05-25-2025 05:57 AM
Hi Team -
I've created a Legacy Agent Exception Rule to prevent the Behavioral Threat Protection component from blocking a specific (and legitimate) .ps1 file on my network (within a specific user profile), but Cortex keeps blocking the script.
The command line in the alert is:
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-file" " C:\Temp\ScriptName.ps1 "
The exclusion rule was created as follows:
Platform: Windows
Module: Behavioral Threat Protection
Here are the options I've tried under Target Properties → Files / Folders in allow list:
Prevention information:
05-27-2025 02:28 AM
Hello @L.Shmarya ,
For BTP alerts related to powershell you need to reach out to Tech Support and get SUEX from them.
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
