TDAD PowerShell obfuscation failing
Article ID: 263983
Updated On:
Products
Endpoint Threat Defense for Active Directory
Endpoint Security Complete
Issue/Introduction
After deploying Threat Defense for Active Directory (TDAD), PowerShell obfuscation is not working well. From cmd.exe it is showing the expected objects based on the obfuscation factor.
Environment
Release : SES Complete 14.3 RU6+ with TDAD
Cause
Enable Legacy .NET Obfuscation is toggled on in the TDAD policy.
Resolution
Legacy .NET Obfuscation forces a compatibility mode which does not mask for as many commands. Disable this option in the Advanced Options section of the TDAD policy and apply it, to have the latest protection.
Note: Agents older than 14.3 RU6 have a more limited scope of supported obfuscation. Please ensure the agent is running 14.3 RU6 or greater for the best TDAD protection.
Feedback
Yes
No
Powered by
