Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Live Response run powershell fails despite "Allow Unsigned Script" being set to true

Copper Contributor

 

Whilst testing the Live Response capabilities, and attempting to run a powershell script, it fails with the below error.

 

 

Transcript started, output file is C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs\PSScript_Transcript_{29B2082F-63D2-4883-9645-4047F7896CD2}.txt


Errors:
. : File C:\ProgramData\Microsoft\Windows Defender Advanced Threat 
Protection\Downloads\PSScript_{17A7411E-63D2-4883-9645-4047F7896CD2}.ps1 cannot be loaded. The file 
C:\ProgramData\Microsoft\Windows Defender Advanced Threat 
Protection\Downloads\PSScript_{17A7411E-63D2-4883-9645-4047F7896CD2}.ps1 is not digitally signed. You cannot run this 
script on the current system. For more information about running scripts and setting execution policy, see 
about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:847
+ ... D2}.txt'; . 'C:\ProgramData\Microsoft\Windows Defender Advanced Threa ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

 

 

The execution policy on devices requires powershell scripts to be signed, but I assume this would be bypassed as the below option is set to true? 

Enables using unsigned PowerShell scripts in Live Response.

 

0 Replies