Take advantage of zero-configuration protection for suspicious PowerShell usage.
Module and script block logging bypass
Just install and Protect automatically starts blocking.
Use PowerShell Protect to focus on the script executions that matter. Unlike script block logging, you can customize the PS Protect engine to audit and block based on aspects of the script and execution environment. Build rules focused on:
.NET Methods and Properties
Time of Day
Find what matters.
Audit script executions and store the properties you want into the destinations you already have.
SIEM (TCP), HTTP and File Support
Customizable Message Formats
Large selection of properties
Store the data that you need in the places that you want.
Block script executions from happening in the first place. Use the PS Protect rule engine to prevent the following scenarios:
Non-Admin script executions
Script execution on domain controllers
Specific command execution by non-admins
Command execution during peak times
Avoid costly remediation by stopping it before it happens
Whether you're looking to audit commands or block scripts on domain controllers, you can do it with PS Protect.
Create rules and audit destinations with basic XML syntax.
Install a PowerShell module and run a single command to get up and running.
Built on the Antimalware Scan Interface, PS Protect integrates right into Windows.
PS Protect integrates into any PowerShell host to prevent executions in more than just PowerShell.exe.
By using basic TCP, HTTP and file auditing, you can track executions with nearly any application.
By integrating with the native AMSI system, you can block PS execution in any host.