Paket ohne Skript

Fragen zu WAPT-Paketen / Anfragen und Hilfe bezüglich WAPT-Paketen.
Forumregeln
Community-Forumregeln
* Englischer Support auf www.reddit.com/r/wapt
* Französischer Community-Support ist in diesem Forum verfügbar.
* Bitte kennzeichnen Sie gelöste Themen mit [GELÖST].
* Bitte bearbeiten Sie keine Themen, die mit [GELÖST] markiert sind. Erstellen Sie stattdessen ein neues Thema und verweisen Sie auf das alte.
* Geben Sie die installierte WAPT-Version, die vollständige Versionsnummer und die Build-Nummer (2.2.1.11957 / 2.2.2.12337 / usw.) sowie die Enterprise-/Discovery-Edition an.
* Versionen 1.8.2 und älter werden nicht mehr unterstützt. Fragen zu Version 1.8.2 werden nur beantwortet, wenn sie sich auf ein Upgrade auf eine unterstützte Version (2.1, 2.2 usw.) beziehen.
* Geben Sie das Server-Betriebssystem (Linux/Windows) und die Version (Debian Buster/Bullseye – CentOS 7 – Windows Server 2012/2016/2019) an.
* Geben Sie gegebenenfalls das Betriebssystem des Administrations-/Paketerstellungsrechners und des Rechners mit dem problematischen Agenten an (Windows 7/10/11/Debian 11/etc.).
* Vermeiden Sie es, mehrere Fragen in einem Thema zu stellen, da diese sonst möglicherweise ignoriert werden. Falls mehrere Themen relevant sind, erstellen Sie bitte separate Themen, vorzugsweise nacheinander und nicht gleichzeitig (d. h. vermeiden Sie Spam im Forum).
* Fügen Sie Code-Snippets, Screenshots und andere Bilder direkt in Ihren Beitrag ein. Links zu Pastebin, Bitly und anderen Drittanbieterseiten werden systematisch entfernt.
* Wie in jedem Community-Forum erfolgt die Unterstützung freiwillig durch die Mitglieder. Für kommerziellen Support kontaktieren Sie bitte den Vertrieb von Tranquil IT unter +44 2 40 97 57 55.
Gesperrt
nliaudat
Nachrichten: 29
Anmeldung: 8. August 2019 - 8:31 Uhr

8. August 2019 - 09:10 Uhr

Hallo,
Hier finden Sie Code zum Blockieren von Malware-Skriptangriffen.

Wäre es vielleicht sinnvoll, ein GitHub-Repository für Community-Pakete einzurichten?

Grüße

Code: Alle auswählen

def install():
    print('installing %s' % control.asrequirement())

    print 'Disable execution of script file extensions'

    #.vbs Visual Basic Script
    registry_setstring(HKEY_CLASSES_ROOT, r"vbsfile\shell", '','Edit', type=REG_SZ)

    #.VBE Visual Basic Script Encoded
    registry_setstring(HKEY_CLASSES_ROOT, r"vbefile\shell", '','Edit', type=REG_SZ)

    #.WSF Windows Script files
    registry_setstring(HKEY_CLASSES_ROOT, r"wsfile\shell", '','Edit', type=REG_SZ)

    #.WSH Windows Script Host files
    registry_setstring(HKEY_CLASSES_ROOT, r"wshfile\shell", '','Edit', type=REG_SZ)

    #.js allows execution of JavaScript
    registry_setstring(HKEY_CLASSES_ROOT, r"jsfile\shell", '','Edit', type=REG_SZ)

    #.jse JScript Encoded Script File
    registry_setstring(HKEY_CLASSES_ROOT, r"jsefile\shell", '','Edit', type=REG_SZ)

    #.hta allows execution of JavaScript and other scripting languages
    registry_setstring(HKEY_CLASSES_ROOT, r"htafile\shell", '','Edit', type=REG_SZ)

    #.scf Windows Explorer Shell Cmd File
    registry_setstring(HKEY_CLASSES_ROOT, r"SHCmdFile\shell", '','Edit', type=REG_SZ)

    #.scr Windows Screen Saver extension
    registry_setstring(HKEY_CLASSES_ROOT, r"scrfile\shell", '','Edit', type=REG_SZ)

    #.pif contains information that defines how an MS-DOS-based program should run
    registry_setstring(HKEY_CLASSES_ROOT, r"piffile\shell", '','Edit', type=REG_SZ)

    #.mht unpatched IE bug
    registry_setstring(HKEY_CLASSES_ROOT, r"mhtmlfile\shell", '','Edit', type=REG_SZ)


    print 'disable Windows Scripting Host (WSH)'
    #reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    registry_setstring(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows Script Host\Settings", 'Enabled',0, type=REG_DWORD)

    print 'disable powershell script execution'
    #reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell" /v EnableScripts /t REG_DWORD /d 0 /f
    registry_setstring(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows\PowerShell", 'EnableScripts',0, type=REG_DWORD)

    print 'add firewall rules to block malware scripts to get external access'


    ##https://gist.github.com/ricardojba/ecdfe30dadbdab6c514a530bc5d51ef6

    ##Enable Windows Firewall and configure some advanced options
    ##Block Win32/64 binaries from making net connections when they shouldn't

    delete_firewall_rules() #delete old rules and prevent creating many same rules

    run('netsh Advfirewall set allprofiles state on')
    run(r'netsh advfirewall firewall add rule name="Block appvlp.exe x86" program="C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block calc.exe x86" program="%systemroot%\system32\calc.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block certutil.exe x86" program="%systemroot%\system32\certutil.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block cmstp.exe x86" program="%systemroot%\system32\cmstp.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block cscript.exe x86" program="%systemroot%\system32\cscript.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block esentutl.exe x86" program="%systemroot%\system32\esentutl.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block expand.exe x86" program="%systemroot%\system32\expand.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block extrac32.exe x86" program="%systemroot%\system32\extrac32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block findstr.exe x86" program="%systemroot%\system32\findstr.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block hh.exe x86" program="%systemroot%\system32\hh.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block makecab.exe x86" program="%systemroot%\system32\makecab.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block mshta.exe x86" program="%systemroot%\system32\mshta.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block msiexec.exe x86" program="%systemroot%\system32\msiexec.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block nltest.exe x86" program="%systemroot%\system32\nltest.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block Notepad.exe x86" program="%systemroot%\system32\notepad.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block pcalua.exe x86" program="%systemroot%\system32\pcalua.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block print.exe x86" program="%systemroot%\system32\print.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block regsvr32.exe x86" program="%systemroot%\system32\regsvr32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block replace.exe x86" program="%systemroot%\system32\replace.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block rundll32.exe x86" program="%systemroot%\system32\rundll32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block runscripthelper.exe x86" program="%systemroot%\system32\runscripthelper.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block scriptrunner.exe x86" program="%systemroot%\system32\scriptrunner.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block SyncAppvPublishingServer.exe x86" program="%systemroot%\system32\SyncAppvPublishingServer.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block wmic.exe x86" program="%systemroot%\system32\wbem\wmic.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block wscript.exe x86" program="%systemroot%\system32\wscript.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block ftp.exe x86" program="%systemroot%\system32\ftp.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block telnet.exe x86" program="%systemroot%\system32\telnet.exe" protocol=tcp dir=out enable=yes action=block profile=any')

    if iswin64() :
        run(r'netsh advfirewall firewall add rule name="Block appvlp.exe x64" program="C:\Program Files\Microsoft Office\root\client\AppVLP.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block calc.exe x64" program="%systemroot%\SysWOW64\calc.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block certutil.exe x64" program="%systemroot%\SysWOW64\certutil.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block cmstp.exe x64" program="%systemroot%\SysWOW64\cmstp.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block cscript.exe x64" program="%systemroot%\SysWOW64\cscript.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block esentutl.exe x64" program="%systemroot%\SysWOW64\esentutl.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block expand.exe x64" program="%systemroot%\SysWOW64\expand.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block extrac32.exe x64" program="%systemroot%\SysWOW64\extrac32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block findstr.exe x64" program="%systemroot%\SysWOW64\findstr.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block hh.exe x64" program="%systemroot%\SysWOW64\hh.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block makecab.exe x64" program="%systemroot%\SysWOW64\makecab.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block mshta.exe x64" program="%systemroot%\SysWOW64\mshta.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block msiexec.exe x64" program="%systemroot%\SysWOW64\msiexec.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block nltest.exe x64" program="%systemroot%\SysWOW64\nltest.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block Notepad.exe x64" program="%systemroot%\SysWOW64\notepad.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block pcalua.exe x64" program="%systemroot%\SysWOW64\pcalua.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block print.exe x64" program="%systemroot%\SysWOW64\print.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block regsvr32.exe x64" program="%systemroot%\SysWOW64\regsvr32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block replace.exe x64" program="%systemroot%\SysWOW64\replace.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block rpcping.exe x64" program="%systemroot%\SysWOW64\rpcping.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block rundll32.exe x64" program="%systemroot%\SysWOW64\rundll32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block runscripthelper.exe x64" program="%systemroot%\SysWOW64\runscripthelper.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block scriptrunner.exe x64" program="%systemroot%\SysWOW64\scriptrunner.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block SyncAppvPublishingServer.exe x64" program="%systemroot%\SysWOW64\SyncAppvPublishingServer.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block wmic.exe x64" program="%systemroot%\SysWOW64\wbem\wmic.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block wscript.exe x64" program="%systemroot%\SysWOW64\wscript.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block ftp.exe x64" program="%systemroot%\SysWOW64\ftp.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block telnet.exe x86" program="%systemroot%\SysWOW64\telnet.exe" protocol=tcp dir=out enable=yes action=block profile=any')



def uninstall():
    print('uninstalling %s' % control.asrequirement())

    print 'Enable execution of script file extensions'
    registry_setstring(HKEY_CLASSES_ROOT, r"vbsfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"vbefile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"wsfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"wshfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"jsfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"jsefile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"htafile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"SHCmdFile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"scrfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"piffile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"mhtmlfile\shell", '','Open', type=REG_SZ)

    print 'enable Windows Scripting Host (WSH)'
    #reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "1" /f
    registry_setstring(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows Script Host\Settings", 'Enabled',1, type=REG_DWORD)

    print 'enable powershell script execution'
    #reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell" /v EnableScripts /t REG_DWORD /d 1 /f
    registry_setstring(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows\PowerShell", 'EnableScripts',1, type=REG_DWORD)

    print 'remove firewall rules to block malware scripts to get external access'
    delete_firewall_rules()



def delete_firewall_rules():
        run_notfatal('netsh advfirewall firewall delete rule "Block appvlp.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block calc.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block certutil.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block cmstp.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block cscript.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block esentutl.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block expand.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block extrac32.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block findstr.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block hh.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block makecab.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block mshta.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block msiexec.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block nltest.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block Notepad.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block pcalua.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block print.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block regsvr32.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block replace.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block rundll32.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block runscripthelper.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block scriptrunner.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block SyncAppvPublishingServer.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block wmic.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block wscript.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block ftp.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block telnet.exe x86" ')

        if iswin64() :
            run_notfatal('netsh advfirewall firewall delete rule "Block appvlp.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block calc.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block certutil.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block cmstp.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block cscript.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block esentutl.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block expand.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block extrac32.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block findstr.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block hh.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block makecab.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block mshta.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block msiexec.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block nltest.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block Notepad.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block pcalua.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block print.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block regsvr32.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block replace.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block rundll32.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block runscripthelper.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block scriptrunner.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block SyncAppvPublishingServer.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block wmic.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block wscript.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block ftp.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block telnet.exe x64" ')


def session_setup():
    print('Session setup for %s' % control.asrequirement())

    #reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    #reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "wscript.exe" /f
    #reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "cscript.exe" /f

    ## disallow opening some file extension in outlook attachment if you use it
    #registry_setstring(HKEY_CURRENT_USER, r"Software\Microsoft\Office\14.0\Outlook\Security",'Level1Add',';.docm;.xslm;.ade;.adp;.app;.asp;.bas;.bat;.cer;.chm;.cmd;.cnt;.com;.cpl;.crt;.csh;.der;.exe;.fxp;.gadget;.grp;.hlp;.hpj;.hta;.inf;.ins;.isp;.its;.jar;.js;.jse;.ksh;.lnk;.mad;.maf;.mag;.mam;.maq;.mar;.mas;.mat;.mau;.mav;.maw;.mcf;.mda;.mdb;.mde;.mdt;.mdw;.mdz;.msc;.msh;.msh1;.msh2;.mshxml;.msh1xml;.msh2xml;.msi;.msp;.mst;.ops;.osd;.pcd;.pif;.pl;.plg;.prf;.prg;.ps1;.ps1xml;.ps2;.ps2xml;.psc1;.psc2;.pst;.reg;.scf;.scr;.sct;.shb;.shs;.tmp;.url;.vb;.vbe;.vbp;.vbs;.vsw;.ws;.wsc;.wsf;.wsh;.xbap;.xnk', type=REG_SZ)
    #registry_setstring(HKEY_CURRENT_USER, r"Software\Microsoft\Office\15.0\Outlook\Security",'Level1Add',';.docm;.xslm;.ade;.adp;.app;.asp;.bas;.bat;.cer;.chm;.cmd;.cnt;.com;.cpl;.crt;.csh;.der;.exe;.fxp;.gadget;.grp;.hlp;.hpj;.hta;.inf;.ins;.isp;.its;.jar;.js;.jse;.ksh;.lnk;.mad;.maf;.mag;.mam;.maq;.mar;.mas;.mat;.mau;.mav;.maw;.mcf;.mda;.mdb;.mde;.mdt;.mdw;.mdz;.msc;.msh;.msh1;.msh2;.mshxml;.msh1xml;.msh2xml;.msi;.msp;.mst;.ops;.osd;.pcd;.pif;.pl;.plg;.prf;.prg;.ps1;.ps1xml;.ps2;.ps2xml;.psc1;.psc2;.pst;.reg;.scf;.scr;.sct;.shb;.shs;.tmp;.url;.vb;.vbe;.vbp;.vbs;.vsw;.ws;.wsc;.wsf;.wsh;.xbap;.xnk', type=REG_SZ)
    #registry_setstring(HKEY_CURRENT_USER, r"Software\Microsoft\Office\16.0\Outlook\Security",'Level1Add',';.docm;.xslm;.ade;.adp;.app;.asp;.bas;.bat;.cer;.chm;.cmd;.cnt;.com;.cpl;.crt;.csh;.der;.exe;.fxp;.gadget;.grp;.hlp;.hpj;.hta;.inf;.ins;.isp;.its;.jar;.js;.jse;.ksh;.lnk;.mad;.maf;.mag;.mam;.maq;.mar;.mas;.mat;.mau;.mav;.maw;.mcf;.mda;.mdb;.mde;.mdt;.mdw;.mdz;.msc;.msh;.msh1;.msh2;.mshxml;.msh1xml;.msh2xml;.msi;.msp;.mst;.ops;.osd;.pcd;.pif;.pl;.plg;.prf;.prg;.ps1;.ps1xml;.ps2;.ps2xml;.psc1;.psc2;.pst;.reg;.scf;.scr;.sct;.shb;.shs;.tmp;.url;.vb;.vbe;.vbp;.vbs;.vsw;.ws;.wsc;.wsf;.wsh;.xbap;.xnk', type=REG_SZ)
Hoch
Gesperrt

Zurück zu „WAPT-Pakete“


  • Um mit WAPT weiterzukommen