Does KTS analyze scripts - powershell, python, batch - prior to letting them run if powershell executionpolicy is unrestricted? So the scripts don't need signing, you can run them with Run With Powershell but you'll get a warning prior to running them (as far as this executionpolicy is concerned)
KTS vs Scripts - ExecutionPolicy Unrestricted
- Thread starter Studynxx
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Apr 21, 2016
- 3,488
Yes, Kaspersky Total Security (KTS) does analyze scripts for malicious behavior, regardless of the PowerShell execution policy. It provides proactive protection by scanning scripts before they are run. However, it's always recommended to use signed scripts and restrict PowerShell execution policy for an added layer of security.
Xeno1234
Level 14
- Jun 12, 2023
- 699
- Sep 2, 2021
- 2,322
Kaspersky analyzes the behavior of both malicious and non-malicious scripts.
A lot of malware uses scripts to download and launch payloads.
A lot of malware uses scripts to download and launch payloads.
So for example if I were to run a malicious script on my system then would it show me the same message of "blocking" as if it was, say, an .exe?Like "Malicious file blocked" or sth
- Sep 2, 2021
- 2,322
Kaspersky uses a module called AMSI. First, it will attempt to block the connection to the server. If this doesn't work, the System Watcher will react with a behavioral detection (PDM:Trojan.Win32.Generic style).
OK but what if I were to deliberately create a malicious powershell script and run it on my system (VM) with Kaspersky on it? There would be no C2 server in this script btw
- Sep 2, 2021
- 2,322
Hm... Not sure I'm doing it correctly but I just wrote a simple powershell script that would attempt to write to system32 and as admin it wasn't blocked.
Similar threads
