Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Tutorial to add a freeware killswitch which blocks software installations from phoning home during or after the initial install process
20 views
Skip to first unread message
Arlen Holder
Oct 28, 2020, 5:12:37 AM10/28/20
to
Tutorial to add a killswitch to block those software installations
which may phone home during or after installation.
Please improve so that all benefit from every action you take.
o Note: Use whatever names & locations make sense for your setup.
1. Download any killswitch batch file, e.g., liquidvpn's killswitch:
<https://www.liquidvpn.com/vpn-kill-switches/>
That freeware batch text file can be downloaded with this URL:
<https://my.liquidvpn.com/dl.php?type=d&id=49>
Name: LiquidVPN-Kill-Switch.bat
Size: 2747 bytes (2 KiB)
SHA256: 933B7BD76EECB04D57A1A55E972C868D0460EB21021C16ED0ABC0B02EBD532A7
Save it into your software archive location & rename as desired:
X:\archive\os\bat\gateway.bat
2. Test & modify that gateway killswitch batch file as desired.
For example, rename & copy to "c:\app\os\bat\gateway.bat"
Modify the default gateway IP address, if needed.
Modify the commands presented to the user, if desired.
etc.
3. Create & test a (temporary) new shortcut to run that new batch command:
FILESPEC = c:\app\os\lnk\gateway.lnk
TARGET = C:\app\os\bat\gateway.bat
STARTIN = C:\app\os\bat <== this doesn't really matter
Note that when you run the shortcut, a Windows UAC consent form pops up.
4. Point to that shortcut in the system registry AppPaths key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\]
gateway.exe=c:\app\os\lnk\gateway.lnk
Note: Choose any desired key name not in use (it must end with ".exe").
5. Test the new command you just created:
Win+R > gateway
NOTE: While it works, the UAC Account Control Consent prompt pops up.
6. Create a scheduled task so that you can eliminate UAC consent prompts.
Win+R > %windir%\system32\taskschd.msc /s
Create a new basic task (where the name is important for use later!)
Name = UAC Gateway Task
[x]Run with highest privileges <== this removes the UAC consent prompt
Start a program = c:\app\os\bat\gateway.bat
7. Modify the original shortcut to now call that scheduled task:
FILESPEC = c:\app\os\lnk\gateway.lnk
TARGET = C:\Windows\System32\schtasks.exe /run /TN "UAC Gateway Task"
STARTIN = C:\app\os\bat <== this doesn't really matter
8. Test the scheduled task which now eliminates the UAC consent prompt:
Win+R > gateway
Voila!
You now can set & unset the gateway without a UAC consent prompt.
9. If desired, copy that shortcut into your cascade accordion menu:
c:\menu\os\lnk\gateway.lnk
Which is already permanently pinned to your taskbar as a "toolbar".
Taskbar > menu > os > gateway.lnk
--
As always, please improve so that all benefit from every Usenet post.
which may phone home during or after installation.
Please improve so that all benefit from every action you take.
o Note: Use whatever names & locations make sense for your setup.
1. Download any killswitch batch file, e.g., liquidvpn's killswitch:
<https://www.liquidvpn.com/vpn-kill-switches/>
That freeware batch text file can be downloaded with this URL:
<https://my.liquidvpn.com/dl.php?type=d&id=49>
Name: LiquidVPN-Kill-Switch.bat
Size: 2747 bytes (2 KiB)
SHA256: 933B7BD76EECB04D57A1A55E972C868D0460EB21021C16ED0ABC0B02EBD532A7
Save it into your software archive location & rename as desired:
X:\archive\os\bat\gateway.bat
2. Test & modify that gateway killswitch batch file as desired.
For example, rename & copy to "c:\app\os\bat\gateway.bat"
Modify the default gateway IP address, if needed.
Modify the commands presented to the user, if desired.
etc.
3. Create & test a (temporary) new shortcut to run that new batch command:
FILESPEC = c:\app\os\lnk\gateway.lnk
TARGET = C:\app\os\bat\gateway.bat
STARTIN = C:\app\os\bat <== this doesn't really matter
Note that when you run the shortcut, a Windows UAC consent form pops up.
4. Point to that shortcut in the system registry AppPaths key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\]
gateway.exe=c:\app\os\lnk\gateway.lnk
Note: Choose any desired key name not in use (it must end with ".exe").
5. Test the new command you just created:
Win+R > gateway
NOTE: While it works, the UAC Account Control Consent prompt pops up.
6. Create a scheduled task so that you can eliminate UAC consent prompts.
Win+R > %windir%\system32\taskschd.msc /s
Create a new basic task (where the name is important for use later!)
Name = UAC Gateway Task
[x]Run with highest privileges <== this removes the UAC consent prompt
Start a program = c:\app\os\bat\gateway.bat
7. Modify the original shortcut to now call that scheduled task:
FILESPEC = c:\app\os\lnk\gateway.lnk
TARGET = C:\Windows\System32\schtasks.exe /run /TN "UAC Gateway Task"
STARTIN = C:\app\os\bat <== this doesn't really matter
8. Test the scheduled task which now eliminates the UAC consent prompt:
Win+R > gateway
Voila!
You now can set & unset the gateway without a UAC consent prompt.
9. If desired, copy that shortcut into your cascade accordion menu:
c:\menu\os\lnk\gateway.lnk
Which is already permanently pinned to your taskbar as a "toolbar".
Taskbar > menu > os > gateway.lnk
--
As always, please improve so that all benefit from every Usenet post.
Arlen Holder
Oct 28, 2020, 5:13:13 AM10/28/20
to
So that others benefit, I wrote this simple tutorial up to create a new
command named "task" (never use plurals, for simplicity), which brings up
the task scheduler in Windows.
0. Typing these brings up the task scheduler; but they're hard to remember.
o Win+R > %windir%\system32\taskschd.msc /s
o Win+R > taskschd.msc /s
o Win+R > taskschd.msc
etc.
This is easier to remember:
o Win+R > task
1. Create a new shortcut that runs the task scheduler:
FILESPEC=c:\app\os\shortcut\task.lnk
TARGET=%windir%\system32\taskschd.msc /s
STARTIN=%windir%\system32
Note: Choose your own desired logical locations & shortcut name.
2. Create an AppPaths registry key value pair pointing to that command:
Note: Choose your own desired command name (it must end with ".exe").
3. Test:
Win+R > task
Voila!
--
Note: Test each phase in series, as you run through the steps, e.g.,
a. Before you do anything, make sure "Win+R > task" doesn't do anything.
b. Paste the desired command into the Run box to make sure it works.
c. When you create the task.lnk shortcut, doubleclick it to test it.
d. When you create the AppPaths key, run it in the Run box to test it.
command named "task" (never use plurals, for simplicity), which brings up
the task scheduler in Windows.
0. Typing these brings up the task scheduler; but they're hard to remember.
o Win+R > %windir%\system32\taskschd.msc /s
o Win+R > taskschd.msc /s
o Win+R > taskschd.msc
etc.
This is easier to remember:
o Win+R > task
1. Create a new shortcut that runs the task scheduler:
FILESPEC=c:\app\os\shortcut\task.lnk
TARGET=%windir%\system32\taskschd.msc /s
STARTIN=%windir%\system32
Note: Choose your own desired logical locations & shortcut name.
2. Create an AppPaths registry key value pair pointing to that command:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\]
task.exe=c:\app\os\shortcut\task.lnk
Note: Choose your own desired command name (it must end with ".exe").
3. Test:
Win+R > task
Voila!
--
Note: Test each phase in series, as you run through the steps, e.g.,
a. Before you do anything, make sure "Win+R > task" doesn't do anything.
b. Paste the desired command into the Run box to make sure it works.
c. When you create the task.lnk shortcut, doubleclick it to test it.
d. When you create the AppPaths key, run it in the Run box to test it.
Arlen Holder
Oct 28, 2020, 10:28:57 AM10/28/20
to
To round out the tutorial, we present a "registry" command
which works alongside regedit.exe to provide UAC-free access.
o Win+R + registry (to open the registry sans UAC prompts)
This new command points to an existing Windows command.
o Win+R + task (to open the task manager sans UAC prompts)
This new command points to an existing Windows applet.
o Win+R gateway (to kill/restart the gateway sans UAC prompts)
This new command points to a new batch command.
1. Test that the command you'll invoke already exists in Windows:
o Win+R > %windir%\regedit.exe
Note: This should bring up the registry editor (after UAC assent).
2. Test that the command you'll create doesn't currently exist:
o Win+R > registry
Note: It should error saying "Windows cannot find 'registry'.
3. Create a new shortcut that runs the desired command:
FILESPEC = c:\app\os\lnk\registry.lnk
TARGET = %windir%\regedit.exe
STARTIN = %windir% <== this doesn't seem to matter
4. Test your new (temporary) shortcut:
o Win+R > c:\app\os\lnk\registry.lnk
Note: This should bring up the registry editor (after UAC assent).
5. Create an AppPaths registry key value pair pointing to that command:
6. Test your new command name:
o Win+R > registry
Note: This should bring up the registry editor (after UAC).
7. Create a new background task which runs without invoking UAC access:
[General] Name = UAC Regedit Task
[General] [x]Run with highest privileges
[Actions] > [New] > Start a program
[Actions] Program/script: %windir%\regedit.exe
[OK][OK] Registry:File > Exit
Note: If you prefer to also attain focus, then substitute this:
[General] Name = UAC Regedit Task
[General] [x]Run with highest privileges
[Actions] > [New] > Start a program
[Actions] Program/script: %comspec%
[Actions] Add arguments (optional) = /c start "" regedit.exe
[OK][OK] Registry:File > Exit
8. Modify the shortcut to run that task sans invoking UAC access assent:
FILESPEC = c:\app\os\lnk\registry.lnk
TARGET = C:\Windows\System32\schtasks.exe /run /TN "UAC Regedit Task"
STARTIN = %windir% <== I don't think this matters
9. Copy that shortcut to your taskbar cascade accordion menu:
copy c:\app\os\lnk\registry.lnk c:\menu\os\lnk\registry.lnk
10. Test
Win+R > registry
Taskbar > menu > os > lnk > registry
Note: In both tests, the registry should open sans UAC access assent.
Voila!
--
As always, please improve so all benefit from every post on Usenet.
which works alongside regedit.exe to provide UAC-free access.
o Win+R + registry (to open the registry sans UAC prompts)
This new command points to an existing Windows command.
o Win+R + task (to open the task manager sans UAC prompts)
This new command points to an existing Windows applet.
o Win+R gateway (to kill/restart the gateway sans UAC prompts)
This new command points to a new batch command.
1. Test that the command you'll invoke already exists in Windows:
o Win+R > %windir%\regedit.exe
Note: This should bring up the registry editor (after UAC assent).
2. Test that the command you'll create doesn't currently exist:
o Win+R > registry
Note: It should error saying "Windows cannot find 'registry'.
3. Create a new shortcut that runs the desired command:
FILESPEC = c:\app\os\lnk\registry.lnk
TARGET = %windir%\regedit.exe
STARTIN = %windir% <== this doesn't seem to matter
4. Test your new (temporary) shortcut:
o Win+R > c:\app\os\lnk\registry.lnk
Note: This should bring up the registry editor (after UAC assent).
5. Create an AppPaths registry key value pair pointing to that command:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\]
registry.exe = c:\app\os\lnk\registry.lnk
6. Test your new command name:
o Win+R > registry
Note: This should bring up the registry editor (after UAC).
7. Create a new background task which runs without invoking UAC access:
Win+R > %windir%\system32\taskschd.msc /s
Rightclick on "Task Scheduler Library" > Create Task
[General] Name = UAC Regedit Task
[General] [x]Run with highest privileges
[Actions] > [New] > Start a program
[Actions] Program/script: %windir%\regedit.exe
[OK][OK] Registry:File > Exit
Note: If you prefer to also attain focus, then substitute this:
Win+R > %windir%\system32\taskschd.msc /s
Rightclick on "Task Scheduler Library" > Create Task
[General] Name = UAC Regedit Task
[General] [x]Run with highest privileges
[Actions] > [New] > Start a program
[Actions] Program/script: %comspec%
[Actions] Add arguments (optional) = /c start "" regedit.exe
[OK][OK] Registry:File > Exit
8. Modify the shortcut to run that task sans invoking UAC access assent:
FILESPEC = c:\app\os\lnk\registry.lnk
TARGET = C:\Windows\System32\schtasks.exe /run /TN "UAC Regedit Task"
STARTIN = %windir% <== I don't think this matters
9. Copy that shortcut to your taskbar cascade accordion menu:
copy c:\app\os\lnk\registry.lnk c:\menu\os\lnk\registry.lnk
10. Test
Win+R > registry
Taskbar > menu > os > lnk > registry
Note: In both tests, the registry should open sans UAC access assent.
Voila!
--
As always, please improve so all benefit from every post on Usenet.
Arlen Holder
Nov 8, 2020, 4:40:50 PM11/8/20
to
The server hosting the file seems to be down so I figured I'd post,
for posterity, the freeware killswitch batch file
(just in case it's lost).
<https://www.liquidvpn.com/vpn-kill-switches/>
@echo off
:: GetAdmin
:-------------------------------------
:: Verify permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
:: On Error No Admin
if '%errorlevel%' NEQ '0' (
echo Getting administrative privileges...
goto DoUAC
) else ( goto getAdmin )
:DoUAC
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:getAdmin
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------
@echo off
:: CHANGE DEFAULT GW IP BELOW
set defgw=192.168.0.1
@For /f "tokens=3" %%1 in (
'route.exe print 0.0.0.0 ^|findstr "\<0.0.0.0.*0.0.0.0\>"') Do set defgw=%%1
cls
:start
cls
echo.
color 0C
echo LiquidVPN's Simple VPN Kill Switch, ver. 0.1 - by LiquidVPN
echo.
echo.
echo Your routers gateway is probably "%defgw%"
echo -if nothing appears or its incorrect, add it manually (Press '3')
echo.
echo USAGE:
echo.
echo -Press "1" to Enable Kill Switch (IP "%defgw%")
echo -Press "2" to Disable Kill Switch (IP "%defgw%")
echo -Press "3" to manually set default gateway if its not detected above.
echo -Press "h" for Kill Switch Help
echo -Press "x" to exit Kill Switch.
echo.
set /p option=Your option:
if '%option%'=='1' goto :option1
if '%option%'=='2' goto :option2
if '%option%'=='3' goto :option3
if '%option%'=='x' goto :exit
if '%option%'=='h' goto :help
echo Insert 1, 2, x or h
timeout 3
goto start
:option1
route delete 0.0.0.0 %defgw%
echo Default gateway "%defgw%" removed
timeout 3
goto start
:option2
route add 0.0.0.0 mask 0.0.0.0 %defgw%
echo Defaulte gateway "%defgw%" restored
timeout 3
goto start
:option3
echo
set /p defgw=your gw IP (e.g. 192.168.0.1):
goto start
:help
cls
echo.
echo.
echo ======================
echo This simple kill switch removes your default gateway
echo and blocks traffic from reaching the internet when
echo your VPN gets disconnected.
echo.
echo Here is how you use it.
echo.
echo Step 1: Connect to LiquidVPN
echo Step 2: Enable LiquidVPN's Kill Switch (option "1")
echo.
echo Now Any internet traffic will pass through LiquidVPN only.
echo.
echo - If your VPN gets disconnected so will your internet.
echo - Disable the Kill Switch and reconnect.
echo.
echo.
echo When you disconnect from LiquidVPN follow these steps
echo to reconnect or to browse the internet normally.
echo.
echo Step 1: Close any software that may leak your real IP
echo Step 2: Disable the LiquidVPN kill switch (Option "2")
echo Step 3: Reconnect to LiquidVPN and enable the kill switch (Option "1")
echo.
timeout /T -1
goto start
:exit
exit
===< Above is LiquidVPN-Kill-Switch.bat >===
for posterity, the freeware killswitch batch file
(just in case it's lost).
<https://www.liquidvpn.com/vpn-kill-switches/>
<https://my.liquidvpn.com/dl.php?type=d&id=49>
Name: LiquidVPN-Kill-Switch.bat
Size: 2747 bytes (2 KiB)
SHA256: 933B7BD76EECB04D57A1A55E972C868D0460EB21021C16ED0ABC0B02EBD532A7
===< Below is LiquidVPN-Kill-Switch.bat >===
Name: LiquidVPN-Kill-Switch.bat
Size: 2747 bytes (2 KiB)
SHA256: 933B7BD76EECB04D57A1A55E972C868D0460EB21021C16ED0ABC0B02EBD532A7
@echo off
:: GetAdmin
:-------------------------------------
:: Verify permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
:: On Error No Admin
if '%errorlevel%' NEQ '0' (
echo Getting administrative privileges...
goto DoUAC
) else ( goto getAdmin )
:DoUAC
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:getAdmin
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------
@echo off
:: CHANGE DEFAULT GW IP BELOW
set defgw=192.168.0.1
@For /f "tokens=3" %%1 in (
'route.exe print 0.0.0.0 ^|findstr "\<0.0.0.0.*0.0.0.0\>"') Do set defgw=%%1
cls
:start
cls
echo.
color 0C
echo LiquidVPN's Simple VPN Kill Switch, ver. 0.1 - by LiquidVPN
echo.
echo.
echo Your routers gateway is probably "%defgw%"
echo -if nothing appears or its incorrect, add it manually (Press '3')
echo.
echo USAGE:
echo.
echo -Press "1" to Enable Kill Switch (IP "%defgw%")
echo -Press "2" to Disable Kill Switch (IP "%defgw%")
echo -Press "3" to manually set default gateway if its not detected above.
echo -Press "h" for Kill Switch Help
echo -Press "x" to exit Kill Switch.
echo.
set /p option=Your option:
if '%option%'=='1' goto :option1
if '%option%'=='2' goto :option2
if '%option%'=='3' goto :option3
if '%option%'=='x' goto :exit
if '%option%'=='h' goto :help
echo Insert 1, 2, x or h
timeout 3
goto start
:option1
route delete 0.0.0.0 %defgw%
echo Default gateway "%defgw%" removed
timeout 3
goto start
:option2
route add 0.0.0.0 mask 0.0.0.0 %defgw%
echo Defaulte gateway "%defgw%" restored
timeout 3
goto start
:option3
echo
set /p defgw=your gw IP (e.g. 192.168.0.1):
goto start
:help
cls
echo.
echo.
echo ======================
echo This simple kill switch removes your default gateway
echo and blocks traffic from reaching the internet when
echo your VPN gets disconnected.
echo.
echo Here is how you use it.
echo.
echo Step 1: Connect to LiquidVPN
echo Step 2: Enable LiquidVPN's Kill Switch (option "1")
echo.
echo Now Any internet traffic will pass through LiquidVPN only.
echo.
echo - If your VPN gets disconnected so will your internet.
echo - Disable the Kill Switch and reconnect.
echo.
echo.
echo When you disconnect from LiquidVPN follow these steps
echo to reconnect or to browse the internet normally.
echo.
echo Step 1: Close any software that may leak your real IP
echo Step 2: Disable the LiquidVPN kill switch (Option "2")
echo Step 3: Reconnect to LiquidVPN and enable the kill switch (Option "1")
echo.
timeout /T -1
goto start
:exit
exit
===< Above is LiquidVPN-Kill-Switch.bat >===
0 new messages