Honestly, if you can (1) block standard users from downloading & running arbitrary binaries and (2) prevent Powershell.exe from being started by standard user-level programs you can still stop the vast majority of real-world commodity Windows malware install chains from working.
-
-
Agreed. Was thinking of those orgs with legacy practices still using login and task WSH scripts for admin purposes. But if you can block WSH itself in an org, absolutely. Same with mshta. (Ideally, same with any form of code or command execution you don't need/don't use.)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.