New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: appvlp.exe" -Program "%programfiles%\Microsoft Office\root\client\AppVLP.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: appvlp.exe" -Program "%programfiles(x86)%\Microsoft Office\root\client\AppVLP.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: At.exe" -Program "%SystemRoot%\System32\At.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: At.exe" -Program "%SystemRoot%\SysWOW64\At.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Attrib.exe" -Program "%SystemRoot%\System32\Attrib.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Attrib.exe" -Program "%SystemRoot%\SysWOW64\Attrib.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Atbroker.exe" -Program "%SystemRoot%\System32\Atbroker.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Atbroker.exe" -Program "%SystemRoot%\SysWOW64\Atbroker.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: bash.exe" -Program "%SystemRoot%\System32\bash.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: bash.exe" -Program "%SystemRoot%\SysWOW64\bash.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: bitsadmin.exe" -Program "%SystemRoot%\System32\bitsadmin.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: bitsadmin.exe" -Program "%SystemRoot%\SysWOW64\bitsadmin.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: calc.exe" -Program "%SystemRoot%\System32\calc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: calc.exe" -Program "%SystemRoot%\SysWOW64\calc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: certreq.exe" -Program "%SystemRoot%\System32\certreq.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: certreq.exe" -Program "%SystemRoot%\SysWOW64\certreq.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: certutil.exe" -Program "%SystemRoot%\System32\certutil.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: certutil.exe" -Program "%SystemRoot%\SysWOW64\certutil.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cmdkey.exe" -Program "%SystemRoot%\System32\cmdkey.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cmdkey.exe" -Program "%SystemRoot%\SysWOW64\cmdkey.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cmstp.exe" -Program "%SystemRoot%\System32\cmstp.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cmstp.exe" -Program "%SystemRoot%\SysWOW64\cmstp.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: CompatTelRunner.exe" -Program "%SystemRoot%\System32\CompatTelRunner.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: CompatTelRunner.exe" -Program "%SystemRoot%\SysWOW64\CompatTelRunner.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: control.exe" -Program "%SystemRoot%\System32\control.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: control.exe" -Program "%SystemRoot%\SysWOW64\control.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Csc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Csc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Csc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Csc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cscript.exe" -Program "%SystemRoot%\System32\cscript.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cscript.exe" -Program "%SystemRoot%\SysWOW64\cscript.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ctfmon.exe" -Program "%SystemRoot%\System32\ctfmon.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ctfmon.exe" -Program "%SystemRoot%\SysWOW64\ctfmon.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: curl.exe" -Program "%SystemRoot%\System32\curl.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: curl.exe" -Program "%SystemRoot%\SysWOW64\curl.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: desktopimgdownldr.exe" -Program "%SystemRoot%\System32\desktopimgdownldr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: DeviceDisplayObjectProvider.exe" -Program "%SystemRoot%\System32\DeviceDisplayObjectProvider.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: DeviceDisplayObjectProvider.exe" -Program "%SystemRoot%\SysWOW64\DeviceDisplayObjectProvider.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Dfsvc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Dfsvc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Dfsvc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Dfsvc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: diskshadow.exe" -Program "%SystemRoot%\SysWOW64\diskshadow.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: diskshadow.exe" -Program "%SystemRoot%\System32\diskshadow.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Dnscmd.exe" -Program "%SystemRoot%\SysWOW64\Dnscmd.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Dnscmd.exe" -Program "%SystemRoot%\System32\Dnscmd.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: dwm.exe" -Program "%SystemRoot%\SysWOW64\dwm.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: dwm.exe" -Program "%SystemRoot%\System32\dwm.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: eventvwr.exe" -Program "%SystemRoot%\SysWOW64\eventvwr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: eventvwr.exe" -Program "%SystemRoot%\System32\eventvwr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: esentutl.exe" -Program "%SystemRoot%\SysWOW64\esentutl.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: esentutl.exe" -Program "%SystemRoot%\System32\esentutl.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: eventvwr.exe" -Program "%SystemRoot%\SysWOW64\eventvwr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: eventvwr.exe" -Program "%SystemRoot%\SysWOW64\eventvwr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Expand.exe" -Program "%SystemRoot%\System32\Expand.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Expand.exe" -Program "%SystemRoot%\SysWOW64\Expand.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: explorer.exe" -Program "%SystemRoot%\System32\explorer.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: explorer.exe" -Program "%SystemRoot%\SysWOW64\explorer.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Extexport.exe" -Program "%programfiles%\Internet Explorer\Extexport.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Extexport.exe" -Program "%programfiles(x86)%\Internet Explorer\Extexport.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: extrac32.exe" -Program "%SystemRoot%\System32\extrac32.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: extrac32.exe" -Program "%SystemRoot%\SysWOW64\extrac32.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: findstr.exe" -Program "%SystemRoot%\System32\findstr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: findstr.exe" -Program "%SystemRoot%\SysWOW64\findstr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: forfiles.exe" -Program "%SystemRoot%\System32\forfiles.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: forfiles.exe" -Program "%SystemRoot%\SysWOW64\forfiles.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ftp.exe" -Program "%SystemRoot%\System32\ftp.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ftp.exe" -Program "%SystemRoot%\SysWOW64\ftp.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: gpscript.exe" -Program "%SystemRoot%\System32\gpscript.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: gpscript.exe" -Program "%SystemRoot%\SysWOW64\gpscript.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: hh.exe" -Program "%SystemRoot%\System32\hh.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: hh.exe" -Program "%SystemRoot%\SysWOW64\hh.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ie4uinit.exe" -Program "%SystemRoot%\System32\ie4uinit.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ie4uinit.exe" -Program "%SystemRoot%\SysWOW64\ie4uinit.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ieexec.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\ieexec.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ieexec.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\ieexec.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ilasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ilasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Infdefaultinstall.exe" -Program "%SystemRoot%\System32\Infdefaultinstall.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Infdefaultinstall.exe" -Program "%SystemRoot%\SysWOW64\Infdefaultinstall.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: InstallUtil.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: InstallUtil.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: InstallUtil.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: InstallUtil.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Jsc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\Jsc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Jsc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Jsc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Jsc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Jsc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Jsc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Jsc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: lsass.exe" -Program "%SystemRoot%\System32\lsass.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: lsass.exe" -Program "%SystemRoot%\SysWOW64\lsass.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: makecab.exe" -Program "%SystemRoot%\System32\makecab.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: makecab.exe" -Program "%SystemRoot%\SysWOW64\makecab.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mavinject.exe" -Program "%SystemRoot%\System32\mavinject.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mavinject.exe" -Program "%SystemRoot%\SysWOW64\mavinject.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Microsoft.Workflow.Compiler.exe" -Program "%SystemRoot%\Microsoft.Net\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mmc.exe" -Program "%SystemRoot%\SysWOW64\mmc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mmc.exe" -Program "%SystemRoot%\System32\mmc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\Msbuild.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Msbuild.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v3.5\Msbuild.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v3.5\Msbuild.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Msbuild.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: msconfig.exe" -Program "%SystemRoot%\System32\msconfig.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msdt.exe" -Program "%SystemRoot%\System32\Msdt.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msdt.exe" -Program "%SystemRoot%\SysWOW64\Msdt.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mshta.exe" -Program "%SystemRoot%\System32\mshta.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mshta.exe" -Program "%SystemRoot%\SysWOW64\mshta.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: msiexec.exe" -Program "%SystemRoot%\System32\msiexec.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: msiexec.exe" -Program "%SystemRoot%\SysWOW64\msiexec.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Netsh.exe" -Program "%SystemRoot%\System32\Netsh.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Netsh.exe" -Program "%SystemRoot%\SysWOW64\Netsh.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: notepad.exe" -Program "%SystemRoot%\system32\notepad.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: notepad.exe " -Program "%SystemRoot%\SysWOW64\notepad.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: odbcconf.exe" -Program "%SystemRoot%\System32\odbcconf.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: odbcconf.exe" -Program "%SystemRoot%\SysWOW64\odbcconf.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pcalua.exe" -Program "%SystemRoot%\System32\pcalua.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pcalua.exe" -Program "%SystemRoot%\SysWOW64\pcalua.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pcwrun.exe" -Program "%SystemRoot%\System32\pcwrun.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pcwrun.exe" -Program "%SystemRoot%\SysWOW64\pcwrun.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pktmon.exe" -Program "%SystemRoot%\System32\pktmon.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pktmon.exe" -Program "%SystemRoot%\SysWOW64\pktmon.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: powershell.exe" -Program "%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: powershell.exe" -Program "%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: powershell_ise.exe" -Program "%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell_ise.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: powershell_ise.exe" -Program "%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Presentationhost.exe" -Program "%SystemRoot%\System32\Presentationhost.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Presentationhost.exe" -Program "%SystemRoot%\SysWOW64\Presentationhost.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: psr.exe" -Program "%SystemRoot%\System32\psr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: psr.exe" -Program "%SystemRoot%\SysWOW64\psr.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rasautou.exe" -Program "%SystemRoot%\System32\rasautou.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rasautou.exe" -Program "%SystemRoot%\SysWOW64\rasautou.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: reg.exe" -Program "%SystemRoot%\System32\reg.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: reg.exe" -Program "%SystemRoot%\SysWOW64\reg.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\regasm.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\regasm.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\regasm.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\regasm.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regedit.exe" -Program "%SystemRoot%\System32\regedit.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regedit.exe" -Program "%SystemRoot%\SysWOW64\regedit.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regini.exe" -Program "%SystemRoot%\System32\regini.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regini.exe" -Program "%SystemRoot%\SysWOW64\regini.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Register-cimprovider.exe" -Program "%SystemRoot%\System32\Register-cimprovider.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Register-cimprovider.exe" -Program "%SystemRoot%\SysWOW64\Register-cimprovider.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regsvcs.exe" -Program "%SystemRoot%\System32\regsvcs.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regsvcs.exe" -Program "%SystemRoot%\SysWOW64\regsvcs.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regsvr32.exe" -Program "%SystemRoot%\System32\regsvr32.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regsvr32.exe" -Program "%SystemRoot%\SysWOW64\regsvr32.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: replace.exe" -Program "%SystemRoot%\System32\replace.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: replace.exe" -Program "%SystemRoot%\SysWOW64\replace.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rpcping.exe" -Program "%SystemRoot%\System32\rpcping.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rpcping.exe" -Program "%SystemRoot%\SysWOW64\rpcping.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rundll32.exe" -Program "%SystemRoot%\System32\rundll32.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rundll32.exe" -Program "%SystemRoot%\SysWOW64\rundll32.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: runonce.exe" -Program "%SystemRoot%\System32\runonce.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: runonce.exe" -Program "%SystemRoot%\SysWOW64\runonce.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: services.exe" -Program "%SystemRoot%\System32\services.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: services.exe" -Program "%SystemRoot%\SysWOW64\services.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: sc.exe" -Program "%SystemRoot%\System32\sc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: sc.exe" -Program "%SystemRoot%\SysWOW64\sc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: schtasks.exe" -Program "%SystemRoot%\System32\schtasks.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: schtasks.exe" -Program "%SystemRoot%\SysWOW64\schtasks.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: scriptrunner.exe" -Program "%SystemRoot%\System32\scriptrunner.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: scriptrunner.exe" -Program "%SystemRoot%\SysWOW64\scriptrunner.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: SyncAppvPublishingServer.exe" -Program "%SystemRoot%\System32\SyncAppvPublishingServer.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: SyncAppvPublishingServer.exe" -Program "%SystemRoot%\SysWOW64\SyncAppvPublishingServer.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: telnet.exe" -Program "%SystemRoot%\System32\telnet.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: telnet.exe" -Program "%SystemRoot%\SysWOW64\telnet.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: tftp.exe" -Program "%SystemRoot%\System32\tftp.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: tftp.exe" -Program "%SystemRoot%\SysWOW64\tftp.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ttdinject.exe" -Program "%SystemRoot%\System32\ttdinject.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ttdinject.exe" -Program "%SystemRoot%\SysWOW64\ttdinject.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: tttracer.exe" -Program "%SystemRoot%\System32\tttracer.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: tttracer.exe" -Program "%SystemRoot%\SysWOW64\tttracer.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: vbc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: vbc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v3.5\vbc.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: verclsid.exe" -Program "%SystemRoot%\System32\verclsid.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: verclsid.exe" -Program "%SystemRoot%\SysWOW64\verclsid.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wab.exe" -Program "%programfiles%\Windows Mail\wab.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wab.exe" -Program "%programfiles(x86)%\Windows Mail\wab.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: WerFault.exe" -Program "%SystemRoot%\System32\WerFault.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: WerFault.exe" -Program "%SystemRoot%\System32\WerFault.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: WerFault.exe" -Program "%SystemRoot%\SysWOW64\WerFault.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: WerFault.exe" -Program "%SystemRoot%\SysWOW64\WerFault.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wininit.exe" -Program "%SystemRoot%\System32\wininit.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wininit.exe" -Program "%SystemRoot%\SysWOW64\wininit.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: winlogon.exe" -Program "%SystemRoot%\System32\winlogon.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: winlogon.exe" -Program "%SystemRoot%\SysWOW64\winlogon.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wmic.exe" -Program "%SystemRoot%\System32\wbem\wmic.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wmic.exe" -Program "%SystemRoot%\SysWOW64\wbem\wmic.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wordpad.exe" -Program "%programfiles%\windows nt\accessories\wordpad.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wordpad.exe" -Program "%programfiles(x86)%\windows nt\accessories\wordpad.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wscript.exe" -Program "%SystemRoot%\System32\wscript.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wscript.exe" -Program "%SystemRoot%\SysWOW64\wscript.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wsreset.exe" -Program "%SystemRoot%\System32\wsreset.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wsreset.exe" -Program "%SystemRoot%\SysWOW64\wsreset.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: xwizard.exe" -Program "%SystemRoot%\System32\xwizard.exe" -Direction Outbound -Action Block
New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: xwizard.exe" -Program "%SystemRoot%\SysWOW64\xwizard.exe" -Direction Outbound -Action Block