API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 19th, 2019
200
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.38 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Windows Firewall with Advanced Security –
  3.  
  4. Blocking Outbound Connection
  5. Credits to Daniel Streefkerk (https://daniel.streefkerkonline.com/2017/10/24/mitigate-commodity-malware-attacks-with-windows-firewall-rules/) @dstreefkerk
  6.  
  7. I have added a few addition in his Firewall configuration that adds extra defensive layer.
  8.  
  9. Block Internet Access - conhost.exe (x64)
  10. %SystemRoot%\System32\conhost.exe
  11. Block Internet Access - cscript.exe
  12. %SystemRoot%\SysWOW64\cscript.exe
  13. Block Internet Access - cscript.exe (x64)
  14. %SystemRoot%\System32\cscript.exe
  15. Block Internet Access – cmstp.exe
  16. %SystemRoot%\SysWOW64\cmstp.exe
  17. Block Internet Access – calc.exe (x64)
  18. %SystemRoot%\SysWOW64\calc.exe
  19. Block Internet Access – calc.exe
  20. %SystemRoot%\SysWOW64\calc.exe
  21. Block Internet Access – cmstp.exe (x64)
  22. %SystemRoot%\System32\cmstp.exe
  23. Block Internet Access - wscript.exe
  24. %SystemRoot%\SysWOW64\wscript.exe
  25. Block Internet Access - wscript.exe (x64)
  26. %SystemRoot%\System32\wscript.exe
  27. Block Internet Access - mshta.exe
  28. %SystemRoot%\SysWOW64\mshta.exe
  29. Block Internet Access - mshta.exe (x64)
  30. %SystemRoot%\System32\mshta.exe
  31. Block Internet Access - bitsadmin.exe
  32. %SystemRoot%\SysWOW64\bitsadmin.exe
  33. Block Internet Access – bitsadmin.exe (x64)
  34. %SystemRoot%\System32\bitsadmin.exe
  35. Block Internet Access - csrss.exe
  36. %SystemRoot%\SysWOW64\csrss.exe
  37. Block Internet Access – csrss.exe (x64)
  38. %SystemRoot%\System32\csrss.exe
  39. Block Internet Access - devicedisplayobjectprovider.exe
  40. %SystemRoot%\SysWOW64\devicedisplayobjectprovider.exe
  41. Block Internet Access – devicedisplayobjectprovider.exe (x64)
  42. %SystemRoot%\System32\devicedisplayobjectprovider.exe
  43. Block Internet Access – lsass.exe
  44. %SystemRoot%\SysWOW64\lsass.exe
  45. Block Internet Access – lsass.exe (x64)
  46. %SystemRoot%\System32\lsass.exe
  47. Block Internet Access – presentationhost.exe
  48. %SystemRoot%\SysWOW64\presentationhost.exe
  49. Block Internet Access – presentationhost.exe (x64)
  50. %SystemRoot%\System32\presentationhost.exe
  51. Block Internet Access – wsmprovhost.exe
  52. %SystemRoot%\SysWOW64\wsmprovhost.exe
  53. Block Internet Access – wsmprovhost.exe (x64)
  54. %SystemRoot%\System32\wsmprovhost.exe
  55. Block Internet Access – eventvwr.exe
  56. %SystemRoot%\SysWOW64\eventvwr.exe
  57. Block Internet Access – eventvwr.exe (x64)
  58. %SystemRoot%\System32\eventvwr.exe
  59. Block Internet Access – mmc.exe
  60. %SystemRoot%\SysWOW64\mmc.exe
  61. Block Internet Access – mmc.exe (x64)
  62. %SystemRoot%\System32\mmc.exe
  63. Block Internet Access - runscripthelper.exe
  64. %SystemRoot%\SysWOW64\runscripthelper.exe
  65. Block Internet Access – runscripthelper.exe (x64)
  66. %SystemRoot%\System32\runscripthelper.exe
  67. Block Internet Access – notepad.exe
  68. %SystemRoot%\SysWOW64\notepad.exe
  69. Block Internet Access – notepad.exe (x64)
  70. %SystemRoot%\System32\notepad.exe
  71.  
  72. Block Internet Access - powershell_ise.exe
  73. %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
  74. Block Internet Access - powershell_ise.exe (x64)
  75. %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell_ise.exe
  76. Block Internet Access - powershell.exe
  77. %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  78. Block Internet Access - powershell.exe (x64)
  79. %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe
  80. Block Internet Access - regsvr32.exe
  81. %SystemRoot%\SysWOW64\regsvr32.exe
  82. Block Internet Access - regsvr32.exe (x64)
  83. %SystemRoot%\System32\regsvr32.exe
  84. Block Internet Access - rundll32.exe
  85. %SystemRoot%\SysWOW64\rundll32.exe
  86. Block Internet Access - rundll32.exe (x64)
  87. %SystemRoot%\System32\rundll32.exe
  88. Block Internet Access - msdt.exe
  89. %SystemRoot%\SysWOW64\msdt.exe
  90. Block Internet Access - msdt.exe (x64)
  91. %SystemRoot%\System32\msdt.exe
  92. Block Internet Access - dfsvc.exe - 2.0.50727
  93. %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
  94. Block Internet Access - dfsvc.exe - 2.0.50727 (x64)
  95. %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe
  96. Block Internet Access - dfsvc.exe - 4.0.30319
  97. %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
  98. Block Internet Access - dfsvc.exe - 4.0.30319 (x64)
  99. %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
  100. Block Internet Access - ieexec.exe - 2.0.50727
  101. %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
  102. Block Internet Access - ieexec.exe - 2.0.50727 (x64)
  103. %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe
  104. Block Internet Access - MSBuild.exe - 2.0.50727
  105. %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
  106. Block Internet Access - MSBuild.exe - 2.0.50727 (x64)
  107. %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe
  108. Block Internet Access - MSBuild.exe - 3.5
  109. %SystemRoot%\Microsoft.NET\Framework\v3.5\MSBuild.exe
  110. Block Internet Access - MSBuild.exe - 3.5 (x64)
  111. %SystemRoot%\Microsoft.NET\Framework64\v3.5\MSBuild.exe
  112. Block Internet Access - MSBuild.exe - 4.0.30319
  113. %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  114. Block Internet Access - MSBuild.exe - 4.0.30319 (x64)
  115. %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  116. Block Internet Access - InstallUtil.exe - 2.0.50727
  117. %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
  118.  
  119. Block Internet Access - InstallUtil.exe - 2.0.50727 (x64)
  120. %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe
  121. Block Internet Access - InstallUtil.exe - 4.0.30319
  122. %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  123. Block Internet Access - InstallUtil.exe - 4.0.30319 (x64)
  124. %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!