Hello! Hopefully quick question for you guys. Recently we started using CylanceProtect as our AV service. Really like it, however, one of its functions is "Script Control" which monitors and blocks malicious scripts, including PowerShell.
Now, when we set up this AV, we made sure to exclude the Automate folders as per ConnectWise's recommendations. This allowed all LT based scripts to work. However, my issue is, when I enable the Cylance Script protection for Powershell, all of the Chocolatey for Labtech scripts fail.
So, I am basically trying to find out where does Chocolatey for Labtech store and execute its scripts from so I can try to figure out if I am missing an exclusion somewhere or if there is an issue with Cylance.
Thanks for your help!
Folder Exclusion
Re: Folder Exclusion
Here is where I would start. Chocolatey the framework may have several areas it fires off scripts from but try these first.
C:\windows\temp\
C:\programdata\chocolatey
C:\windows\temp\
C:\programdata\chocolatey
Re: Folder Exclusion
Thanks Cubert!
I did some testing with the folders you suggested. Whitelisting the following folders finally allowed the plugin to operate normally and I stopped getting blocked chocolatey scripts by our AV.
\ProgramData\chocolatey
\Windows\TEMP\chocolatey
\Windows\System32\config\systemprofile\AppData\Local
Again, thanks for your help!
I did some testing with the folders you suggested. Whitelisting the following folders finally allowed the plugin to operate normally and I stopped getting blocked chocolatey scripts by our AV.
\ProgramData\chocolatey
\Windows\TEMP\chocolatey
\Windows\System32\config\systemprofile\AppData\Local
Again, thanks for your help!