• Carbon Black Cloud Sensor: All Supported Versions
  • Endpoint Standard

• Missing Approvals
• DBA Tools Triggers Advanced Scripting Prevention Rapid Config

For DBA Tools 1.0:

1. Upgrade to sensor version 3.8.0.722 or Higher
2. Ensure the DBA Tools Certificate is approved
   • Signer Name: dbatools
   • CA: DigiCert SHA2 Assured ID Code Signing CA

For DBA Tools 2.0:

1. To import a single module: Create a wrapper script with full bypass to execute the ps1 involved in importing dbatools module (such as typealiases.ps1).
   1. Create a wrapper script, (Example: wrapper_dbatools.bat), which will invoke the ps1 being blocked. Example below. Note: Do not actually use c:\temp or the name below. The name and location should be customized.

      PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& 'c:\temp\test_dbatools.ps1'"

   2. Next, give this wrapper script a PERMISSION, to FULL BYPASS OPERATION

      *\temp\wrapper_dbatools.bat  --> Performs any Operation –> Bypass

   3. The script can be ran with a new instance of "cmd.exe" as follows:

      c:\temp>cmd /c wrapper_dbatools.bat

2. If DBA Tools is needed in "interactive mode: have the wrapper script open a powershell prompt from which all subsequent commands will be allowed to run.
   • Example wrapper script content:

     start powershell.exe

• The wrapper script (.bat examples shared above) should be kept confidential/internal information since it provides unrestricted Powershell access. Other security measures such as NTFS / file permissions may be implemented for additional control.
• Additional approval mechanisms are being investigated for DBA Tools 2.0. This work is being tracked under CRE-18287 and is scheduled for an October release. No permissions rules should be required after that time.