no-script package

Questions about WAPT Packaging / Requêtes et aides autour des paquets Wapt.
Règles du forum
Règles du forum communautaire
* English support on www.reddit.com/r/wapt
* Le support communautaire en français se fait sur ce forum
* Merci de préfixer le titre du topic par [RESOLU] s'il est résolu.
* Merci de ne pas modifier un topic qui est taggé [RESOLU]. Ouvrez un nouveau topic en référençant l'ancien
* Préciser version de WAPT installée, version complète ET numéro de build (2.2.1.11957 / 2.2.2.12337 / etc.) AINSI QUE l'édition Enterprise / Discovery
* Les versions 1.8.2 et antérieures ne sont plus maintenues. Les seules questions acceptées vis à vis de la version 1.8.2 sont liés à la mise à jour vers une version supportée (2.1, 2.2, etc.)
* Préciser OS du serveur (Linux / Windows) et version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019)
* Préciser OS de la machine d'administration/création des paquets et de la machine avec l'agent qui pose problème le cas échéant (Windows 7 / 10 / 11 / Debian 11 / etc.)
* Eviter de poser plusieurs questions lors de l'ouverture de topic, sinon il risque d'être ignorer. Si plusieurs sujet, ouvrir plusieurs topic, et de préférence les uns après les autres et pas tous en même temps (ie ne pas spammer le forum).
* Inclure directement les morceaux de code, les captures d'écran et autres images directement dans le post. Les liens vers les pastebin, les bitly et autres sites tierces seront systématiquement supprimés.
* Comme tout forum communautaire, le support est fait bénévolement par les membres. Si vous avez besoin d'un support commercial, vous pouvez contacter le service commercial Tranquil IT au 02.40.97.57.55
nliaudat
Messages : 29
Inscription : 08 août 2019 - 08:31

08 août 2019 - 09:10

Hi,
Here you'll find some code to block malware scripting attack.

Perhaps could it be useful to set a github repo for community packages ?

Regards

Code : Tout sélectionner

def install():
    print('installing %s' % control.asrequirement())

    print 'Disable execution of script file extensions'

    #.vbs Visual Basic Script
    registry_setstring(HKEY_CLASSES_ROOT, r"vbsfile\shell", '','Edit', type=REG_SZ)

    #.VBE Visual Basic Script Encoded
    registry_setstring(HKEY_CLASSES_ROOT, r"vbefile\shell", '','Edit', type=REG_SZ)

    #.WSF Windows Script files
    registry_setstring(HKEY_CLASSES_ROOT, r"wsfile\shell", '','Edit', type=REG_SZ)

    #.WSH Windows Script Host files
    registry_setstring(HKEY_CLASSES_ROOT, r"wshfile\shell", '','Edit', type=REG_SZ)

    #.js allows execution of JavaScript
    registry_setstring(HKEY_CLASSES_ROOT, r"jsfile\shell", '','Edit', type=REG_SZ)

    #.jse JScript Encoded Script File
    registry_setstring(HKEY_CLASSES_ROOT, r"jsefile\shell", '','Edit', type=REG_SZ)

    #.hta allows execution of JavaScript and other scripting languages
    registry_setstring(HKEY_CLASSES_ROOT, r"htafile\shell", '','Edit', type=REG_SZ)

    #.scf Windows Explorer Shell Cmd File
    registry_setstring(HKEY_CLASSES_ROOT, r"SHCmdFile\shell", '','Edit', type=REG_SZ)

    #.scr Windows Screen Saver extension
    registry_setstring(HKEY_CLASSES_ROOT, r"scrfile\shell", '','Edit', type=REG_SZ)

    #.pif contains information that defines how an MS-DOS-based program should run
    registry_setstring(HKEY_CLASSES_ROOT, r"piffile\shell", '','Edit', type=REG_SZ)

    #.mht unpatched IE bug
    registry_setstring(HKEY_CLASSES_ROOT, r"mhtmlfile\shell", '','Edit', type=REG_SZ)


    print 'disable Windows Scripting Host (WSH)'
    #reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    registry_setstring(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows Script Host\Settings", 'Enabled',0, type=REG_DWORD)

    print 'disable powershell script execution'
    #reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell" /v EnableScripts /t REG_DWORD /d 0 /f
    registry_setstring(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows\PowerShell", 'EnableScripts',0, type=REG_DWORD)

    print 'add firewall rules to block malware scripts to get external access'


    ##https://gist.github.com/ricardojba/ecdfe30dadbdab6c514a530bc5d51ef6

    ##Enable Windows Firewall and configure some advanced options
    ##Block Win32/64 binaries from making net connections when they shouldn't

    delete_firewall_rules() #delete old rules and prevent creating many same rules

    run('netsh Advfirewall set allprofiles state on')
    run(r'netsh advfirewall firewall add rule name="Block appvlp.exe x86" program="C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block calc.exe x86" program="%systemroot%\system32\calc.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block certutil.exe x86" program="%systemroot%\system32\certutil.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block cmstp.exe x86" program="%systemroot%\system32\cmstp.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block cscript.exe x86" program="%systemroot%\system32\cscript.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block esentutl.exe x86" program="%systemroot%\system32\esentutl.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block expand.exe x86" program="%systemroot%\system32\expand.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block extrac32.exe x86" program="%systemroot%\system32\extrac32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block findstr.exe x86" program="%systemroot%\system32\findstr.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block hh.exe x86" program="%systemroot%\system32\hh.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block makecab.exe x86" program="%systemroot%\system32\makecab.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block mshta.exe x86" program="%systemroot%\system32\mshta.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block msiexec.exe x86" program="%systemroot%\system32\msiexec.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block nltest.exe x86" program="%systemroot%\system32\nltest.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block Notepad.exe x86" program="%systemroot%\system32\notepad.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block pcalua.exe x86" program="%systemroot%\system32\pcalua.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block print.exe x86" program="%systemroot%\system32\print.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block regsvr32.exe x86" program="%systemroot%\system32\regsvr32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block replace.exe x86" program="%systemroot%\system32\replace.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block rundll32.exe x86" program="%systemroot%\system32\rundll32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block runscripthelper.exe x86" program="%systemroot%\system32\runscripthelper.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block scriptrunner.exe x86" program="%systemroot%\system32\scriptrunner.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block SyncAppvPublishingServer.exe x86" program="%systemroot%\system32\SyncAppvPublishingServer.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block wmic.exe x86" program="%systemroot%\system32\wbem\wmic.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block wscript.exe x86" program="%systemroot%\system32\wscript.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block ftp.exe x86" program="%systemroot%\system32\ftp.exe" protocol=tcp dir=out enable=yes action=block profile=any')
    run(r'netsh advfirewall firewall add rule name="Block telnet.exe x86" program="%systemroot%\system32\telnet.exe" protocol=tcp dir=out enable=yes action=block profile=any')

    if iswin64() :
        run(r'netsh advfirewall firewall add rule name="Block appvlp.exe x64" program="C:\Program Files\Microsoft Office\root\client\AppVLP.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block calc.exe x64" program="%systemroot%\SysWOW64\calc.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block certutil.exe x64" program="%systemroot%\SysWOW64\certutil.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block cmstp.exe x64" program="%systemroot%\SysWOW64\cmstp.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block cscript.exe x64" program="%systemroot%\SysWOW64\cscript.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block esentutl.exe x64" program="%systemroot%\SysWOW64\esentutl.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block expand.exe x64" program="%systemroot%\SysWOW64\expand.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block extrac32.exe x64" program="%systemroot%\SysWOW64\extrac32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block findstr.exe x64" program="%systemroot%\SysWOW64\findstr.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block hh.exe x64" program="%systemroot%\SysWOW64\hh.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block makecab.exe x64" program="%systemroot%\SysWOW64\makecab.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block mshta.exe x64" program="%systemroot%\SysWOW64\mshta.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block msiexec.exe x64" program="%systemroot%\SysWOW64\msiexec.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block nltest.exe x64" program="%systemroot%\SysWOW64\nltest.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block Notepad.exe x64" program="%systemroot%\SysWOW64\notepad.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block pcalua.exe x64" program="%systemroot%\SysWOW64\pcalua.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block print.exe x64" program="%systemroot%\SysWOW64\print.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block regsvr32.exe x64" program="%systemroot%\SysWOW64\regsvr32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block replace.exe x64" program="%systemroot%\SysWOW64\replace.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block rpcping.exe x64" program="%systemroot%\SysWOW64\rpcping.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block rundll32.exe x64" program="%systemroot%\SysWOW64\rundll32.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block runscripthelper.exe x64" program="%systemroot%\SysWOW64\runscripthelper.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block scriptrunner.exe x64" program="%systemroot%\SysWOW64\scriptrunner.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block SyncAppvPublishingServer.exe x64" program="%systemroot%\SysWOW64\SyncAppvPublishingServer.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block wmic.exe x64" program="%systemroot%\SysWOW64\wbem\wmic.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block wscript.exe x64" program="%systemroot%\SysWOW64\wscript.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block ftp.exe x64" program="%systemroot%\SysWOW64\ftp.exe" protocol=tcp dir=out enable=yes action=block profile=any')
        run(r'netsh advfirewall firewall add rule name="Block telnet.exe x86" program="%systemroot%\SysWOW64\telnet.exe" protocol=tcp dir=out enable=yes action=block profile=any')



def uninstall():
    print('uninstalling %s' % control.asrequirement())

    print 'Enable execution of script file extensions'
    registry_setstring(HKEY_CLASSES_ROOT, r"vbsfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"vbefile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"wsfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"wshfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"jsfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"jsefile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"htafile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"SHCmdFile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"scrfile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"piffile\shell", '','Open', type=REG_SZ)
    registry_setstring(HKEY_CLASSES_ROOT, r"mhtmlfile\shell", '','Open', type=REG_SZ)

    print 'enable Windows Scripting Host (WSH)'
    #reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "1" /f
    registry_setstring(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows Script Host\Settings", 'Enabled',1, type=REG_DWORD)

    print 'enable powershell script execution'
    #reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell" /v EnableScripts /t REG_DWORD /d 1 /f
    registry_setstring(HKEY_LOCAL_MACHINE, r"SOFTWARE\Policies\Microsoft\Windows\PowerShell", 'EnableScripts',1, type=REG_DWORD)

    print 'remove firewall rules to block malware scripts to get external access'
    delete_firewall_rules()



def delete_firewall_rules():
        run_notfatal('netsh advfirewall firewall delete rule "Block appvlp.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block calc.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block certutil.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block cmstp.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block cscript.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block esentutl.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block expand.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block extrac32.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block findstr.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block hh.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block makecab.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block mshta.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block msiexec.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block nltest.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block Notepad.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block pcalua.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block print.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block regsvr32.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block replace.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block rundll32.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block runscripthelper.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block scriptrunner.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block SyncAppvPublishingServer.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block wmic.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block wscript.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block ftp.exe x86" ')
        run_notfatal('netsh advfirewall firewall delete rule "Block telnet.exe x86" ')

        if iswin64() :
            run_notfatal('netsh advfirewall firewall delete rule "Block appvlp.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block calc.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block certutil.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block cmstp.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block cscript.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block esentutl.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block expand.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block extrac32.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block findstr.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block hh.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block makecab.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block mshta.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block msiexec.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block nltest.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block Notepad.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block pcalua.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block print.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block regsvr32.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block replace.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block rundll32.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block runscripthelper.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block scriptrunner.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block SyncAppvPublishingServer.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block wmic.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block wscript.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block ftp.exe x64" ')
            run_notfatal('netsh advfirewall firewall delete rule "Block telnet.exe x64" ')


def session_setup():
    print('Session setup for %s' % control.asrequirement())

    #reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    #reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "wscript.exe" /f
    #reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "cscript.exe" /f

    ## disallow opening some file extension in outlook attachment if you use it
    #registry_setstring(HKEY_CURRENT_USER, r"Software\Microsoft\Office\14.0\Outlook\Security",'Level1Add',';.docm;.xslm;.ade;.adp;.app;.asp;.bas;.bat;.cer;.chm;.cmd;.cnt;.com;.cpl;.crt;.csh;.der;.exe;.fxp;.gadget;.grp;.hlp;.hpj;.hta;.inf;.ins;.isp;.its;.jar;.js;.jse;.ksh;.lnk;.mad;.maf;.mag;.mam;.maq;.mar;.mas;.mat;.mau;.mav;.maw;.mcf;.mda;.mdb;.mde;.mdt;.mdw;.mdz;.msc;.msh;.msh1;.msh2;.mshxml;.msh1xml;.msh2xml;.msi;.msp;.mst;.ops;.osd;.pcd;.pif;.pl;.plg;.prf;.prg;.ps1;.ps1xml;.ps2;.ps2xml;.psc1;.psc2;.pst;.reg;.scf;.scr;.sct;.shb;.shs;.tmp;.url;.vb;.vbe;.vbp;.vbs;.vsw;.ws;.wsc;.wsf;.wsh;.xbap;.xnk', type=REG_SZ)
    #registry_setstring(HKEY_CURRENT_USER, r"Software\Microsoft\Office\15.0\Outlook\Security",'Level1Add',';.docm;.xslm;.ade;.adp;.app;.asp;.bas;.bat;.cer;.chm;.cmd;.cnt;.com;.cpl;.crt;.csh;.der;.exe;.fxp;.gadget;.grp;.hlp;.hpj;.hta;.inf;.ins;.isp;.its;.jar;.js;.jse;.ksh;.lnk;.mad;.maf;.mag;.mam;.maq;.mar;.mas;.mat;.mau;.mav;.maw;.mcf;.mda;.mdb;.mde;.mdt;.mdw;.mdz;.msc;.msh;.msh1;.msh2;.mshxml;.msh1xml;.msh2xml;.msi;.msp;.mst;.ops;.osd;.pcd;.pif;.pl;.plg;.prf;.prg;.ps1;.ps1xml;.ps2;.ps2xml;.psc1;.psc2;.pst;.reg;.scf;.scr;.sct;.shb;.shs;.tmp;.url;.vb;.vbe;.vbp;.vbs;.vsw;.ws;.wsc;.wsf;.wsh;.xbap;.xnk', type=REG_SZ)
    #registry_setstring(HKEY_CURRENT_USER, r"Software\Microsoft\Office\16.0\Outlook\Security",'Level1Add',';.docm;.xslm;.ade;.adp;.app;.asp;.bas;.bat;.cer;.chm;.cmd;.cnt;.com;.cpl;.crt;.csh;.der;.exe;.fxp;.gadget;.grp;.hlp;.hpj;.hta;.inf;.ins;.isp;.its;.jar;.js;.jse;.ksh;.lnk;.mad;.maf;.mag;.mam;.maq;.mar;.mas;.mat;.mau;.mav;.maw;.mcf;.mda;.mdb;.mde;.mdt;.mdw;.mdz;.msc;.msh;.msh1;.msh2;.mshxml;.msh1xml;.msh2xml;.msi;.msp;.mst;.ops;.osd;.pcd;.pif;.pl;.plg;.prf;.prg;.ps1;.ps1xml;.ps2;.ps2xml;.psc1;.psc2;.pst;.reg;.scf;.scr;.sct;.shb;.shs;.tmp;.url;.vb;.vbe;.vbp;.vbs;.vsw;.ws;.wsc;.wsf;.wsh;.xbap;.xnk', type=REG_SZ)
Verrouillé