This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nwgy
Explorer
‎2025-01-30 08:11 AM

Exclusions on cmd.exe

We run a program called AutoIt that compiles scripts into .exe files. These files are often flagged as malware, and so in response we have added a file exclusion on cmd.exe that seems to have solved the problem. Will that exclusion then allow other sub-processes running off of cmd.exe to execute that may be nefarious?

If so, what is the best way to exclude these compiled scripts?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2025-01-30 08:43 AM

Unfortunately, I assume other malicious things that run under cmd.exe will also be excluded.
Have you confirmed these scripts show when running in Task Manager are running under cmd.exe?

0 Kudos
nwgy
Explorer
‎2025-01-30 10:59 AM
In response to PhoneBoy

When we didn't have the exclusion, the script (compiled) were blocked. With the exclusion, they run.

0 Kudos
lluner
Advisor
‎2025-01-30 09:26 AM

@nwgy 

It could show what the forensic blade is showing for us to try to make the exceptions ?

0 Kudos
nwgy
Explorer
‎2025-01-30 11:00 AM
In response to lluner

I am not sure what you mean?

 

0 Kudos
lluner
Advisor
‎2025-01-31 03:10 AM
In response to nwgy

@nwgy 

I'm asking for the logs to try to identify the folder or file so I can do the deletion and not do the deletion by the executable cmd.exe

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-31 01:04 PM
In response to lluner

And Forensics Blade should show you what the scripts are doing when they run.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events