logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

All Products: What are PSScriptPolicyTest Powershell Files?

All Products: What are PSScriptPolicyTest Powershell Files?

Environment

  • Microsoft Windows: All Versions
  • Microsoft Powershell: All Supported Versions

Question

What are PSScriptPolicyTest powershell files used for within Windows?

Answer

These files are randomly generated by Microsoft and execution is attempted to determine which Language Mode PowerShell will run in when using AppLocker.
  • Allowing them to execute enables Full Language Mode in PowerShell.
  • Blocking them from execution enables Constrained Language Mode in PowerShell.

Additional Notes

  • Constrained Language Mode helps to reduce the attack surface of PowerShell.
  • Full Language Mode grants access to any language element and therefore to any Windows API.
  • If using App Control, it is highly recommended to create this Custom Rule to block their execution without a Notifier, and this ABExclusion to prevent the information from being returned to the Server.

Related Content


Was this article helpful? Yes No
61% helpful (3/5)
Article Information
Author:
CB_Support
Creation Date:
‎04-04-2019
Views:
71457
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.