Computer security is paramount. Malware and other malicious software constantly threaten our systems. To bolster the security of your Windows computer, there are three crucial settings involving PowerShell that you should consider changing. PowerShell, a powerful command-line interface, and scripting language integral to Windows, is also a preferred tool for many malware creators. In this article, we’ll delve into these settings and guide you through securing your system.
Importance of PowerShell
Before we dive into the settings, let’s understand why we’re making these changes. PowerShell is a versatile tool, but its power is often exploited by malware. It’s estimated that anywhere from 50% to 75% of malware utilizes PowerShell in some way during an attack. Malware may run malicious scripts or commands using PowerShell. Therefore, configuring PowerShell security settings is crucial for safeguarding your system.
Disabling PowerShell 2.0
The first step involves disabling an older and vulnerable version of PowerShell, which is included by default in Windows for compatibility reasons. To do this:
- Click on the Start menu and search for “Turn Windows Features On and Off.”
- Locate “Windows PowerShell 2.0” and uncheck it.
- Confirm the changes and restart your computer if prompted.
This action removes the outdated PowerShell version while retaining the modern version.
Enabling Constrained Language Mode
Constrained Language Mode restricts the types of commands PowerShell can run, even if run directly or within a script. This is essential because it limits the actions that malware can perform using PowerShell. To set up Constrained Language Mode:
- Open PowerShell and check the current language mode using the command: $ExecutionContext.SessionState.LanguageMode
- By default, it will likely show “Full Language,” indicating no restrictions.
- Open the Start menu, search for “Environment Variables,” and click “Edit the System Environment Variables.”
- In the System Properties window, click “Environment Variables.”
- Under System Variables, click “New” and create a variable with the name __PSLockDownPolicy and set the variable value to 4.
- Restart your computer or open a new PowerShell window.
This setting will limit the types of commands PowerShell can execute, making it more challenging for malware to exploit.
Configuring PowerShell Script Execution Policies
This setting focuses on PowerShell script execution policies. By default, Windows has an execution policy that should block script execution. However, it’s easily bypassed. Here’s how to secure it:
For Windows Pro Edition:
Open the Group Policy Editor and navigate to “Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell.”
Under “Turn on Script Execution,” set it to “Disabled” or choose “Allow Only Signed Scripts” if you understand trusted certificates.
For Windows Home Edition:
Download and install “Policy Plus,” a free program that replicates Group Policy settings.
Open Policy Plus and select “Computer” in the dropdown.
Navigate to “Windows Components > Windows PowerShell.”
Under “Turn on Script Execution,” set it to “Disabled” or “Allow Only Signed Scripts.”
- For Home Edition, ensure you save policies after configuration.
This change prevents PowerShell scripts from running, making it difficult for malware to execute scripts.
Additional Consideration: PowerShell 7
Lastly, consider PowerShell 7, a separate version from the default Windows PowerShell. It doesn’t respect the execution policies set for Windows PowerShell. To secure it:
Download PowerShell 7 from its GitHub page.
Extract the downloaded files.
Copy “PowerShellCoreExecutionPolicy.admx” to “C:\Windows\PolicyDefinitions.”
Copy “PowerShellExecutionPolicy.adml” to the appropriate language folder in “PolicyDefinitions.”
In Group Policy Editor, navigate to “Administrative Templates > PowerShell Core > Turn On Script Execution” and set it to “Disabled” or sync it with the Windows PowerShell setting.
This extra step ensures that PowerShell 7 adheres to the script execution policies you’ve set.
While these settings won’t make your computer invulnerable, they significantly enhance security against certain types of attacks. It’s essential to stay vigilant and continually update your security measures in the ever-evolving landscape of cybersecurity. By following these steps, you’ll make it much more challenging for malware to compromise your Windows computer’s security.
We are the founders of Techspurblog and we have been in this industry for over Four years. We pride ourselves on being the global leader in developing Technology Blog, which can create original content.
We are a team of enthusiastic people who want to share our experience, knowledge and enterprise with the world. We love what we do and we hope you will too!