Lean And Mean snippets for power users RunAsTI / reg_own / ToggleDefender / Edge removal / redirect

Discussion in 'Scripting' started by AveYo, May 7, 2021.

  1. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    wonderful. splendid. brilliant. and more. feels like the end of the world, redux ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    2,194
    2,630
    90
    your script's are pure evil :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,828
    15,676
    270
    They bring malware into your computer? :tooth:
     
  4. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    2,194
    2,630
    90
    Try to understand what he did there
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. :zipped: we must support good work but must not criticize wonderful job of a good person on community.
     
  6. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    2,194
    2,630
    90
    It's was a joke lol
    He write wonderfull scripts :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,828
    15,676
    270
    :rolleyes:

    Bro, you do too much drugs or frankly you got a whole different culture.
    It's a f joke for baus scripts zucrin and I did
     
  8. No Bro i never had drugs .
    I hate druggists .
    i might be of different mindset :)
     
  9. crypticus

    crypticus MDL Senior Member

    Jun 29, 2015
    304
    129
    10
    Can you please add script for onedrive and microsoftedge? disabling or disabling+removing would be great

    are your scripts have /s parameter? to run in setupcomplete.cmd
     
  10. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    removing onedrive & edge is not something I would recommend,
    since it can break windows updates for not much benefit other than few MB's storage
    disabling on the other hand is quite easy via IFEO registry
    will see if I can share something fancy

    no /s parameter, though it's a great suggestion for ToggleDefender
    will probably add off and on launch options and for convenience parsing script name for option so for example could rename it as ToggleDefender;off.bat or ToggleDefender;on.bat
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    2,194
    2,630
    90
    I have good reasons to remove it
    Quarantine my files, hate this p o s !
    Can call it virus instead defender.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. You are Absolutely the same as according to my views too.
     
  13. verndog

    verndog MDL Member

    May 3, 2010
    175
    78
    10
    Mine too. Don't know what to replace it with. The other AV's hog my resources.
     
  14. zbigniew59

    zbigniew59 MDL Senior Member

    May 14, 2016
    296
    117
    10
    It's not that bad - just set it up well - there are tools for that.
    Although I disable / remove it anyway and use different security features.
     
  15. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,828
    15,676
    270
    :confused:
    Basically you are calling @zucrin a p o s and a f virus?
    Really?

    Let's behold the beginning of a war...
    :tooth:
     
  16. You are always in funny mood LOL.
    no i havent called him a virus but agreed to his comment.
    He can understand what i mean by quoting his comment in a bright crystal clear way.
     
  17. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    2,194
    2,630
    90
    war it be.
    this is Sparta :mad:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    #38 AveYo, Aug 26, 2021
    Last edited: Sep 16, 2021
    (OP)
    pff get off my lawn ;)

    I've been toying lately with some downloaded custom drivers and since there are so many binaries to check manually for digital signatures, I've adapted the verify defender update cabs thingy to work for any file(s) or folder(s) selected via right-click - Send to menu
    Verify Digital Signatures.bat
    Code:
    @(echo off% <#%) &color 07 &title Verify Digital Signatures &rem Files/Folders SendTo menu entry by AveYo
    set "0=%~f0" &set 1=%*& powershell -nop -c iex ([io.file]::ReadAllText($env:0)) &pause &exit/b ||#>)[1]
    
    #,# Install to SendTo menu when run from another location
    if (!$env:1) { write-host "`n No input files or folders to verify! use 'Send to' context menu ...`n" -fore Yellow }
    $SendTo = [Environment]::GetFolderPath('ApplicationData') + '\Microsoft\Windows\SendTo'
    if (!$env:1 -and $env:0 -and $(Split-Path $env:0) -ne $SendTo) { copy $env:0 "$SendTo\Verify Digital Signatures.bat" -force }
    if (!$env:1) { return }
    
    #,# Process command line arguments - supports multiple files and folders
      $arg = ([regex]'"[^"]+"|[^ ]+').Matches($env:1)
      $val = Get-Item -force -lit ($arg[0].Value.Trim('"'))
      $dir = Split-Path $val; cd -lit $dir
    #,# Grab target files names
      $files = @()
      foreach ($a in $arg) {
        $f = gi -force -lit $a.Value.Trim('"')
        if ($f.PSTypeNames -match 'FileInfo') { $files += $f }
        else { dir -lit $f -rec -force |? { !$_.PSIsContainer } |% { $files += $_ } }
      }
    #,# Verify digital signatures via built-in powershell - now with a more descriptive output
    $ext = '.exe .dll .mui .sys .ax .ocx .cpl .scr .msu .msi .Msix .msixbundle .appx .appxbundle .cab .cat .cdxml .ps1xml .psd1 .psm1'
    $filter = $ext.Split(); $err = @()
    $files | foreach-object {
      if ($filter -contains $_.Extension) {
        $sig = Get-AuthenticodeSignature $_.FullName
        if ($sig.status -eq 0) {
          $sig.SignerCertificate| add-member Thumbprint $sig.SignerCertificate.Subject.Split('=')[1].Trim(', O').Trim(', OU') -force
          write-output $sig
        }
        else { $err += "Invalid   "+$_.FullName+"`nModified  "+$_.LastWriteTime+"  Size  "+$_.Length+"`n" }
      }
    }
    write-host
    if ($err.length -eq 0) { write-host -fore yellow -back darkgreen " OK! " }
    else { write-output $err; write-host -fore yellow -back darkred " ERR! " }
    #,# Done
    
    
    Run once, and it will copy itself to Send to menu. Only scans active binaries (should I add more formats?)

    update: now with a more descriptive output - signer name instead of useless Thumbprint
    2021.09.16: improved output speed
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    14,210
    72,648
    340
    appx formats have Authenticode? are not those just zip files? :g:

    there is also msixbundle
     
  20. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,837
    5,564
    60
    yeah, if it contains AppxSignature.p7x
    basically just one (zip) container renamed for appx, msix, appxbundle, the msixbundle I forgot and whatever else microsoft throws at their s**tty store
    and msu (like cab) - but that is already secured via wusa - I'm under the impression that it does not take custom authored ones
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...