The icon for Microsoft Edge is now placed by default in every user profile.
It is not placed in Public Desktop, but created for each user at logon (DOH!)
Thank god there is way to stop this behavior.
You can simple add the following registry key:
If your using MDT (Microsoft Deployment Toolkit) or ConfigMgr (System Center Configuration Manager)
You can add the following oneliner task sequence step, to stop the creation of the Microsoft Edge icon.
Commandline: reg.exe add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer /v DisableEdgeDesktopShortcutCreation /t REG_DWORD /d 1
In case your wondering what i have in the steps to disable Cortana, let me share them:
Registry tweaks for Build and Capture or Windows 10 Deployment task sequences
Disable Cortana Voice:
reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v DisableVoice /t REG_DWORD /d 1
Disable Cortana Search:
reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search” /v “AllowCortana” /t REG_DWORD /d 0 /f
Disable Cortana Search Box:
reg add “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search” /v “SearchboxTaskbarMode” /t REG_DWORD /d 0 /f
The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations.
Access Director can help you by removing permanent local admins.
Recommendations for Enterprises
- Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability.
- Consider disabling SMBv1 to prevent spreading of malware.
- Educate end-users to remain vigilant when opening attachments or clicking on links from senders they do not know.
- Ensure you have the latest updates installed for your anti-virus software.
- Ensure you have backup copies of your files stored on local disks. Generally, user files on local drives are replicated from a network share
- Prevent users from writing data outside of designated areas on the local hard disk to prevent data loss if attack occurs.
- Operate a least privileged access model with employees. Restrict who has local administration access.
Petya does not encrypt files. it encrypts the Master File Table, which is the index of where all the files are stored on a hard disk drive.
“Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That’s why patched systems can get hit.”
Mikko Hypponen confirms, Chief Research Officer at F-Secure.
PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, company has advised users to create a file i.e. “C:\Windows\perfc” to prevent ransomware infection.
There seems to be an issue with Trend Micro and Windows Defender after Windows/ Defender patches has been applied.
The quick workaround is to deploy are registry key:
The dword value should be 1: DisableAntiSpyware
In case it does not exist, go ahead and create it.
Restart and you should see things start working again.
If you have the issue, you should be able to deploy it using Group Policy Preferences.
NOTE: You can also enter safe mode and create the needed key.