UnamSanctam
blocking antivirus installation
UNAM hello, can you add the function of blocking installer antiviruses by publisher certificates so that the user could not install the antivirus when downloading and block system restore point rollback
Well I can disable system restore but how exactly do you propose to block publisher certificates, something like certutil -addstore DISALLOWED FILE.crt or are you thinking of something else?
https://www.thewindowsclub.com/how-to-prevent-users-from-installing-programs-in-windows-7?amp
Well you don't really want to disable the Windows installer (what that article is about), then no one can install any program irrespective if they're an antivirus or not.
I don’t know programming, but I know that it’s possible to block installation programs by the publisher, maybe you know how to do it so that the user could not install the downloaded antivirus if it is blocked along the exe path, then the user can rename the name of the exe and then install it if it is blocked by the certificate, then it’s like it or not be able to install software
https://www.google.com/amp/s/sysadmin-note.ru/article/blokirovka-ustanovkizapuska-prilozhenij-s-pomoshhyu-applocker/amp/
There aren't really any ways of doing so with commands that I know of or can find except maybe through certutil -addstore DISALLOWED FILE.crt but then you'd need the certificate file.
https://www.google.com/amp/s/sysadmin-note.ru/article/blokirovka-ustanovkizapuska-prilozhenij-s-pomoshhyu-applocker/amp/
While it is possible to add rules to the AppLocker through powershell it will only work on Enterprise and Education editions of Windows 10 and 11 as far as I know. There is the AppLocker CSP which works on all Windows 10 and 11 editions I think but it's not manageable by commands (you have to do it manually with the GUI). Then there's also the WDAC (Windows Defender Application Control) as an "alternative" which is only available on Windows 10 and 11 (version 1909 and above) but it's a very heavy handed and not really something I like using.
here it is more precisely described and somewhere I saw that it is possible to transfer the rule to the file by xml make such a function in the miner
As it is also said on that site, that method (AppLocker) will only work for Enterprise and Education editions of Windows 10 and 11.
Yes but that would only work on Enterprise and Education editions of Windows 10 and 11, meaning it wouldn't work on the majority of Windows installations I think (I don't have that at least).
I mean, the things you want (AppLocker through powershell in this instance) would not work on the majority of Windows installations, wouldn't work on my main computer or any of my VMs and probably not on your computer either, it only works on Enterprise and Education versions of Windows 10/11 so the feature would probably not have much of an effect.
You mean a rule with WDAC or do you mean the Device Guard in Windows 10/11 S?
there is no difference, the most important thing is that the downloaded antivirus blocked it, you have ideas
Well Windows 10/11 S is technically a different operating system mode (which no one that can run the miner uses since they would be unable to run .exe files) so that wouldn't work. It's technically possible to use WDAC but it only works on Windows 10 and 11 (version 1909 and above) so if that would be acceptable then it's technically possible. Though I wouldn't get all the publisher certificate names/codes myself so any you would want to block would have to be entered in the builder like the "Block Websites" option.
To be honest, 5+ years ago with my friend we discovered funny virus on his pc called "simov.exe" it was working by killing webbrowser when someone typed for example avast in google or any known av software, it was pretty funny, but maybe, whats about, for example checking for installer ran like for example "avast installer.exe" (just imagined name) and killing it? i guess "Kill targets may do this" but did not tested yet
