Skip to content

Instantly share code, notes, and snippets.

@HotCakeX

HotCakeX/gist:a8127ef1f7fa4254a96be56177af2d49

Last active July 3, 2024 11:48
Show Gist options
  • Save HotCakeX/a8127ef1f7fa4254a96be56177af2d49 to your computer and use it in GitHub Desktop.
Save HotCakeX/a8127ef1f7fa4254a96be56177af2d49 to your computer and use it in GitHub Desktop.
Download ZIP
Block bad script hosts
Raw
gistfile1.txt
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Base Policy">
<VersionEx>1.0.0.0</VersionEx>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
<Rule>
<Option>Enabled:UMCI</Option>
</Rule>
<Rule>
<Option>Enabled:Inherit Default Policy</Option>
</Rule>
<Rule>
<Option>Enabled:Unsigned System Integrity Policy</Option>
</Rule>
<Rule>
<Option>Disabled:Script Enforcement</Option>
</Rule>
<Rule>
<Option>Required:Enforce Store Applications</Option>
</Rule>
<Rule>
<Option>Enabled:Update Policy No Reboot</Option>
</Rule>
<Rule>
<Option>Enabled:Allow Supplemental Policies</Option>
</Rule>
<Rule>
<Option>Enabled:Dynamic Code Security</Option>
</Rule>
<Rule>
<Option>Enabled:Revoked Expired As Unsigned</Option>
</Rule>
</Rules>
<!--EKUS-->
<EKUs />
<!--File Rules-->
<FileRules>
<FileAttrib ID="ID_FILEATTRIB_F_2F" FriendlyName="cscript.exe FileAttribute" FileName="cscript.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<FileAttrib ID="ID_FILEATTRIB_F_30" FriendlyName="jscript.dll FileAttribute" FileName="jscript.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<FileAttrib ID="ID_FILEATTRIB_F_31" FriendlyName="jscript9.dll FileAttribute" FileName="jscript9.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<FileAttrib ID="ID_FILEATTRIB_F_32" FriendlyName="mshta.exe FileAttribute" FileName="MSHTA.EXE" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<FileAttrib ID="ID_FILEATTRIB_F_34" FriendlyName="wscript.exe FileAttribute" FileName="wscript.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<Deny ID="ID_DENY_D_23" FriendlyName="vbscript.dll FileRule" FileName="vbscript.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<Allow ID="ID_ALLOW_A_1_1" FriendlyName="" FileName="*" />
<Allow ID="ID_ALLOW_A_2_1" FriendlyName="" FileName="*" />
</FileRules>
<!--Signers-->
<Signers>
<Signer ID="ID_SIGNER_F_7" Name="Microsoft Windows Production PCA 2011">
<CertRoot Type="TBS" Value="4E80BE107C860DE896384B3EFF50504DC2D76AC7151DF3102A4450637A032146" />
<CertPublisher Value="Microsoft Windows" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_2F" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_30" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_31" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_32" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_34" />
</Signer>
</Signers>
<!--Driver Signing Scenarios-->
<SigningScenarios>
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Auto generated policy on 07-02-2024">
<ProductSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_A_1_1" />
</FileRulesRef>
</ProductSigners>
</SigningScenario>
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="Auto generated policy on 07-02-2024">
<ProductSigners>
<DeniedSigners>
<DeniedSigner SignerId="ID_SIGNER_F_7" />
</DeniedSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_A_2_1" />
<FileRuleRef RuleID="ID_DENY_D_23" />
</FileRulesRef>
</ProductSigners>
</SigningScenario>
</SigningScenarios>
<UpdatePolicySigners />
<CiSigners>
<CiSigner SignerId="ID_SIGNER_F_7" />
</CiSigners>
<HvciOptions>2</HvciOptions>
<BasePolicyID>{9F0581B7-7E1D-4FDD-8D33-6DBE847D3130}</BasePolicyID>
<PolicyID>{9F0581B7-7E1D-4FDD-8D33-6DBE847D3130}</PolicyID>
<Settings>
<Setting Provider="AllHostIds" Key="AllKeys" ValueName="EnterpriseDefinedClsId">
<Value>
<Boolean>true</Boolean>
</Value>
</Setting>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
<Value>
<String>022422</String>
</Value>
</Setting>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
<Value>
<String>Dangerous Script Hosts and Components Blocking</String>
</Value>
</Setting>
</Settings>
</SiPolicy>
@HotCakeX
Copy link
Author

P.S if you want to know what the XML above is for take a look at this page:
https://github.com/HotCakeX/Harden-Windows-Security/wiki/Introduction

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment