• App Control (Formerly CB Protection) Console: All supported versions
   

This article shows where the invoke-command can be blocked using a rapid config.

https://community.carbonblack.com/t5/Documentation-Downloads/The-CB-Protection-Powershell-Rapid-Config-has-been-updated/ta-p/79488

 

• This  rapid config can protect against powershell downgrade attacks which may be used to bypass other protections.
• Exceptions can be made to facilitate good applications being able to execute.
• The rapid config rule would be able to report or block powershell commands with the following argument:
  <CmdlineAnyArgument:iex>*
• <cmdline:*iex*>* can also be used with wildcards to add additional detections
• The rapid configs don't support Regex use