Cylance script control blocking Auto Download deployments
We use Cylance as our anti-virus and employ their Script Control feature, which stops powershell scripts from being run on our systems. Unfortunately many of the Auto Download packages employ a powershell script as part of them, and Cylance is blocking them from running.
Has anyone run into this issue before or found a workaround for it? I would definitely prefer not to turn off this feature.
Do you have an option to allow scripts from specific users?
Try setting an exclusion for \windows\adminarsenal\pdqdeployrunner\
It does not allow that option Brad
I set the exclusion for there but it's still blocking the scripts
What path is it blocking the script at? Bonus points for screenshots :-)
Event Viewer doesn't give me a file path when I check, here's what I see (blacked out identifying information):
In the event beneath that it lets me know that Cylance blocked the powershell.exe process also, but as I said I don't want to unblock powershell for everything.
The Cylance agent's UI would have the path listed in it when a block occurs. If that is disabled locally, check the device's page in the Cylance console and see what path it's being blocked at. Once you have that you should be able to set an appropriate exclusion.
If all the powershell scripts are signed you could also white list the cert as an option.
Please sign in to leave a comment.