Prevent the executions of Script Processors from non-default locations

search cancel

Prevent the executions of Script Processors from non-default locations

book

Article ID: 405471

calendar_today

Updated On:

Products

Carbon Black App Control

Issue/Introduction

App Control can prevent execution of Script Processors such as CMD.exe and PowerShell.exe from non-default locations.

Environment

App Control Windows Agent: All Supported Versions

Resolution

To prevent prevent executions of Script Processors such as CMD.exe and PowerShell.exe from non-default locations, configure and enable the Script Processors Rapid Config (Software Rules > Rapid Configs)

Additional Information

A best practice is to enable Rapid Configs in Report-Only mode and monitor for a week before switching it to Block action.

Feedback

thumb_up Yes

thumb_down No