Getting Started

Getting started with PowerShell Protect.

PowerShell Protect can be installed from the PowerShell Gallery.

Install-Module PowerShellProtect

To install the AMSI provider that is used to audit and block scripts, you will need to run the following command.

This command needs to be run as administrator.

$Configuration = New-PSPConfiguration 
Set-PSPConfiguration -Configuration $Configuration -FileSystem -License '<myLicense>'

Once installed, the Default Rules will be enabled. You can also enable additional rules using the PowerShell Protect configuration cmdlets.

A license is required to configure your own rules. The built-in rules can be used for free without a license.

For example, this configuration will block and audit any script that contains a command with webrequest in the name.

$Condition = New-PSPCondition -Property "command" -contains -Value "webrequest"
$BlockAction = New-PSPAction -Block
$FileAction = New-PSPAction -File -Format "{applicationName},{rule}" -Path "%temp%\audit.csv" -Name 'File'
$Rule = New-PSPRule -Name "Web Request" -Condition $Condition -Action @($BlockAction, $FileAction)

$Configuration = New-PSPConfiguration -Rule $Rule -Action @($BlockAction, $FileAction)
Set-PSPConfiguration -Configuration $Configuration -FileSystem -License '<myLicense>'

Last updated