Process Lasso as a security software

[arcanum]

Hello,
Is it possible to block, something like powershell.exe, wscript.exe etc,so called lolbins via PL?
I've done local group policy rule, something like this:
%LSYSTEMDRIVE%\*\*.vbs
Which should prevent any vbs running systemwide, however i don't trust it(it can be reversed by a malware).
So it there a way in PL to block powershell.exe

[jacksoris]

You can use path rules if you want more control, though this is slightly less secure than publisher/file hash rules.

Code Select Expand

<Rule>
  <FileNameCondition>powershell.exe</FileNameCondition>
  <Action>DENY</Action>
</Rule>Or you can deny specific paths like:

Code Select Expand

<PathRule Action="Deny">
  <Path Condition="Equals" Value="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"/>
</PathRule>