5/15 랜섬웨어 이슈 -- Windows Firewall 없음.

5/15 다들 업데이트 문제에 한창이시죠.

근데 오늘 저는 Windows Firewall 이 서비스에 없는 경우를 봤습니다.

간단 정리!!!

1. 랜섬웨어 관련해서 방화벽 셋팅을 하려고 하는데, Windows Firewall 업데이트가 없다.

2.  MpsSvc.reg

위 파일을 다운로드 받아서 실행.

3. 재부팅

4. 방화벽 셋팅

처음이라 당황스럽기도 했는데,,

역시나 이전에 물어본 사람들이 있더라구요

https://answers.microsoft.com/ko-kr/windows/forum/windows_8-performance/0x6d9-%EB%B0%A9%ED%99%94%EB%B2%BD/fb63f145-60be-4801-ad3c-833aaa51fec8

내용은 간단하게 아래와 같습니다.

Windows firewall 서비스 재등록

 

1. Windows 로고키 + Q키 누른 후 메모장 검색 후 클릭합니다.
   
2. 아래 내용을 메모장에 복사 붙여넣기 합니다.
   
   Windows Registry Editor Version 5.00
   

   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc]

   "DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"

   "Group"="NetworkProvider"

   "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

   74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

   00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

   6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\

   00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00

   "Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"

   "ObjectName"="NT Authority\\LocalService"

   "ErrorControl"=dword:00000001

   "Start"=dword:00000002

   "Type"=dword:00000020

   "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\

   65,00,00,00,00,00

   "ServiceSidType"=dword:00000003

   "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\

   00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\

   72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\

   00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\

   00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\

   00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\

   53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\

   00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\

   65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\

   00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\

   6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\

   00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00

   "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

   00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters]

   "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

   00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

   6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

   "ServiceDllUnloadOnStop"=dword:00000001

   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters\PortKeywords]

   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Security]

   "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\

   00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

   00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\

   05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\

   20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\

   00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\

   00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\

   0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\

   00,00,00,05,12,00,00,00

3. 하신 후에 재부팅!

그럼 서비스가 나타나고 재시작하면 자동으로 서비스 시작됩니다.

랜섬웨어 조심하세용!!