Image: Getty Images/iStockphoto
Cybersecurity authorities from the US, the UK, and New Zealand have advised businesses and government agencies to properly configure Microsoft’s built-in Windows command-line tool, PowerShell – but not to remove it.
Defenders shouldn’t disable PowerShell, a scripting language, because it is a useful command-line interface for Windows that can help with forensics, incident response and automating desktop tasks, according to joint advice from the US spy service the National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), and the New Zealand and UK national cybersecurity centres.
It also lets admins automate security tasks on Microsoft’s Azure cloud platform. Users can, for example, write PowerShell commands to manage Microsoft’s Defender antivirus on Windows 10 and Windows 11.
So, what should defenders do? Remove PowerShell? Block it? Or just configure it?
“Cybersecurity authorities from the United States, New Zealand, and the United Kingdom recommend proper configuration and monitoring of PowerShell, as opposed to removing or disabling PowerShell entirely,” the agencies say.
“This will provide benefits from the security capabilities