Re: Exclusions on cmd.exe

nwgy · ‎2025-01-30

We run a program called AutoIt that compiles scripts into .exe files. These files are often flagged as malware, and so in response we have added a file exclusion on cmd.exe that seems to have solved the problem. Will that exclusion then allow other sub-processes running off of cmd.exe to execute that may be nefarious?

If so, what is the best way to exclude these compiled scripts?

PhoneBoy · ‎2025-01-30

Unfortunately, I assume other malicious things that run under cmd.exe will also be excluded.
Have you confirmed these scripts show when running in Task Manager are running under cmd.exe?

nwgy · ‎2025-01-30

When we didn't have the exclusion, the script (compiled) were blocked. With the exclusion, they run.

lluner · ‎2025-01-30

@nwgy

It could show what the forensic blade is showing for us to try to make the exceptions ?

nwgy · ‎2025-01-30

I am not sure what you mean?

lluner · ‎2025-01-31

@nwgy

I'm asking for the logs to try to identify the folder or file so I can do the deletion and not do the deletion by the executable cmd.exe

PhoneBoy · ‎2025-01-31

And Forensics Blade should show you what the scripts are doing when they run.

Are you a member of CheckMates?

Exclusions on cmd.exe