7. PowerShell *.ps1 allowed exeution + TAM enabled

#672 PowerShell *.ps1 allowed exeution + TAM enabled

  • Rejected

    , last edited by Jarvis

    Reproduction steps:

    0.- Enable TAM.

    1.- Run the following ps1 script file Hello World.ps1:

    Write-Host "Hello World"
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

    Actual result:

    KTS2020 moves it to Low Restricted group and allows execution.

    Screen-shot: https://cloud.qainfo.ru/s/7b80TMnGolxXW7V

    Expected Result:

    Script ps1 files should be blocked by TAM upon execution. I also reported this issue in previous beta testing and it was fixed... unless the policy to execute ps1 scripts had change?

    System Settings

    Operating system: Win 10, x64

    System: AMD Athlon II X3 450 @ 3'20Gh, 8GB RAM DDR3, AMD Radeon HD 5670, SSD Samsung pro 850 256GB

    Product: KTS

    Product Version: 20.0.0.+

    Language: en-US

    Product Logs: https://cloud.qainfo.ru/s/5q7XetZseJN1IbZ

  • D

    Hello, @harlan4096 ! 

    Please run this scenario:

    0 - will be great, if you have clean virtual PC and can install product "for the first time"

    1 - be sure you have not PS scripts on your desktop (in any folders of desktop, or in "documents") 

    2 - enable TAM 

    3 - get your PS script file in ZIP or RAR archive after TAM finish analyze 

    4 - try to start file with Power Shell

    So it should be blocked.  

    There are some cases, when TAM think you trust app or file, so he doesn't go to server to check privileges — just moves it to "light restriction" automatically. 

  • I just installed new build KTS2020 b713 and enabled TAM, this time I created the ps1 script file after TAM analysis and ran it, and this time the .ps1 script was moved to Low Restricted but blocked upon execution by TAM!

    Thanks!

Looks like your connection to Beta Testing was lost, please wait while we try to reconnect.