Discovery Powershell script blocked by CyclancePROTECT endpoint security


Description

The test credentials of windows server is fails with below error: 

PowerConsole session was lost while executing command: function SNC-Decode-Command { param( [Parameter(Mandatory=$true)] [string]$encodedCommand ); return [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encodedCommand)) }


The windows classification input payload contains below messages in the output tag.

"CylancePROTECT Script Control has blocked access to this PowerShell script."


Cause

The CylancePROTECT is an endpoint security software which is blocking Powershell script to run.  Depending on the policy set for script control (alert or block), the CylancePROTECT agent will allow or block the execution of script.

Resolution

The customer to engage their End point security team and ask them to unblock PowerShell script control in CylancePROTECT.