topic Re: Exclusions on cmd.exe in Endpoint

Exclusions on cmd.exe

nwgy — Thu, 30 Jan 2025 16:11:00 GMT

We run a program called AutoIt that compiles scripts into .exe files. These files are often flagged as malware, and so in response we have added a file exclusion on cmd.exe that seems to have solved the problem. Will that exclusion then allow other sub-processes running off of cmd.exe to execute that may be nefarious?

If so, what is the best way to exclude these compiled scripts?

Re: Exclusions on cmd.exe

PhoneBoy — Thu, 30 Jan 2025 16:43:16 GMT

Unfortunately, I assume other malicious things that run under cmd.exe will also be excluded.
Have you confirmed these scripts show when running in Task Manager are running under cmd.exe?

Re: Exclusions on cmd.exe

lluner — Thu, 30 Jan 2025 17:26:19 GMT

@nwgy

It could show what the forensic blade is showing for us to try to make the exceptions ?

Re: Exclusions on cmd.exe

nwgy — Thu, 30 Jan 2025 18:59:18 GMT

When we didn't have the exclusion, the script (compiled) were blocked. With the exclusion, they run.

Re: Exclusions on cmd.exe

nwgy — Thu, 30 Jan 2025 19:00:02 GMT

I am not sure what you mean?

Re: Exclusions on cmd.exe

lluner — Fri, 31 Jan 2025 11:10:01 GMT

@nwgy

I'm asking for the logs to try to identify the folder or file so I can do the deletion and not do the deletion by the executable cmd.exe

Re: Exclusions on cmd.exe

PhoneBoy — Fri, 31 Jan 2025 21:04:02 GMT

And Forensics Blade should show you what the scripts are doing when they run.