powershellProtection Object
The powershellProtection object contains the basic details of the Fileless Protection settings in a sensor policy, including:
Field |
Type |
Description |
---|---|---|
enabled |
Boolean |
Indicates whether Fileless Protection is enabled for the sensors assigned to this policy. |
downloadExecute |
Enum |
Indicates the mode to use to detect and prevent downloaded payloads. Possible values include:
|
maliciousDownloads |
Enum |
Indicates the mode to use to detect and prevent the execution of malicious content from memory. Possible values include:
|
urlAndDomainExclusions |
Array |
An object containing a list of domain name exclusions from the downloadExecute and maliciousDownloads options. If you do not want to add any exclusions, leave this array empty. |
file |
String |
The domain or URL to exclude. |
modifiedBy |
String |
The Cybereason user name for the user creating the policy. |
lastModified |
Long |
The time (in milliseconds) when you create the policy. |
scriptAnalysis |
Enum |
Indicates the mode to use to detect and prevent malicious content from downloaded scripts. Possible values include:
|
patternExclusions |
Array |
A list of patterns to exclude from script analysis. If you do not want to exclude any patterns, leave this array empty. |
file |
String |
The pattern to exclude. For details on how to find the pattern, see Exclude patterns from Fileless Protection. |
modifiedBy |
String |
The Cybereason user name for the user creating the policy. |
lastModified |
Long |
The time (in milliseconds) when you create the policy. |
floatingLoadedModules |
Enum |
Indicates the mode to use to detect and prevent the use of floating modules. Possible values include:
|
file |
String |
The module name to exclude. |
modifiedBy |
String |
The Cybereason user name for the user creating the policy. |
lastModified |
Long |
The time (in milliseconds) when you create the policy. |
moduleExclusions |
Array |
A list of modules to exclude from detection and prevention of malicious floating modules. If you do not want to exclude any patterns, leave this array empty. |
dotNetToJScript |
Enum |
Indicates the mode to use to detect and prevent the use of the .NET to JScript technique. Possible values include:
|
processExclusions |
Array |
A list of processes to exclude from fileless protection. If you do not want to exclude any processes, leave this array empty. |
file |
String |
The name of the process to exclude. |
modifiedBy |
String |
The Cybereason user name for the user creating the policy. |
lastModified |
Long |
The time (in milliseconds) when you create the policy. |
dotNetEnabled |
Boolean |
Indicates whether to use the .NET module as part of fileless protection. |
amsiEnabled |
Boolean |
Indicates whether to use the AMSI module as part of fileless protection. |