Perhaps one of the most effective recommendations when it comes to fighting ransomware attacks is to disable Windows Powershell. We always insist on this option in addition to other security measures and user awareness to mitigate possible “unwanted encryption”.
Windows PowerShell has four different execution policies:
Restricted: Prohibits executing scripts.
AllSigned: Only scripts signed by a trusted editor can be executed.
RemoteSigned: Downloaded scripts must be signed by a trusted editor before they can be executed.
No restrictions: As put, without restrictions. All Windows PowerShell scripts can be executed.
To assign a particular policy, we call Set-ExecutionPolicy followed by the name of the corresponding policy.
For example, this command sets the execution policy to Restricted:
Open ‘cmd’ window in administrator mode and type the following:
powershell Set-ExecutionPolicy -ExecutionPolicy Restricted
To re-enable the function, and depending on the ‘level’ of functionality and assuming we do not want any restriction:
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
As said, if you don’t use it, deactivate it.