iSID Analyst Knowledge Base

Definitions, and additional context on iSID alerts along with helpful recommendations

Category: malware-other

( 1 Alerts)

MALWARE-OTHER PowerShell invocation with ExecutionPolicy Bypass attempt

This Snort rule searches for HTTP traffic, specifically looking for PowerShell commands utilizing "ExecutionPolicy Bypass". It could indicate an attempt to execute malicious scripts or commands bypassing security policies. When this activity is detected based on the specified conditions, an alert will be generated.