cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GirishModakM
Level 8
Report Inappropriate Content
Message 1 of 4
‎12-05-2021 11:20 PM

McAfee ATP rules for blocking/preventing unauthorized use of PowerShell

Hello Team,

We are planning to disable PowerShell Completely in our environment. But we see it may cause many issues if we block it completely.

 

Can we use McAfee ATP to allow PowerShell in secure mode & it should block/prevent unauthorized use of PowerShell. I browsed  KB82925, but I can see many Rules that can prevent PowerShell unauthorized access. Can you please suggest which exact rule can be enabled with less false positives to prevent unauthorized PowerShell access?

 

thanks

Girish 

0 Kudos
Reply
3 Replies
yaz
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎12-06-2021 03:53 AM

Re: McAfee ATP rules for blocking/preventing unauthorized use of PowerShell

Hi @GirishModakM 

Thanks for reaching out to community. 

Based on the provided details, it looks like you needed to fine tune McAfee ATP / DAC rules to block powershell from unauthorized execution. 

Unfortunately, we cannot guarantee on the exact rules that overcome your requirements but certainly we can check on this internally and do the best from our end. 

I suggest you can raise an SR with our support so that we can also have complete details on your requirements and suggest best practices accordingly. 

Was my reply helpful?

If yes, please give me a Kudo. If I have answered your query, kindly mark this as solution so that together we help other community members. 

0 Kudos
Reply
Daveb3d
MVP
Report Inappropriate Content
Message 3 of 4
‎12-06-2021 06:45 AM

Re: McAfee ATP rules for blocking/preventing unauthorized use of PowerShell

What do you mean by secure mode?  Constrained language mode?  

0 Kudos
Reply
GirishModakM
Level 8
Report Inappropriate Content
Message 4 of 4
‎12-09-2021 01:55 AM

Re: McAfee ATP rules for blocking/preventing unauthorized use of PowerShell

@Daveb3d  I mean to say Secure mode means, preventing unauthorized use of PS by enabling ATP rules. Any specific rule that we can enable?

 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC