This configuration validates the Microsoft Secure Score recommendation:
Block outbound network connections from Microsoft HTML Application Host (
mshta.exe)
mshta.exe is frequently abused by attackers to execute malicious HTA payloads and establish outbound connections.
Blocking outbound traffic helps reduce the attack surface and improves Microsoft Secure Score compliance.
- Create Policy
- Platform : Windows
- Profile : Windows Firewall Rules
- Name : Block mshta.exe
- Description : Block outbound network connections from Microsoft HTML Application Host (mshta.exe)
- Add 2 firewall rules:
- Block C:\Windows\SysWOW64\mshta.exe
- Block C:\Windows\System32\mshta.exe
- Set the action to Block for both rules.
Rule 1 Click Edit instance :
- Enable : Enabled
- Interfaces types : All
- File Path: Click Configure →
C:\Windows\SysWOW64\mshta.exe
Rule 2 Click Edit instance :
- Enable : Enabled
- Interfaces types : All
- File Path : Click configuree →
C:\Windows\System32\mshta.exe
Nothing
- All devices
Test the policy with:
Get-NetFirewallRule -PolicyStore ActiveStore | Where-Object {$_.DisplayName -like "*mshta*"}