I've seen a few posts already about this but nothing in recent years. I've turned on Application policy to try an prevent misuse of PowerShell and other tools. However its raised a large number of regular (hourly) alerts on most of the endpoints. Suggests to me that these are legitimate calls. Maybe application update checks? I've removed Powershell from he policy for now because I can't tell what is causing these calls.
I assume I'm not the only one having this problem so are people generally excluding Powershell from the policy?
Thanks
Simeon
Hi Simeon Lewis ,
Thank you for reaching out to the Sophos Community forum. This behavior is explained in the following article:
Sophos Central: Application Control Frequently Asked Questions (FAQ)
As mentioned in this FAQ, some useful applications, like Windows PowerShell, may be deemed a potential risk in some infrastructures.
Application Control is used to prevent users from running applications that aren’t categorized as a security threat but aren’t suitable for use in a work environment. These are legitimate applications but are listed in the Application Control list of Sophos so that the IT admins can decide whether the application is of any use to their organization.
I hope this answers your question.
Quote