Skip to content
A Windows 7-10 startup script for detecting and preventing "Ease Of Access" attacks.
Visual Basic
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Accessibility_Defender.vbs
LICENSE
README.md

README.md

Accessibility-Tools-utilmon-Defender

A Windows 7-10 startup script for detecting and preventing "Ease Of Access" attacks.

This script was featured in the how-to blog post "Windows Accessibility Tools… For Hackers Too???" on the HonestRepair Blog.

It is intended to be added to Group Policy Management on a domain or the Local Group Policy Editor on a standalone PC as a machine startup script.

The script hashes cmd.exe (if it exists) and compares it against the hashes for each vulnerable tool in the Ease of Access center (utilmon.exe). A hard-coded hash exists as a default if cmd.exe was moved.

You must download "Fake Sendmail For Windows" and extract all files to wherever you install the Accessibility_Defender.vbs script.

If a compromise is detected the script will create a logfile of the incident and shut down the machine.

You can’t perform that action at this time.