Audit and block PowerShell scripts on Windows.
PowerShell Protect is now open source, licensed under GPL and free.
Configure PowerShell Protect without writing any XML. Take advantage of the PSProtect configuration cmdlets.
Use the configurable rule system to filter which PowerShell executions are logged or blocked.
Build rules using PowerShell cmdlets to easily define which scripts are logged or blocked.
Take advantage of zero-configuration built-in rules to detect suspicious behavior such as AMSI bypasses, Mimikatz usage, and low-level C# class usage.
Deploy PowerShell Protect configurations as a single XML document via Group Policy or the file system.
Install the PowerShell Protect AMSI provider with a single PowerShell command.
Track script executions using various output methods.
Send HTTP requests to remote systems, such as PowerShell Universal, for additional analysis.
Log to a file locally for evaluation by local processes.
Send over TCP or UDP messages to your SIEM or other services.
Blocked scripts are automatically logged to the Event Log without the need for configuration
Take advantage of customer formatting for audit logs to match whatever system you are sending data to.
Block scripts from executing at all based on rules or default protections.
Block suspicious behavior without having to configure PowerShell Protect at all.
Block scripts based on rules defined with the PowerShell Protect configuration system.