I need a solution
Scenario:-
Need to detect and block *powershell.exe launch process attempt from office documents (winword.exe, excel.exe, powerpnt.exe..etc). Now, is there a way to provide exception to few genuine business cases while blocking all others.
For instance, allow execution of powershell scripts "D:\Script_directory\script.ps1" OR "\\file-share\script.ps1 called from Office docs.
Attached sample policy for which exception need to be added in place.
0