Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Alerts for "The application powershell_ise.exe attempted to execute fileless content in order to evade inspection."

Carbon Black Cloud: Alerts for "The application powershell_ise.exe attempted to execute fileless content in order to evade inspection."

Environment

  • Carbon Black Cloud Sensor: 3.6.x - 3.8.0.627
  • Microsoft Windows: All Supported Versions

Symptoms

Seeing events similar to:

The application powershell_ise.exe attempted to execute fileless content in order to evade inspection. A Deny policy action was applied.

CMD:
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoExit -Command Help Set-ExecutionPolicy

Cause

Code change DSEN-19179


Resolution

Upgrade to 3.8.0.722 or above

VMware Carbon Black Cloud Windows Sensor 3.8.0.722 Release Notes
  • DSEN-19179: Fixed an issue with PowerShell fileless script rules blocking the use of the “-executionpolicy” command line option

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-09-2023
Views:
513