All Products: What are PSScriptPolicyTest Powershell Files?
book
Article ID: 285634
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)Carbon Black EDR (formerly Cb Response)
Issue/Introduction
What are PSScriptPolicyTest powershell files used for within Windows?
Environment
Microsoft Windows: All Versions
Microsoft Powershell: All Supported Versions
Resolution
These files are randomly generated by Microsoft and execution is attempted to determine which Language Mode PowerShell will run in when using AppLocker.
Allowing them to execute enables Full Language Mode in PowerShell.
Blocking them from execution enables Constrained Language Mode in PowerShell.
Additional Information
Constrained Language Mode helps to reduce the attack surface of PowerShell.
Full Language Mode grants access to any language element and therefore to any Windows API.
If using App Control, it is highly recommended to create this Custom Rule to block their execution without a Notifier, and this ABExclusion to prevent the information from being returned to the Server.