Forum Discussion

HWill's avatar
HWill
Copper Contributor
Feb 22, 2024

Live Response run powershell fails despite "Allow Unsigned Script" being set to true

 

Whilst testing the Live Response capabilities, and attempting to run a powershell script, it fails with the below error.

 

 

Transcript started, output file is C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{29B2082F-63D2-4883-9645-4047F7896CD2}.txt


Errors:
. : File C:\ProgramData\Microsoft\Windows Defender Advanced Threat 
Protection\Downloads\PSScript_{17A7411E-63D2-4883-9645-4047F7896CD2}.ps1 cannot be loaded. The file 
C:\ProgramData\Microsoft\Windows Defender Advanced Threat 
Protection\Downloads\PSScript_{17A7411E-63D2-4883-9645-4047F7896CD2}.ps1 is not digitally signed. You cannot run this 
script on the current system. For more information about running scripts and setting execution policy, see 
about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:847
+ ... D2}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threa ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

 

 

The execution policy on devices requires powershell scripts to be signed, but I assume this would be bypassed as the below option is set to true? 

Enables using unsigned PowerShell scripts in Live Response.

 

No RepliesBe the first to reply

Resources