Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 13 subscribers
  • Views 1116 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Controlled application blocked: Microsoft Powershell

Simeon Lewis

I've seen a few posts already about this but nothing in recent years. I've turned on Application policy to try an prevent misuse of PowerShell and other tools. However its raised a large number of regular (hourly) alerts on most of the endpoints. Suggests to me that these are legitimate calls. Maybe application update checks? I've removed Powershell from he policy for now because I can't tell what is causing these calls.

I assume I'm not the only one having this problem so are people generally excluding Powershell from the policy?

Thanks

Simeon



This thread was automatically locked due to age.
  • +1

    Hi  ,

    Thank you for reaching out to the Sophos Community forum. This behavior is explained in the following article:

    Sophos Central: Application Control Frequently Asked Questions (FAQ)

    As mentioned in this FAQ, some useful applications, like Windows PowerShell, may be deemed a potential risk in some infrastructures.

    Application Control is used to prevent users from running applications that aren’t categorized as a security threat but aren’t suitable for use in a work environment. These are legitimate applications but are listed in the Application Control list of Sophos so that the IT admins can decide whether the application is of any use to their organization.

    I hope this answers your question.

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    Thanks for your response. Understood. I'd certainly like to block users from accessing Powershell but it looks like other services are making calls to PowerShell for legitimate reasons. For example, we have a Windows Update Delivery Optimization policy in place for laptops  that is reliant on PowerShell calls. Application Control would be great but its quite a blunt instrument - all or nothing. Thanks anyway.

Unfiltered HTML