AppLocker - PowerShell scripts - C# PowerShell invoke

  • Thread starter Thread starter AmalJesudas
  • Start date Start date
A

AmalJesudas

Guest
I created an AppLocker policy that allows certain PowerShell scripts([123.ps1], [xxx.ps1], [Set.ps1]) to execute.
There are no default rules.
The created policy is set to local GPO.
The rule works fine for the scripts that are allowed ([123.ps1] and [xxx.ps1] can be executed).
Also a new file [zzz.ps1] will be blocked, as expected.

I then use C# code to run a PowerShell script(Set.ps1) to set a new policy.
If I execute a PowerShell script [abc.ps1], not included in policy file, it executes without any issue.
As per policy, it should be blocked from execution.
Is this a known issue?

NB: ApplicationIdentity service is running.

Does using Runspace [Namespace:System.Management.Automation.Runspaces] to invoke PowerShell from C# have any adverse effect on AppLocker policy for PowerShell script files?
Is there any relation of AppLocker policy and Execution policy for PowerShell scripts?
Will Execution policy override AppLocker policy?

Regards,
Amal

Continue reading...
 
Back
Top