PowerShell *.ps1 allowed exeution + TAM enabled

harlan4096

<p><strong>Reproduction steps:</strong></p>
<p><span>0.- Enable TAM.</span></p>
<p><span>1.- Run the following ps1 script file Hello World.ps1:</span></p>
<pre class="language-clike"><code>Write-Host "Hello World"
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")</code></pre>
<p><strong></strong></p>
<p><strong>Actual result:</strong></p>
<p><span>KTS2020 moves it to Low Restricted group and allows execution.</span></p>
<p><span>Screen-shot: https://cloud.qainfo.ru/s/7b80TMnGolxXW7V</span></p>
<p><strong></strong></p>
<p><strong>Expected Result:</strong></p>
<p>Script ps1 files should be blocked by TAM upon execution. I also reported this issue in previous beta testing and it was fixed... unless the policy to execute ps1 scripts had change?</p>

Dmitriy.Pisarets

<p>Hello, @<strong><a href="/user/harlan4096" target="_blank" rel="noopener" data-username="harlan4096" data-uid="58">harlan4096</a> !</strong> </p>
<p>Please run this scenario:</p>
<p>0 - will be great, if you have clean virtual PC and can install product "for the first time"</p>
<p>1 - be sure you have not PS scripts on your desktop (in any folders of desktop, or in "documents") </p>
<p>2 - enable TAM </p>
<p>3 - get your PS script file in ZIP or RAR archive <span style="text-decoration: underline;">after</span> TAM finish analyze </p>
<p>4 - try to start file with Power Shell</p>
<p>So it should be blocked.  </p>
<p></p>
<p>There are some cases, when TAM think you trust app or file, so he doesn't go to server to check privileges — just moves it to "light restriction" automatically. </p>

harlan4096

<p>I just installed new build KTS2020 b713 and enabled TAM, this time I created the ps1 script file after TAM analysis and ran it, and this time the .ps1 script was moved to Low Restricted but blocked upon execution by TAM!</p>
<p>Thanks!</p>