am just a bit scared after what happened last time and didnt want it to happen again.

What happened 'last time'? That isn't discussed in your thread until this post.

 

[LilyLoo]

What happened 'last time'? That isn't discussed in your thread until this post.

I think (80% sure) that there was a script running cmd.exe in the background that opened when I ran chrome. Pretty sure it it was spyware / key logger that got my password to somethings.

I spotted it after (a) odd things on my email and (b) I'd added new security software that, when I opened chrome, gave alerts to say a malicious script was blocked. I have no idea how I got it, I consider myself careful.

 

[LilyLoo]

DO you use Ublock Origin on all browsers? It is a nice extra

You don't want to let them win. you have to move on and be careful what files you open. Removing core functions of Win 10 to stop other people maybe using them against you is not how to win.

Funny you should say that, I used to use that on Chrome. But after what happened I unistalled it as I wasn't certain it could be trusted. I think I thought that after (IIRC) it said when adding it - 'this can read / track' the sites you are visiting. I cannot remember the exact wording.

Is it safe and recommended?

 

[Colif]

Did you reinstall windows after the virus as that is normally the best way to know for sure the virus is gone.

Bitdefender pretty good at identifying almost all threats so you might be okay now. Ublock is not a replacement for good AV, its more a compliment. Latest version of Bitdefender total security has its own browser add on for chrome. I feel it and UBlock might be overkill, I know the bitdefender add on blocks too much on some sites.

Ublock is fairly safe, but if you open files from an email, it won't help.

 

[britechguy]

uBlock Origin and (in the case of Chrome) uBlock Origin Extra are perfectly safe and have been around for several years now.

The developer had been affiliated with AdBlock Plus but split off when that organization changed their philosophy to allow "unobtrusive" ads through [which could be turned off by the end user].

You really need to take a look at the following. Not that I doubt your statement about being careful, but clearly you did something (as almost all infections, with the rarest of exceptions, come directly as a result of user action) that you need to avoid doing again. Quietman7, a security expert who is an active contributor on Bleeping Computer, has written extensively on what you (any you) need to do to develop safe interaction habits with cyberspace. The following four are, in my opinion, must-reads:

• Users Themselves Are The Most Substantial Weakness In The Security Chain (just that single message)
• What you must understand regarding computer security (also just this single message)
• Best Practices for Safe Computing (long, but can be read slowly over days)
• Reflections on Antivirus/Antimalware Testing & Comparisons

You are overreacting and taking actions that are, in the final analysis, counterproductive to the security and stability of your system.

 

[LilyLoo]

Did you reinstall windows after the virus as that is normally the best way to know for sure the virus is gone.

Bitdefender pretty good at identifying almost all threats so you might be okay now. Ublock is not a replacement for good AV, its more a compliment. Latest version of Bitdefender total security has its own browser add on for chrome. I feel it and UBlock might be overkill, I know the bitdefender add on blocks too much on some sites.

Ublock is fairly safe, but if you open files from an email, it won't help.

Yes, I did thank you. I followed a guide I found on this forum actually. I thought it would be complicated but thanks to the instructions I managed to do it.

It's honestly (and I'm a bit embarrassed to say this) made me scared to use my computer sometimes. It was really creepy.

Thank you for helping.

Lily

 

[LilyLoo]

uBlock Origin and (in the case of Chrome) uBlock Origin Extra are perfectly safe and have been around for several years now.

The developer had been affiliated with AdBlock Plus but split off when that organization changed their philosophy to allow "unobtrusive" ads through [which could be turned off by the end user].

You really need to take a look at the following. Not that I doubt your statement about being careful, but clearly you did something (as almost all infections, with the rarest of exceptions, come directly as a result of user action) that you need to avoid doing again. Quietman7, a security expert who is an active contributor on Bleeping Computer, has written extensively on what you (any you) need to do to develop safe interaction habits with cyberspace. The following four are, in my opinion, must-reads:

• Users Themselves Are The Most Substantial Weakness In The Security Chain (just that single message)
• What you must understand regarding computer security (also just this single message)
• Best Practices for Safe Computing (long, but can be read slowly over days)
• Reflections on Antivirus/Antimalware Testing & Comparisons

You are overreacting and taking actions that are, in the final analysis, counterproductive to the security and stability of your system.

Thanks, I think you are right. This might sound like a silly example but I think of it like this...

Let's say someone broke into my house through a certain door, I would get better security / locks for it etc. However, I feel like someone who doesn't know how the burglar got it (just that they were there) so I am going around all the doors and windows (repeatedly) and checking them just in case!

I am chasing my tail a bit and, as you hinted, doing things that are counterproductive.

 

[Colif]

removing CMD and Powershell was akin to you burning down the house so the burglars can't get in

Sure, it stops them using it but you can't either

its something to learn from, be careful what you open and don't download strange things.

 

[britechguy]

The good thing is, you appear to have learned, and continue to be learning, as a result of what happened.

Recognizing that you're in the "overreaction stage," which is not uncommon, is a huge insight. Denying that the tendency is there is a sure road to chaos.

Paranoia after these sorts of events often results in people taking steps that actually make them more vulnerable, not less.

Taking time to reflect and analyze, now that the threat is removed, before taking any further action is your best bet now. And it seems that you are getting into doing just that. Continue down that road.

 

[LilyLoo]

removing CMD and Powershell was akin to you burning down the house so the burglars can't get in

Sure, it stops them using it but you can't either

its something to learn from, be careful what you open and don't download strange things.

Ha, I understand now. Thank you.

 

[LilyLoo]

The good thing is, you appear to have learned, and continue to be learning, as a result of what happened.

Recognizing that you're in the "overreaction stage," which is not uncommon, is a huge insight. Denying that the tendency is there is a sure road to chaos.

Paranoia after these sorts of events often results in people taking steps that actually make them more vulnerable, not less.

Taking time to reflect and analyze, now that the threat is removed, before taking any further action is your best bet now. And it seems that you are getting into doing just that. Continue down that road.

Thanks for that, the support on here has been amazing.

To highlight my somewhat paranoid questioning of things here is an earlier thread when I was thinking about something else -

https://forums.tomshardware.com/threads/is-this-safe-please.3512888/

Hopefully the reassurance on that thread was correct and helped to protect me too.

Thank you.

 

[LilyLoo]

I hope I am not breaking any rules by linking to something external (please let me know if I am) but it was reading things like this that got me on to the original subject of blocking....

https://www.top-password.com/blog/block-an-application-from-running-in-windows-10/

 

[britechguy]

The thing being, there is no reason for any home user, that is the administrator of their own machine, to need to block anything.

You, and only you, are making decisions about what to run or not run on your machine. If you question whether you should run it, don't, at least until you've done the homework to allow yourself to be comfortable in actually running something that's unfamiliar to you.

The example you gave the link to is about controlling what certain users can do on multi-user systems, generally in a work or "public computer" (e.g., a library, coffee shop, etc.) environment.

 

[Colif]

trying to fix errors before they happen doesn't help. I learned that a long time ago, a little knowledge is almost more dangerous than none at all. I created problems for myself by researching possible problems and trying to do exactly what you did, fix windows before anything happened.

the advice in other thread is correct, the only risk to buying off a 3rd party is IF the licenses were not legit, Microsoft could deactivate them at a later time. You should be okay as worrying about what might happen stops you enjoying all the time nothing is happening

 

[LilyLoo]

The thing being, there is no reason for any home user, that is the administrator of their own machine, to need to block anything.

You, and only you, are making decisions about what to run or not run on your machine. If you question whether you should run it, don't, at least until you've done the homework to allow yourself to be comfortable in actually running something that's unfamiliar to you.

The example you gave the link to is about controlling what certain users can do on multi-user systems, generally in a work or "public computer" (e.g., a library, coffee shop, etc.) environment.

Yes, I think I got onto that after thinking an admin to the Office Software might have access to my PC. Again paranoia!

 

[LilyLoo]

I just wanted to say thank you for everyone taking the time to help and reassure me, I cannot tell you how much I appreciate it!

What a great community this is.

Lily

 

[rubix_1011]

You might also want to ensure that UAC is enabled to alert you when something is attempting to run/execute/change something on your device. (if you haven't already)

There's little reason to turn UAC completely off unless you're on an isolated network or don't have any worries about what you're allowing control over .... or have other systems in place to manage/monitor these kinds of changes. Even if it seems annoying, there is a reason it exists.

https://articulate.com/support/article/how-to-turn-user-account-control-on-or-off-in-windows-10

 

[britechguy]

In addition to what rubix_1011 has already mentioned, those who want to be really anal retentive about security when browsing the internet often recommend that you create a local account on your machine, without admin privileges [a standard account], and use only that when interacting with the web.

For myself, I think that's gross overkill, but I also have not had an infection on any machine I own for in excess of 20 years now and I always use one, and only one, account for myself and that always has admin privileges.

But a standard account has no permission to install anything, so were something to attempt to surreptitiously install when you're using that account, it won't be able to.