privacy.sexy icon indicating copy to clipboard operation
privacy.sexy copied to clipboard

Published 20 hours ago verified publisher icon undergroundwires

Script suggestion: Block Razer installs

Open silverwings15 opened this issue 1 year ago • 4 comments

Operating system

Windows (not sure if OSX and Linux face the same behavior)

Name

Prevent unprompted installation of Razer software (e.g. when plugging in Razer peripherals)

Code

$RazerPath = "C:\Windows\Installer\Razer"

# Disable driver auto-install via registry
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" -Name "SearchOrderConfig" -Type DWord -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer" -Name "DisableCoInstallers" -Type DWord -Value 1

# Remove and lock install directory
Remove-Item $RazerPath -Recurse -Force
New-Item -Path "C:\Windows\Installer\" -Name "Razer" -ItemType "directory"
$Acl = Get-Acl $RazerPath
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM", "Write", "ContainerInherit,ObjectInherit", "None", "Deny")

$Acl.SetAccessRule($Ar)
Set-Acl $RazerPath $Acl

(taken from https://github.com/ChrisTitusTech/block-razer)

Revert code

I don't think it's required, the user can still install Razer Synapse manually if needed

Category

Configure Programs

Recommendation level

Standard

silverwings15 avatar Jan 02 '24 04:01 silverwings15

Hi @silverwings15.

  • We have already SearchOrderConfig as "Disable Windows Update device driver search".
  • DisableCoInstallers seems to have security benefits, so it can be added a separately (not inside Razer).

Removing write access to C:\Windows\Installer\Razer folder may include side-effects. Does it intervene with manually installing "Razer Synapse" in future?

undergroundwires avatar Jan 02 '24 14:01 undergroundwires

We have already SearchOrderConfig as "Disable Windows Update device driver search".

ah right

Removing write access to C:\Windows\Installer\Razer folder may include side-effects. Does it intervene with manually installing "Razer Synapse" in future?

not at all as i stated above, but to confirm i reran the script, then grabbed the Razer online installer from https://rzr.to/synapse-3-pc-download. the installer managed to download and install Synapse without a hitch

silverwings15 avatar Jan 02 '24 16:01 silverwings15

Ok, thank you for the verification, then I agree that we should add this. I will try to make it to next feature release but no promises made as there are a lot in the backlog and limited time for me at this moment. You can consider send a PR for faster action. See CONTRIBUTING.md#pull-request-process.

undergroundwires avatar Jan 02 '24 17:01 undergroundwires

never written a PR before but sure, i'll follow the instructions and give it a go

silverwings15 avatar Jan 03 '24 11:01 silverwings15