What is your take about not having a real time antivirus?

pseymour · Aug 18, 2024

Well, I don't know everything that wouldn't work if you removed PowerShell, and that's kind of the point. Who knows what Windows or application functionality you're breaking by removing it? It's not like you're removing some word processing application you're not using; you're removing a component of Windows.

And if you're going to remove PowerShell and Terminal, better remove cmd for the same reason. I've done plenty of bad things at a command prompt.

TairikuOkami · Aug 18, 2024

DesignHeaad9206 said:
Which apps/programs/services would not work if I remove PowerShell and Windows Terminal and leave just the classic cmd?

I can not think of anything. Windows is leaning towards using runtimes like .NET and Edge.

DesignHeaad9206 · Aug 18, 2024

TairikuOkami said:
I can not think of anything. Windows is leaning towards using runtimes like .NET and Edge.

Edge?
Can you elaborate on that?

And what's your take on cmd being as dangerous for malware as PowerShell?
Not trying to make a war of opinions, tbc, I just try to understand all perspectives to make my own :)

OldNavy · Aug 18, 2024

Not having an antivirus program would be like that dream you have of going to school in your pyjamas - horrendous.
Can't be done I'm afraid (for me anyway).

DesignHeaad9206 · Aug 18, 2024

TairikuOkami said:

Windows Scripting Host. When people say that malware runs by itself, that is what it uses. You can basically disable malware. :lmao:

Code:

reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\WOW6432Node\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

MS has recently disabled at least VBS in Windows, thus malware moved to PowerShell instead.

https://www.bleepingcomputer.com/news/security/microsoft-to-kill-off-vbscript-in-windows-to-block-malware-delivery/

Note that by default Windows includes old and vulnerable PowerShell 5, though there is already version 7.
Removing version 5 can break some apps and some features, but it is well worth it. You can also restrict it.

Code:

reg add "HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /v "ExecutionPolicy" /t REG_SZ /d "Restricted" /f
reg add "HKLM\Software\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics" /v "ExecutionPolicy" /t REG_SZ /d "Restricted" /f
reg add "HKLM\Software\WOW6432Node\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics" /v "ExecutionPolicy" /t REG_SZ /d "Restricted" /f
reg add "HKLM\Software\Policies\Microsoft\PowerShellCore" /v "EnableScripts" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\WOW6432Node\Policies\Microsoft\PowerShellCore" /v "EnableScripts" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d "0" /f
reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v "__PSLockDownPolicy" /t REG_SZ /d "4" /f

taskkill /im PowerShell.exe /f
taskkill /im PowerShell_ISE.exe /f
taskkill /im pwsh.exe /f
takeown /s %computername% /u %username% /f "%ProgramFiles%\WindowsPowerShell" /r /d y
icacls "%ProgramFiles%\WindowsPowerShell" /inheritance:r /grant:r %username%:(OI)(CI)F /t /l /q /c
rd "%ProgramFiles%\WindowsPowerShell" /s /q
takeown /s %computername% /u %username% /f "%ProgramFiles(x86)%\WindowsPowerShell" /r /d y
icacls "%ProgramFiles(x86)%\WindowsPowerShell" /grant:r %username%:(OI)(CI)F /t /l /q /c
rd "%ProgramFiles(x86)%\WindowsPowerShell" /s /q
takeown /s %computername% /u %username% /f "%WinDir%\System32\WindowsPowerShell" /r /d y
icacls "%WinDir%\System32\WindowsPowerShell" /grant:r %username%:(OI)(CI)F /t /l /q /c
rd "%WinDir%\System32\WindowsPowerShell" /s /q
takeown /s %computername% /u %username% /f "%WinDir%\SysWOW64\WindowsPowerShell" /r /d y
icacls "%WinDir%\SysWOW64\WindowsPowerShell" /grant:r %username%:(OI)(CI)F /t /l /q /c
rd "%WinDir%\SysWOW64\WindowsPowerShell" /s /q

Yes, replacing this shortcut with CMD's shortcut gives me CMD in the start menu.

Code:

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

View attachment 104137

Hi again!

So, I tried your tweaks, after all I am going to install Windows from zero now on a new SSD so I can do experiments in this SSD

But could you please please explain a bit more in detail what they do exactly?
So I can feel safer about implementing them in the new installation.
Btw, I have entered all that in Windows Terminal (administrator) and it said "The operation completed successfully" for each of the commands, and then I restarted, but Powershell is still in the system, I can access it and use it.
Well, now tbh when I enter a command either in the PowerShell or in Windows Terminal, it's not in colors anymore. So, does that mean that PowerShell has been "disabled", and now when I open Terminal or Powershell it's CMD what is working within them?
Is that enough to prevent Ransomware? I mean, I thought that the idea was to prevent the execution of commands in PowerShell, but now PowerShell can still be opened, and commands can be executed, just in B&W instead of color

Also, stupid question, what should i put in the last code in the place of %USERPROFILE%?
Let's say that my User in Windows is XYZ, I've tried XYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk and %XYZ%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk and none of them worked...

Thanks!!!

TairikuOkami · Aug 18, 2024

DesignHeaad9206 said:
Edge?
Can you elaborate on that?

Microsoft Edge WebView2 Runtime

DesignHeaad9206 said:
And what's your take on cmd being as dangerous for malware as PowerShell?

CMD is very limited compared to PS, thus the reason MS started using PS instead.
Malware can use PS to elevate and then it can do anything, like change firewall rules.

DesignHeaad9206 said:
Btw, I have entered all that in Windows Terminal (administrator)

I believe Terminal uses PS and you can not remove PS, while running it. Use CMD as admin.
If PS is removed, those 4 folders should not exist. You can easily restore it using SFC scan.

Code:

%ProgramFiles%\WindowsPowerShell
%ProgramFiles(x86)%\WindowsPowerShell
%WinDir%\System32\WindowsPowerShell
%WinDir%\SysWOW64\WindowsPowerShell

Windows terminal is an app, which can be uninstalled.

DesignHeaad9206 said:
what should i put in the last code in the place of %USERPROFILE%?

Start - Run - %USERPROFILE% - will open your profile folder, you do need to use your username.

pseymour · Aug 18, 2024

TairikuOkami said:
CMD is very limited compared to PS, thus the reason MS started using PS instead.
Malware can use PS to elevate and then it can do anything, like change firewall rules.

You can elevate PowerShell or cmd and change firewall rules: netsh.

Edit: One thing I've not mentioned... even if you remove PowerShell, it's still possible to run PS scripts and commands. There's a project called PowerLine that's made specifically for this, and other similar things exist. I won't link to PowerLine because it's known to be used maliciously. Point is, you're not really gaining anything by removing it.

DesignHeaad9206 · Aug 18, 2024

TairikuOkami said:
Microsoft Edge WebView2 Runtime
...
I believe Terminal uses PS and you can not remove PS, while running it. Use CMD as admin.
...
Start - Run - %USERPROFILE% - will open your profile folder, you do need to use your username.

Ok, I did it again from CMD (admin) and now it's really gone, no PowerShell, no Windows Terminal.
I used the code how it was. Or was I supposed to change %WinDir% with C, %username% with my username, and %computername% with my computer name?

About the user profile thing, I thought I had to use it in CMD too, that's why when it didn't recognize the command I tried changing USERPROFILE with XYZ (my hypothetical username).
Now I did it in run like you just said and it says that the path doesn't exist.
Maybe because your other codes deleted it?
What am I supposed to do?
Now that PoweShell and Terminal are gone I'd like to have CMD in the right click menu of the Start key, like you said that this string would do

TairikuOkami · Aug 18, 2024

DesignHeaad9206 said:
Now that PoweShell and Terminal are gone I'd like to have CMD in the right click menu of the Start key

Start - Run - copy code to open the folder:

Code:

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

Remove the shortcut that is there, create the new shortcut with location path:

Code:

C:\Windows\System32\cmd.exe

Name it:

Code:

Windows PowerShell

DesignHeaad9206 · Aug 18, 2024

TairikuOkami said:
Start - Run - copy code to open the folder:

Code:

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

Remove the shortcut that is there, create the new shortcut with location path:

Code:

C:\Windows\System32\cmd.exe

Name it:

Code:

Windows PowerShell

It worked! Thanks :)
Now, what if I would want to put things back how they were?
Do you have a code for that too?

barreleye · Aug 19, 2024

I've been a Windows user since Windows 3, so since the early 90's. I've never had a virus or any malware.

I've always disabled real-time antivirus software. I've always been careful about the software I download, and I've always scanned it manually.

TairikuOkami · Aug 19, 2024

DesignHeaad9206 said:
Now, what if I would want to put things back how they were?
Do you have a code for that too?

No, it would be faster to use a system backup or reinstall.
Most tweaks are just ON/OFF, so you can just replace 0/1.

andrew129260 · Aug 22, 2024

DesignHeaad9206 said:
I never ever had a virus.

That you know of

TechnoMage2021 said:
The last time I was infected by a virus

barreleye said:
I've never had a virus or any malware.

As far as you know....

____________________________________________________________________________________________________________________________________________
Malware nowadays is not the days of windows xp practically shouting at the screen saying I'm infected! I'm infected!

It is much more sophisticated and complex than that. Malware does everything it can to hide the infection and make you not aware it's even there. Malware can be in your router, in your computer, anywhere you go.

You need an active antivirus. You don't need to pay for it. Windows defender is fine for most folks. Using preventive software and keeping windows up to date is a must. However, it is true that in general, windows is much more secure than it has ever been. Setting UAC to its highest level, using memory integrity, and setting a secure dns is some extra stuff that really helps for sure.

But don't ever assume your machine is not infected because everything seems fine, or you don't notice anything wrong. Because that's the point.

What is your take about not having a real time antivirus?

Windows developer and admіn

My Computers

Microsoft 365 Basic

My Computer

Member

My Computer

Well-known member

My Computer

Member

My Computer

Microsoft 365 Basic

My Computer

Windows developer and admіn

My Computers

Member

My Computer

Microsoft 365 Basic

My Computer

Member

My Computer

Well-known member

My Computer

Microsoft 365 Basic

My Computer

Well-known member

My Computers

Similar threads