Windows 10: how to disable powershell

I unticked it in windows features,
but if I type "powershell" in search box, I get two versions of it, and they both execute.
So how do I disable this thing?

While we are at it, how can I disable other exploitable processes that the standard Windows user doesn't need?

:)

 

Disable PowerShell

Hello all.

Is there a way I can completely uninstall the Windows PowerShell feature on my machine?

And if yes, will it affect normal system functionality?

I have already tried to disable this in the Windows Features but the program is still there and can be opened/used.

Thank you.

 

Disable PowerShell

Hi,

Thank you for posting your query in Microsoft Community.

Sorry for the inconvenience caused. I will assist you with this.

Please be informed that Windows Power shell is an inbuilt feature which comes with Windows you can disable it in Windows features but you cannot remove it. Hence if you search in Windows search it will show Windows PowerShell.

Hope this information was helpful.

Thank you.

 

I disable it by Taking Ownership and removing all users from those folders. You can easily re-enable it by adding a user.

C:\Program Files (x86)\WindowsPowerShell
C:\Program Files\WindowsPowerShell
C:\Windows\System32\WindowsPowerShell
C:\Windows\SysWOW64\WindowsPowerShell

I used to remove it, but some windows updates re-install it.

You definitely have to disable Windows Script Host (used for executing scripts via .JS, .JSE, .VBS, .VBE)
reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

POC: A closer look at the Locky ransomware

 

thanks
how to add those reg entries?

 

Just open CMD as admin and copy/paste/enter.

 

thanks
and how to remove all users? I think I did it wrong. I removed access for all users, but powershell still executes...
windows 10 x64

 

Sorry, it seems, that I was wrong, very wrong. It still has to be removed in order to prevent it from running. *Mad
I guess I should thank you, without you, I would have never found out. Now to check time to time, if it is still out.

 

no problem, now I got everything set up. the two powershell exe files are renamed, and windows script host is disabled through registry.
the malware is going to be very disappointed if it visits me.

 

What do you mean by "exploitable processes"? It's nor more exploitable than the command prompt. In fact, it has significant security above and beyond what Command Prompt offers to prevent exploits.

Are you just trying to remove the ability for users to run it? If so, that can be done from Group Policy.

 

I am trying to make it harder for malware to do damage to my system, by disabling windows processes that are commonly abused by malware, and are not normally needed by a standard user. A prime example of this is powershell.

 

could you explain how?

 

PS can be disabled via ExecutionPolicy, but that can be easily bypassed via, you can guess, via PS. *chuckle

https://blog.netspi.com/15-ways-to-b...ecution-policy

Actually majority of malware use WSH or PS to infect, especially ransomware and exploits without user intervention.

Malware Created with Microsoft PowerShell Is on the Rise

https://securelist.com/blog/research...rshell-malware

Powershell or WSH are completely useless for common users, so there is no reason to keep it available.

Today: https://threatpost.com/latest-window...ecution/119887

 

Except that it is a requirement for many new kinds of maintenance a regular user might have to do. For instance, you can't uninstall and reinstall many apps without powershell.

Still, it's easy to disable it via group policy.

How to Block an Application or .EXE from Running in Windows

 

it seems that there are ways around this simple form of blocking
PowerShell - One Tool to Rule Them All
but with Process Lasso, you can automatically terminate any powershell process or script interpreter.
under the options menu you have "configure disallowed processes", and and after adding your list of processes, you should put a tick in "match wildcards"