Thread Info
  • State Not Answered
  • Replies 2 replies
  • Subscribers 15 subscribers
  • Views 571 views
  • Users 0 members are here
Options
Suggested

Whitelist/Exclude Powershell script

sndyblz

Our server team use ansible to run remotely a PowerShell script for checking server/s resources.

The problem the script is making notification noise, how we will able to exclude or whitelist the certain scripts like C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand ..some commands.



Added Tags
[edited by: GlennSen at 10:33 AM (GMT -8) on 8 Jan 2025]
Parents Reply
  • 0 in reply to GlennSen

    There is a risk excluding the C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, this may allow even the positive exploit/attack, which why I'm inclined to exclude it.

    I'm looking to exclusion that include the whole command to make it more specific. 

    C:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand  -Some Script Here- 

Children
No Data
Unfiltered HTML