Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
5
Helpful
2
Replies

Local versus group policy powershell exploit prevention control

paguilar
Level 1
Level 1

‎08-06-2021 11:06 AM

Can exploit prevention script control distinguish between a user initiated powershell script and one that is externally initiated such as a group policy?  I am creating a scheduled task to run on endpoints after group policy has a chance to synchronize.  Except, I don't know if I need to create an exclusion in AMP to allow that script to run if I have the script control enabled?

0 Helpful
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎08-07-2021 09:58 AM

Hi,

It doesn't distinguish between initiators. It rather identifies based on
activities and processes. So depends what application/process will be
impacted by you GPO. Give it a try to test.

**** please remember to rate useful posts

paguilar
Level 1
Level 1
In response to Mohammed al Baqari

‎08-07-2021 05:15 PM

I'm afraid I need to provide more clarification. See I'm trying to determine whether a scheduled task execution of a script made in Powershell is being blocked because of AMP. I don't know what times of intelligence/judgement AMP is using to block script execution so I would need to know ahead of time before creating say a wild card exclusion into my policy.
0 Helpful
Customers Also Viewed These Support Documents