[cduzz]

Is there a windows equivalent of "chmod 0000 /file/to/be/made/unavailable" ? Even that seems pretty brutal but at least it's easily reversible if you discover that "oh I needed that to download the vendor patch that will _actually_ fix the problem"

[jeroenhd]

There is, you can go into the NTFS permissions and just deny access to every group and user on every type of file access. I did that for compattelrunner.exe*

Windows has so far randomly undone these changes so there's probably some kind of recovery mechanism that gets triggered when you alter file permissions. A script running on login setting the permissions through powershell seems to have put that stupid executable in stasis on my machine at least, so perhaps it works for curl too.

* compattelrunner is a telemetry generation tool that seemingly cannot be killed. I have applied every registry hack, privacy tool, and Windows setting, but that damned thing will not be disabled. If it weren't for the driver signature enforcement, I would've written a minifilter driver that makes all files with that name disappear to finally rid myself of this curse.

[sumtechguy]

Really depends on how windows put that curl.exe there in the first place. WinSxS would probably detect the damage and fix it. It is kind of how MS 'fixed' DLL hell. Windows really tries to stop that sort of thing. Also depending on how it was installed you may be able to get the windows installer subsystem that controls it to just uninstall it for you. Would just depend if it s part of another bundle or not. If you want to see how there are tons of vids on how people make stripped down windows installs.

Also if you are stuck with this another way to fix it is to just run the file out of a different directory and/or rename your new one. Windows load hierarchy is local folder first, then path (which usually has system32 in there somewhere).

But if you are dead set on your chmod method yes you could use calcs to do it. Add the executable permission to false. You prob would have to do that from a decently privlaged account. You probably could also do it from active directory using a group policy.

A better way is to open a phone support ticket with MS if they are the ones installing it. Going onto their web support boards is usually basically a dead end. If you bought your PC from an OEM you can call them too then they can open a ticket with MS.

[oneeyedpigeon]

Even more low-tech: I can't believe people just hose the executable (and immediately empty their recycle bin?) rather than just renaming it.

[jhoelzel]

yes there is, you just need to right click the file and remove the privileges for system.

I just did this for the "AsusComService" which would take 30% of my i9 13k simply because i have dns blocking running for it.

[Laaas]

Why can't you uninstall it?

[jhoelzel]

because it comes from the motherboard and will reinstall every time i reboot. I have deleted it before, renamed it and more but nothing helped unless i revoked its privileges.

Or differently said, modern asus motherboards actively come with a rootkit.