Recently we have seen fileless malware come up on some endpoints. PowerShell is launching a script that loads a text file, that spawns a remote connection back to an attacker.
I understand the Evasion Shield is supposed to detect this. Is there a way we can block PowerShell scripts with Webroot, or even better, where we can be alerted if a PowerShell script launches, or can we block it, etc?
Currently there is no way to be alerted automatically if there has been a block of a Powershell script. I’ve no idea why Webroot/OpenText is taking so damn long on this simple thing (very frustrating).
Also, the blocking of powershell and scripts in general isn’t that great and if you don’t need Powershell in your environment, it’s best to simply turn it all off.
Hope this helps