Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?

Or sign in with one of these services
Sign Up

Browse
- Forums
- Staff
- Online Users
- More
Activity
WeLiveSecurity
Virus Radar
ESET Technologies
Downloads
More
- More

Search In

Everywhere
Topics
This Forum
This Topic
More options...

Find results that contain...

All of my search term words
Any of my search term words

Find results in...

Content titles and body
Content titles only

General Discussion

PowerShell Scriptblock Logging

JosephKing

By JosephKing,
April 29 in General Discussion

Share

Recommended Posts

JosephKing

JosephKing 1

Posted April 29

- Share

Posted April 29

I wanted to share some resources about PowerShell logs for anyone unfamiliar with enabling Scriptblock logging.

Run>gpedit.msc. > User Configuration\Administrative Templates\Windows Components\Windows Powershell\Turn on Powershell Script Block Logging,Transcription

https://nsfocusglobal.com/Attack-and-Defense-Around-PowerShell-Event-Logging/#:~:text=1 EID 400: The engine status is changed,status is changed from Available to Stopped.

https://adamtheautomator.com/powershell-logging-2/
https://github.com/littl3field

Quote

Link to comment

Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest

Reply to this topic...

× Pasted as rich text. Paste as plain text instead

Only 75 emoji are allowed.

× Your link has been automatically embedded. Display as a link instead

× Your previous content has been restored. Clear editor

× You cannot paste images directly. Upload or insert images from URL.

Insert image from URL

×

Go to topic listing

Recently Browsing 0 members
- No registered users viewing this page.

FAQ

How do I report a false positive or whitelist my software with ESET?

How to submit Suspicious file to ESET Research Lab via program GUI.

How do I create a Process Monitor file?

How do I use ESET Log Collector?
Topics
- 2
  
  Configuration of Apache HTTP Proxy as a reverse proxy for remote clients
  
  By User 999
  Started 5 hours ago
  
  12 minutes ago, User 999
- 1
  
  PC got restarted over and over again when I download the games in Steam
  
  By coltlau
  Started 3 hours ago
  
  39 minutes ago, Marcos
- 1
  
  Encrypted virus files cannot be detected by intelligent scanning, and can only be detected manually
  
  By Guest esafenet
  Started 2 hours ago
  
  43 minutes ago, Marcos
- 0
  
  Working with conditions in rules - XDR/EDR
  
  By Ted Join
  Started 1 hour ago
  
  1 hour ago, Ted Join
- 5
  
  hxxp://survey-smiles.com blocked but not cleaned
  
  By Omar_infocersrl
  Started 22 hours ago
  
  3 hours ago, Omar_infocersrl

×

Browse
- Back
- Forums
- Staff
- Online Users
Activity
- Back
- All Activity
- My Activity Streams
  - Back
  - New content
- New content
- Leaderboard
- Search
WeLiveSecurity
Virus Radar
ESET Technologies
Downloads

×

Create New...