How to use PowerShell scripts in the H_C Recommended Settings.
Windows system and Hard_Configurator use the below restrictions on PowerShell Scripting:
- PowerShell ExecutionPolicy is set to Restricted (default Windows setting)
- PowerShell Constrained Language Mode is applied by SRP.
- The script blocking policy is applied via the H_C setting <Block PowerShell Scripts> = ON.
Point 3 prevents the user from running manually PowerShell script files from Explorer or desktop (like point 1), but additionally disables running such files via command-line with script interpreters (powershell.exe and powershell_ise.exe).
Points 3 and 1 do not block PowerShell command-lines that do not use script files. Such command-lines are often used in shortcuts and when PowerShell is invoked in non-PowerShell scripts (via Windows Script Host or CMD).
Point 2 allows running PowerShell code, but advanced functions are disabled. These functions are commonly used by malware.
So, what can be done if the user wants to use PowerShell scripting?
The first thing should be removing the PowerShell Execution policy (point 1) and replace it by adding PowerShell script extensions to SRP.
Next, we must remove the script blocking policy by setting <Block PowerShell Scripts> = OFF.
Finally, we should whitelist all PowerShell scripts we want to use.
Now we have a good PowerShell protection which allows running our scripts.
One can also use the <Block PowerShell Scripts> = OFF setting temporarily (to run own scripts) and set it to ON after that.
malwaretips.com
