Security News > 2022 > June > Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ

Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
2022-06-23 07:58

Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks.

Instead, the agencies recommend securing PowerShell prudently.

"PowerShell is essential to secure the Windows operating system," the agencies argue.

"Removing or improperly restricting PowerShell would prevent administrators and defenders from utilizing PowerShell to assist with system maintenance, forensics, automation, and security."

The document's first recommendation is ensuring use of PowerShell 7.2, because it improves on the previous version 5.x that shipped with some editions of Windows 10.

Enabling Deep Script Block Logging, Module Logging, and Over-the-Shoulder - three useful logging tools that can help to detect abuses of PowerShell.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/23/keep_poewrshell_security_advice/