Executable Files Default Program Settings
Like malicious macros, an Attacker could send an email with a file attached that when clicked your computer will run the file’s code. The executable file may contain code the maybe used to attack a system or steal credentials. Executable files are really easy to disguise, you could, for example, make it look like a shortcut to a webpage. There are a ton of different executable file extensions that most people don’t know about or forget about.
To protect against this type of attack we can change the executable scripts default program to something safe. A “.BAT” file will by default run its code against “C:\Windows\Sysyem32\cmd.exe”, which can be exploited. We can change this so a “.BAT” file will now default to running “C:\Windows\System32\notepad.exe”. This will open the file in Notepad, which will not run the code contained in the file. Some executable extensions are needed, otherwise, the system will not run. However, some executable extensions are rarely used and the majority of users do not need them.
Below are the commands you can use to edit the default programs of executable extensions that are rarely needed. Run these commands in an elevated command(cmd.exe) prompt.
# Create a backup of original file default settings assoc > C:\assoc-backup.txt # Set what should open text files. ftype txtfile=C:\Windows\System32\notepad.exe "%1" # Set executable extentoins to open as a text file. FOR %G IN (.BAT,.BIN,.CMD,.COM,.GADGET,.INF1,.INS,.INX,.ISU,.JOB,.JSE,.PAF,.PIF,.PS1,.RGS,.SCR,.SCT,.SHB,.SHS,.U3P,.VB,.VBE,.VBS,.VBSCRIPT,.WS,.WSF,.WSH) DO (assoc %G=txtfile) # IF! you have any isssues you can restore all the original defaults with the below command. FOR /F %L in (C:\assoc-backup.txt) DO (assoc %L)