What is your take about not having a real time antivirus?


Well, I don't know everything that wouldn't work if you removed PowerShell, and that's kind of the point. Who knows what Windows or application functionality you're breaking by removing it? It's not like you're removing some word processing application you're not using; you're removing a component of Windows.

And if you're going to remove PowerShell and Terminal, better remove cmd for the same reason. I've done plenty of bad things at a command prompt.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC12WSHi7
    CPU
    12th Gen Intel Core i7-1260P, 2100 MHz
    Motherboard
    NUC12WSBi7
    Memory
    64 GB
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    built-in Realtek HD audio
    Monitor(s) Displays
    Dell U3219Q
    Screen Resolution
    3840x2160 @ 60Hz
    Hard Drives
    Samsung SSD 990 PRO 1TB
    Keyboard
    CODE 104-Key Mechanical Keyboard with Cherry MX Clears
  • Operating System
    Linux Mint 21.2 (Cinnamon)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC8i5BEH
    CPU
    Intel Core i5-8259U CPU @ 2.30GHz
    Memory
    32 GB
    Graphics card(s)
    Iris Plus 655
    Keyboard
    CODE 104-Key Mechanical Keyboard - Cherry MX Clear
Which apps/programs/services would not work if I remove PowerShell and Windows Terminal and leave just the classic cmd?
I can not think of anything. Windows is leaning towards using runtimes like .NET and Edge.
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.09 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @4800 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @60FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Notifier: Xiaomi Mi Band 7 NFC (05/24)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
I can not think of anything. Windows is leaning towards using runtimes like .NET and Edge.
Edge?
Can you elaborate on that?

And what's your take on cmd being as dangerous for malware as PowerShell?
Not trying to make a war of opinions, tbc, I just try to understand all perspectives to make my own :)
 

My Computer

System One

  • OS
    Win11 64 Pro
    Computer type
    Laptop
    Manufacturer/Model
    LG Gram 17 (2022)
Not having an antivirus program would be like that dream you have of going to school in your pyjamas - horrendous.
Can't be done I'm afraid (for me anyway).
 

My Computer

System One

  • OS
    Win 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    N/A
    CPU
    AMD Ryzen 5 5600x
    Motherboard
    ASUS Crosshair Viii Hero Wi Fi
    Memory
    32 Gb DDR4 3600MHz GSkill
    Graphics Card(s)
    NVidia Geforce 950
    Sound Card
    USB Out NAD M51 DAC with Adams A8 powered speakers
    Monitor(s) Displays
    Dell 3219Q
    Screen Resolution
    3840 x 2160
    Hard Drives
    Western Digital Black SSD SN770 1TB
    Samsung EVO SSD 970 1TB
    PSU
    Fractal Design 1000W
    Case
    CoolerMaster ATCS 840
    Cooling
    Noctua NH-U12S Chromax
    Keyboard
    Razer Huntsman V2
    Mouse
    Razer Viper Ultimate
    Internet Speed
    Starlink 94Mbps down 20Mbps up
    Browser
    Brave
    Antivirus
    ESET
Windows Scripting Host. When people say that malware runs by itself, that is what it uses. You can basically disable malware. :lmao:
Code:
reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\WOW6432Node\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
MS has recently disabled at least VBS in Windows, thus malware moved to PowerShell instead.

Note that by default Windows includes old and vulnerable PowerShell 5, though there is already version 7.
Removing version 5 can break some apps and some features, but it is well worth it. You can also restrict it.
Code:
reg add "HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /v "ExecutionPolicy" /t REG_SZ /d "Restricted" /f
reg add "HKLM\Software\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics" /v "ExecutionPolicy" /t REG_SZ /d "Restricted" /f
reg add "HKLM\Software\WOW6432Node\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnostics" /v "ExecutionPolicy" /t REG_SZ /d "Restricted" /f
reg add "HKLM\Software\Policies\Microsoft\PowerShellCore" /v "EnableScripts" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\WOW6432Node\Policies\Microsoft\PowerShellCore" /v "EnableScripts" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t REG_DWORD /d "0" /f
reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v "__PSLockDownPolicy" /t REG_SZ /d "4" /f

taskkill /im PowerShell.exe /f
taskkill /im PowerShell_ISE.exe /f
taskkill /im pwsh.exe /f
takeown /s %computername% /u %username% /f "%ProgramFiles%\WindowsPowerShell" /r /d y
icacls "%ProgramFiles%\WindowsPowerShell" /inheritance:r /grant:r %username%:(OI)(CI)F /t /l /q /c
rd "%ProgramFiles%\WindowsPowerShell" /s /q
takeown /s %computername% /u %username% /f "%ProgramFiles(x86)%\WindowsPowerShell" /r /d y
icacls "%ProgramFiles(x86)%\WindowsPowerShell" /grant:r %username%:(OI)(CI)F /t /l /q /c
rd "%ProgramFiles(x86)%\WindowsPowerShell" /s /q
takeown /s %computername% /u %username% /f "%WinDir%\System32\WindowsPowerShell" /r /d y
icacls "%WinDir%\System32\WindowsPowerShell" /grant:r %username%:(OI)(CI)F /t /l /q /c
rd "%WinDir%\System32\WindowsPowerShell" /s /q
takeown /s %computername% /u %username% /f "%WinDir%\SysWOW64\WindowsPowerShell" /r /d y
icacls "%WinDir%\SysWOW64\WindowsPowerShell" /grant:r %username%:(OI)(CI)F /t /l /q /c
rd "%WinDir%\SysWOW64\WindowsPowerShell" /s /q

Yes, replacing this shortcut with CMD's shortcut gives me CMD in the start menu.
Code:
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

View attachment 104137

Hi again!

So, I tried your tweaks, after all I am going to install Windows from zero now on a new SSD so I can do experiments in this SSD :D
But could you please please explain a bit more in detail what they do exactly?
So I can feel safer about implementing them in the new installation.
Btw, I have entered all that in Windows Terminal (administrator) and it said "The operation completed successfully" for each of the commands, and then I restarted, but Powershell is still in the system, I can access it and use it.
Well, now tbh when I enter a command either in the PowerShell or in Windows Terminal, it's not in colors anymore. So, does that mean that PowerShell has been "disabled", and now when I open Terminal or Powershell it's CMD what is working within them?
Is that enough to prevent Ransomware? I mean, I thought that the idea was to prevent the execution of commands in PowerShell, but now PowerShell can still be opened, and commands can be executed, just in B&W instead of color :D

Also, stupid question, what should i put in the last code in the place of %USERPROFILE%?
Let's say that my User in Windows is XYZ, I've tried XYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk and %XYZ%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk and none of them worked...

Thanks!!!
 
Last edited:

My Computer

System One

  • OS
    Win11 64 Pro
    Computer type
    Laptop
    Manufacturer/Model
    LG Gram 17 (2022)
Edge?
Can you elaborate on that?
Microsoft Edge WebView2 Runtime
And what's your take on cmd being as dangerous for malware as PowerShell?
CMD is very limited compared to PS, thus the reason MS started using PS instead.
Malware can use PS to elevate and then it can do anything, like change firewall rules.
Btw, I have entered all that in Windows Terminal (administrator)
I believe Terminal uses PS and you can not remove PS, while running it. Use CMD as admin.
If PS is removed, those 4 folders should not exist. You can easily restore it using SFC scan.
Code:
%ProgramFiles%\WindowsPowerShell
%ProgramFiles(x86)%\WindowsPowerShell
%WinDir%\System32\WindowsPowerShell
%WinDir%\SysWOW64\WindowsPowerShell
Windows terminal is an app, which can be uninstalled.
what should i put in the last code in the place of %USERPROFILE%?
Start - Run - %USERPROFILE% - will open your profile folder, you do need to use your username.
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.09 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @4800 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @60FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Notifier: Xiaomi Mi Band 7 NFC (05/24)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
CMD is very limited compared to PS, thus the reason MS started using PS instead.
Malware can use PS to elevate and then it can do anything, like change firewall rules.
You can elevate PowerShell or cmd and change firewall rules: netsh.

Edit: One thing I've not mentioned... even if you remove PowerShell, it's still possible to run PS scripts and commands. There's a project called PowerLine that's made specifically for this, and other similar things exist. I won't link to PowerLine because it's known to be used maliciously. Point is, you're not really gaining anything by removing it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC12WSHi7
    CPU
    12th Gen Intel Core i7-1260P, 2100 MHz
    Motherboard
    NUC12WSBi7
    Memory
    64 GB
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    built-in Realtek HD audio
    Monitor(s) Displays
    Dell U3219Q
    Screen Resolution
    3840x2160 @ 60Hz
    Hard Drives
    Samsung SSD 990 PRO 1TB
    Keyboard
    CODE 104-Key Mechanical Keyboard with Cherry MX Clears
  • Operating System
    Linux Mint 21.2 (Cinnamon)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC8i5BEH
    CPU
    Intel Core i5-8259U CPU @ 2.30GHz
    Memory
    32 GB
    Graphics card(s)
    Iris Plus 655
    Keyboard
    CODE 104-Key Mechanical Keyboard - Cherry MX Clear
Microsoft Edge WebView2 Runtime
...
I believe Terminal uses PS and you can not remove PS, while running it. Use CMD as admin.
...
Start - Run - %USERPROFILE% - will open your profile folder, you do need to use your username.
Ok, I did it again from CMD (admin) and now it's really gone, no PowerShell, no Windows Terminal.
I used the code how it was. Or was I supposed to change %WinDir% with C, %username% with my username, and %computername% with my computer name?

About the user profile thing, I thought I had to use it in CMD too, that's why when it didn't recognize the command I tried changing USERPROFILE with XYZ (my hypothetical username).
Now I did it in run like you just said and it says that the path doesn't exist.
Maybe because your other codes deleted it?
What am I supposed to do?
Now that PoweShell and Terminal are gone I'd like to have CMD in the right click menu of the Start key, like you said that this string would do :p
 

My Computer

System One

  • OS
    Win11 64 Pro
    Computer type
    Laptop
    Manufacturer/Model
    LG Gram 17 (2022)
Now that PoweShell and Terminal are gone I'd like to have CMD in the right click menu of the Start key
Start - Run - copy code to open the folder:
Code:
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
Remove the shortcut that is there, create the new shortcut with location path:
Code:
C:\Windows\System32\cmd.exe
Name it:
Code:
Windows PowerShell
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.09 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @4800 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @60FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Notifier: Xiaomi Mi Band 7 NFC (05/24)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
Start - Run - copy code to open the folder:
Code:
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
Remove the shortcut that is there, create the new shortcut with location path:
Code:
C:\Windows\System32\cmd.exe
Name it:
Code:
Windows PowerShell
It worked! Thanks :)
Now, what if I would want to put things back how they were?
Do you have a code for that too?
 

My Computer

System One

  • OS
    Win11 64 Pro
    Computer type
    Laptop
    Manufacturer/Model
    LG Gram 17 (2022)
I've been a Windows user since Windows 3, so since the early 90's. I've never had a virus or any malware.

I've always disabled real-time antivirus software. I've always been careful about the software I download, and I've always scanned it manually.
 

My Computer

System One

  • OS
    Windows 11
Now, what if I would want to put things back how they were?
Do you have a code for that too?
No, it would be faster to use a system backup or reinstall.
Most tweaks are just ON/OFF, so you can just replace 0/1.
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.09 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @4800 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @60FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Notifier: Xiaomi Mi Band 7 NFC (05/24)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
I never ever had a virus.
That you know of
The last time I was infected by a virus
I've never had a virus or any malware.
As far as you know....

____________________________________________________________________________________________________________________________________________
Malware nowadays is not the days of windows xp practically shouting at the screen saying I'm infected! I'm infected!

It is much more sophisticated and complex than that. Malware does everything it can to hide the infection and make you not aware it's even there. Malware can be in your router, in your computer, anywhere you go.

You need an active antivirus. You don't need to pay for it. Windows defender is fine for most folks. Using preventive software and keeping windows up to date is a must. However, it is true that in general, windows is much more secure than it has ever been. Setting UAC to its highest level, using memory integrity, and setting a secure dns is some extra stuff that really helps for sure.

But don't ever assume your machine is not infected because everything seems fine, or you don't notice anything wrong. Because that's the point.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell G15 5525
    CPU
    Ryzen 7 6800H
    Memory
    32 GB DDR5 4800mhz
    Graphics Card(s)
    RTX 3050 Mobile 4GB Vram
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Screen Resolution
    Internal laptop screen: 1920 x 1080 @ 120hz
    Hard Drives
    2TB Solidigm™ P41 Plus nvme
    Internet Speed
    800mbps down, 20 up
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
Back
Top Bottom