Take control of PowerShell

Audit and block PowerShell scripts in your Windows environment.

See Pricing or Download

Zero-Configuration

Take advantage of zero-configuration protection for suspicious PowerShell usage.

AMSI Bypass

Module and script block logging bypass

Disabling Defender

BloudHound

Kerberoasting

PowerSploit

Just install and Protect automatically starts blocking.

Learn more about zero-configuration audit and blocking rules.

Explore Docs

Focus

Use PowerShell Protect to focus on the script executions that matter. Unlike script block logging, you can customize the PS Protect engine to audit and block based on aspects of the script and execution environment. Build rules focused on:

Commands

Script Content

.NET Methods and Properties

Administrator Status

Domain Controllers

PowerShell Version

Time of Day

Find what matters.

Learn how to configure PowerShell Protect to audit and block scripts.

Explore Docs

Audit

Audit script executions and store the properties you want into the destinations you already have.

SIEM (TCP), HTTP and File Support

Customizable Message Formats

Large selection of properties

Store the data that you need in the places that you want.

Try for 30 days before your buy. No credit card or email required.

Download

Block

Block script executions from happening in the first place. Use the PS Protect rule engine to prevent the following scenarios:

Non-Admin script executions

Script execution on domain controllers

Specific command execution by non-admins

Command execution during peak times

Avoid costly remediation by stopping it before it happens

Protect PowerShell

Whether you're looking to audit commands or block scripts on domain controllers, you can do it with PS Protect.

Flexible configuration

Create rules and audit destinations with basic XML syntax.

Simple installation

Install a PowerShell module and run a single command to get up and running.

Solid technology

Built on the Antimalware Scan Interface, PS Protect integrates right into Windows.

Global solution

PS Protect integrates into any PowerShell host to prevent executions in more than just PowerShell.exe.

Extensive integration

By using basic TCP, HTTP and file auditing, you can track executions with nearly any application.

Native blocking

By integrating with the native AMSI system, you can block PS execution in any host.

Try for free or Talk to our Experts

Start 30-day free trial. No credit card or email required.

Buy Now

Perpetual licenses with one year of maintenance included.

	Per Machine $50 / year
Rules
Administrator
Application
Command
Computer Name
Content Path
Domain
Domain Controller
.NET Property or Method
Script Content
String
Variable
Audit
File
TCP (SIEM)
HTTP
Block
Block Execution