cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mh22mh
Level 8
Report Inappropriate Content
Message 11 of 12

Re: blocking powershell

Hi there,

Since you want certain users to be able to do it and the rest no, the easier way is to use the access protection in ENS.

I am using it like this:

Step1) Create a rule and include any file (*).

Step2)  Add user name for exclusion later.

Step3) Create a subrule for the type "Processes"

Step4-1) Add as name or hash file for the Powershell engines (This is a subrule inside step3)

Step4-2) Add the data name which is .ps1  (This is a subrule inside step3)

Take look at the attached screen shots

mlajoie
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 12 of 12

Re: blocking powershell

Yeah -- we tried it with AP first but it didn't meet our needs. We have a need to allow certain AD groups still be able to process PS scripts and whatnot. That led us to EP which does have that ability to use AD groups. I do appreciate the .ps1 addition to the rule. That isn't something we had previously considered.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community