This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Controlled application blocked: Microsoft Powershell

I've seen a few posts already about this but nothing in recent years. I've turned on Application policy to try an prevent misuse of PowerShell and other tools. However its raised a large number of regular (hourly) alerts on most of the endpoints. Suggests to me that these are legitimate calls. Maybe application update checks? I've removed Powershell from he policy for now because I can't tell what is causing these calls.

I assume I'm not the only one having this problem so are people generally excluding Powershell from the policy?

Thanks

Simeon



This thread was automatically locked due to age.
Parents
  • Thanks for your response. Understood. I'd certainly like to block users from accessing Powershell but it looks like other services are making calls to PowerShell for legitimate reasons. For example, we have a Windows Update Delivery Optimization policy in place for laptops  that is reliant on PowerShell calls. Application Control would be great but its quite a blunt instrument - all or nothing. Thanks anyway.

Reply
  • Thanks for your response. Understood. I'd certainly like to block users from accessing Powershell but it looks like other services are making calls to PowerShell for legitimate reasons. For example, we have a Windows Update Delivery Optimization policy in place for laptops  that is reliant on PowerShell calls. Application Control would be great but its quite a blunt instrument - all or nothing. Thanks anyway.

Children
No Data