Cylance script control blocking Auto Download deployments

Comments

6 comments

  • Brad McClave

    Do you have an option to allow scripts from specific users?

    0
    Comment actions Permalink
  • Slash Question

    Try setting an exclusion for \windows\adminarsenal\pdqdeployrunner\

     

     

    0
    Comment actions Permalink
  • Ben Diaz

    It does not allow that option Brad

    I set the exclusion for there but it's still blocking the scripts

    0
    Comment actions Permalink
  • Slash Question

    What path is it blocking the script at?  Bonus points for screenshots :-)

    0
    Comment actions Permalink
  • Ben Diaz

    Event Viewer doesn't give me a file path when I check, here's what I see (blacked out identifying information):

    In the event beneath that it lets me know that Cylance blocked the powershell.exe process also, but as I said I don't want to unblock powershell for everything.

    0
    Comment actions Permalink
  • Slash Question

    The Cylance agent's UI would have the path listed in it when a block occurs.  If that is disabled locally, check the device's page in the Cylance console and see what path it's being blocked at.  Once you have that you should be able to set an appropriate exclusion.

    If all the powershell scripts are signed you could also white list the cert as an option.

    0
    Comment actions Permalink

Please sign in to leave a comment.