命令行界面输入以下命令,防护永恒之蓝等已知或未知的病毒。
执行后,不需要重启系统。
:: windows_sec_by_akka9
@set srv=LanmanServer WerSvc RemoteRegistry ShellHWDetection lmhosts SENS COMSysApp EventSystem SSDPSRV Dnscache MSDTC Spooler Themes WpnService lfsvc
@for %%i in (%srv%) do @net stop %%i >nul 2>nul & @sc config %%i start= disabled
:: enable auto update and firewall
@set srv=wuauserv MpsSvc
@for %%i in (%srv%) do @net restart %%i >nul 2>nul & @sc config %%i start= auto
netsh advfirewall firewall add rule name="BLOCK_PORT_TCP" dir=in action=block protocol=TCP localport=135,137,138,139,445,593,1025
netsh advfirewall firewall add rule name="BLOCK_PORT_UDP" dir=in action=block protocol=UDP localport=123,5050,5053
@timeout 32
提醒:
- 尽早淘汰XP、Windows 2013。尽早使用Win10,Win2016吧. 当然用苹果系统、Linux 也是比较安全的.
- 尽早淘汰IE 6、IE 7、IE 8、IE 9、IE 10。尽早使用IE 11, Edge.最好是尽量只使用最新版的Chrome、Firefox.
- 自动更新一定要开启。
:: disable 137 138 139 445
sc config MSDTC start= DISABLED
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT /v Start /t REG_DWORD /d 4 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v EnableMulticast /t REG_DWORD /d 0 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT /v Start /t REG_DWORD /d 4 /f
reg add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /d N /f
reg add HKLM\SOFTWARE\Microsoft\Rpc /v "DCOM Protocols" /t REG_MULTI_SZ /d ncacn_spx\0ncacn_nb_nb\0ncacn_nb_ipx\0 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters /v SMBDeviceEnabled /t REG_DWORD /d 0 /f
:: change port 445 to 1445
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Smb /v SessionPort /t REG_DWORD /d 1445 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Smb /v DatagramPort /t REG_DWORD /d 1445 /f
:: change RDP 3389 to 60089
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Tenninal Server\WinStations\RDP\Tcp" /v PortNumber /t REG_DWORD /d 60089 /f
REM reg add "HKLM\SYSTEM\CurrentControlSet\Services\RpcSs" /v ListenOnInternet /t REG_SZ /d N /f
echo "手动操作关闭137、138、139端口"
echo "本地连接属性->Internet协议 (TCP/IP)->属性->高级->WINS,禁用TCP/IP上的NetBIOS"
start /w ncpa.cpl
windows diable CTRL-ALT-DEL
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCAD /t REG_DWORD /d 1 /f
http://blog.sina.com.cn/s/blog_56cb31070102wgah.html
http://www.computerstepbystep.com/turn-off-multicast-name-resolution.html
http://xfocus.net/articles/200408/723.html
