Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Cylance script control blocking Auto Download deployments

We use Cylance as our anti-virus and employ their Script Control feature, which stops powershell scripts from being run on our systems. Unfortunately many of the Auto Download packages employ a powershell script as part of them, and Cylance is blocking them from running.

Has anyone run into this issue before or found a workaround for it? I would definitely prefer not to turn off this feature.

Thanks!

0

Comments

6 comments
Date Votes
  • Do you have an option to allow scripts from specific users?

    0
  • Try setting an exclusion for \windows\adminarsenal\pdqdeployrunner\

     

     

    0
  • It does not allow that option Brad

    I set the exclusion for there but it's still blocking the scripts

    0
  • What path is it blocking the script at?  Bonus points for screenshots :-)

    0
  • Event Viewer doesn't give me a file path when I check, here's what I see (blacked out identifying information):

    In the event beneath that it lets me know that Cylance blocked the powershell.exe process also, but as I said I don't want to unblock powershell for everything.

    0
  • The Cylance agent's UI would have the path listed in it when a block occurs.  If that is disabled locally, check the device's page in the Cylance console and see what path it's being blocked at.  Once you have that you should be able to set an appropriate exclusion.

    If all the powershell scripts are signed you could also white list the cert as an option.

    0