I am trying to create a way to detect the execution of PowerShell on some machines or even block it. I tried using detection and exclusion rules, but it still didn't work.
Hello @siabala,
You can add an exclusion in the Incidents → Blocklist as you have EDR license: Blocklist
Another option is to add a rule in the policy applied on the endpoints → Network Protection → Content Control → Application Blacklist: https://www.bitdefender.com/business/support/en/77209-342965-content-control.html#UUID-ff9908fb-3813-7315-9dcb-d9722fff87f3_section-idm63253901105470
If you still need assistance please reach out to our Enterprise Support team at https://www.bitdefender.com/business/support/en/71263-85158-contact.html
Kind Regards,
Andrei