Script Execution File Example

In this example we are creating a policy to deny running a batch or ps1 file, which the policy targets through a secondary file filter.

This example is for a Windows endpoint, but the policy can be created in the same way for a macOS system.

Creating the Policy

  1. Navigate to Computer Groups | Windows Computers.

  2. Select Application Policies.

  3. Click Create Policy.

  4. In the policy wizard select Controlling, click Next Step.

  5. In the policy wizard select Block, click Next Step.

  6. In the policy wizard select Notify and Block, click Next Step.

  7. In the policy wizard select Script, click Next Step.

  8. In the policy wizard select File Upload.

    1. On the Upload a File modal, Click Choose File.

      upload

    2. Select the file(s) you wish to be targeted. For this example we are first uploading a test.bat and then test.ps1 file. You need to run through the upload and manage application steps twice, once for each file you are uploading.

    3. Click Upload File.

    4. On the Manage Application dialog, check File Name.

      manage app

      Select more details like the File Path or the Hash, if you want to make this policy more specific.

    5. Click Create Filter.

      filter

    6. Click Next Step.

  9. On the Finalize the Policy page, enter a name for your new policy. The policy will be created with a default priority of 10, since it is a deny and notify policy.

    create

  10. Click Create Policy.

The policy wizard added based on the selected file uploads and the file inventory that was executed 4 types of application targets:

  • Command Processor (cmd.exe)
  • Powershell (powershell.exe)
  • Scripting Host (cscript.exe)
  • Scripting Host (wscript.exe)

A secondary file filter was added under Inclusions, identifying two specific file filters for the test.bat and test.ps1 files.

Verifying the Policy Works

  1. Add a test.bat file with a simple Hello World command to your system.

    1. Create a new text file and add

      Copy 
      ECHO OFF
      ECHO Hello WorldPAUSE

    2. Save the file as test.bat.

  2. With your policy set to active, double-click the test.bat file.

    active policy

    The policy triggers the specified message action:

    deny msg

  3. With your policy set to inactive, verify via Agent Utility that the update was received and the policy was removed:

    agent

  4. Double-click the test.bat file.

    hello world

    The batch file is executed and Hello World is printed to the cmd.exe output window.