logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection: How to track script files

CB Protection: How to track script files

Environment

  • CB Protection Console: All Supported Versions

Objective

How to track script files normally considered "uninteresting". 

Resolution

  1. Within the console navigate to Rules > Software Rules and select the Scripts tab
  2. Create a new rule
  3. The path or file should be the extension of the file. For example 
    *.ps1
  4. The process should be the process which will be executing the script. For example:  
    *\powershell.exe

Additional Notes

Additional information regarding custom rules can be found in App Control: Custom Rules Best Practices or in the CB Protection User Guide located here

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎04-22-2019
Views:
1056
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.