针对“永恒之蓝”的windows防护脚本

2017年06月06日原创 windows

浏览 1506608 评论 562

**标注：**此脚本进行本地策略配置，设置后可防止“永恒之蓝”被其它机器感染和去感染其它机器，但不能避免从USB或者上网感染，所以还是得打补丁，详细可参考：[https://technet.microsoft.com/zh-cn/library/security/MS17-010](https://technet.microsoft.com/zh-cn/library/security/MS17-010) 链接可详细了解”[永恒之蓝](http://baike.baidu.com/item/WannaCry/20797421?fr=aladdin&fromtitle=%E6%B0%B8%E6%81%92%E4%B9%8B%E8%93%9D&fromid=4951714)“ #### REM =================开始================ netsh ipsec static del policy windowsDBA netsh ipsec static add policy name = windowsDBA netsh ipsec static del filteraction FILTERblock netsh ipsec static del filteraction FILTERPermit netsh ipsec static add filteraction FILTERblock action =block netsh ipsec static add filteraction FILTERPermit action =permit netsh IPsec static del filterlist name = AllowList netsh IPsec static del filterlist name = DenyList netsh IPsec static add filterlist name = AllowList netsh IPsec static add filterlist name = DenyList REM 允许指定的IP访问3389端口 netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.1.1 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes netsh IPsec static add filter filterlist = AllowList srcaddr = 10.100.1.1 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.2.2 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes REM 禁止出入139、135、445端口 netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 445 protocol = TCP mirrored = yes netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 135 protocol = TCP mirrored = yes netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 139 protocol = TCP mirrored = yes netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 445 protocol = TCP mirrored = yes netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 135 protocol = TCP mirrored = yes netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 139 protocol = TCP mirrored = yes netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 3389 protocol = TCP mirrored = yes netsh ipsec static add rule name=AllowIPList policy=windowsDBA filterlist=AllowList filteraction=FILTERPermit netsh ipsec static add rule name=DenyPortList policy=windowsDBA filterlist=DenyList filteraction=FILTERblock netsh ipsec static set policy name = windowsDBA assign = y pause

文章最后更新时间： 2017年06月06日 05:09:58