CFW and PowerShell Scripts

Nis · February 14, 2025, 3:51am

CFW has been reporting this powershell script to me for a few days now:

-ExecutionPolicy Restricted -Command 
                    $Res = 0
                    [UInt64]$MinDiskSpaceThreshold = 20 * 1024 * 1024 * 1024

                    try {
                        $SystemDrive = (Get-CimInstance Win32_OperatingSystem).SystemDrive

I don’t understand what it is, but from what I understand, I think what’s putting CFW on alert is the string -ExecutionPolicy Restricted -Command that would like to bypass the restriction set on Powershell.
In fact, trying running the command:

powershell -ExecutionPolicy Restricted -Command "get-process"

Which I found in a site talking about Poweshell’s restrictive policy, I saw that it immediately triggers CFW containment.

So what should I do, either approve the execution of this script, or put it on blocked? For the time being I just ignored it, but without creating a rule for it.

New_Style_xd · February 14, 2025, 1:29pm

Hello, good morning!
I’m having the same problem. As the image below shows, it only says that mine has more scripts.

I even commented on other topics about the problem.
It’s happening because of Windows telemetry.

But until now I don’t know what to do.

New_Style_xd · February 14, 2025, 1:32pm

If you look at one of the posts I made, it says that it is blocked but the file is trusted, which is what I can’t understand, they already told me to mark it as trusted, but it is marked as trusted, even so the CIS blocks it and generates the script.