Forum Discussion
HWill
Feb 22, 2024Copper Contributor
Live Response run powershell fails despite "Allow Unsigned Script" being set to true
Whilst testing the Live Response capabilities, and attempting to run a powershell script, it fails with the below error.
Transcript started, output file is C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{29B2082F-63D2-4883-9645-4047F7896CD2}.txt
Errors:
. : File C:\ProgramData\Microsoft\Windows Defender Advanced Threat
Protection\Downloads\PSScript_{17A7411E-63D2-4883-9645-4047F7896CD2}.ps1 cannot be loaded. The file
C:\ProgramData\Microsoft\Windows Defender Advanced Threat
Protection\Downloads\PSScript_{17A7411E-63D2-4883-9645-4047F7896CD2}.ps1 is not digitally signed. You cannot run this
script on the current system. For more information about running scripts and setting execution policy, see
about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:847
+ ... D2}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
The execution policy on devices requires powershell scripts to be signed, but I assume this would be bypassed as the below option is set to true?
Enables using unsigned PowerShell scripts in Live Response.
No RepliesBe the first to reply