Deactivating Powershell is a Good Idea

By 17 April, 2018 IT Security

Perhaps one of the most effective recommendations when it comes to fighting ransomware attacks is to disable Windows Powershell. We always insist on this option in addition to other security measures and user awareness to mitigate possible “unwanted encryption”.

Windows PowerShell has four different execution policies:

Restricted: Prohibits executing scripts.

AllSigned: Only scripts signed by a trusted editor can be executed.

RemoteSigned: Downloaded scripts must be signed by a trusted editor before they can be executed.

No restrictions: As put, without restrictions. All Windows PowerShell scripts can be executed.

To assign a particular policy, we call Set-ExecutionPolicy followed by the name of the corresponding policy.

For example, this command sets the execution policy to Restricted:

Open ‘cmd’ window in administrator mode and type the following:

powershell Set-ExecutionPolicy -ExecutionPolicy Restricted

To re-enable the function, and depending on the ‘level’ of functionality and assuming we do not want any restriction:

powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted

As said, if you don’t use it, deactivate it.

To keep up with IT and Cybersecurity issues, like us on Facebook and follow us on Twitter.

 

Copyright 2017, TresW