All Products: What are PSScriptPolicyTest Powershell Files?
search cancel

All Products: What are PSScriptPolicyTest Powershell Files?

book

Article ID: 285634

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What are PSScriptPolicyTest powershell files used for within Windows?

Environment

  • Microsoft Windows: All Versions
  • Microsoft Powershell: All Supported Versions

Resolution

These files are randomly generated by Microsoft and execution is attempted to determine which Language Mode PowerShell will run in when using AppLocker.
  • Allowing┬áthem to execute enables Full Language Mode in PowerShell.
  • Blocking┬áthem from execution enables Constrained Language Mode in PowerShell.

Additional Information

  • Constrained Language Mode helps to reduce the attack surface of PowerShell.
  • Full Language Mode grants access to any language element and therefore to any Windows API.
  • If using App Control, it is highly recommended to create this Custom Rule to block their execution without a Notifier, and this ABExclusion to prevent the information from being returned to the Server.