Cli PowerShell install triggered warning for InfoSec

A bit of feedback on the cli install. The install docs say to use the PowerShell script. While this works, it did trigger warnings with our InfoSec team who contacted me to ask what the command was and why I was installing it etc.

I wondered if there is an alternative way to install the Cli instead of PowerShell?

What’s in the PowerShell script? Can you paste a copy here?

Is it running PowerShell specific commands? Or just a bunch of exe’s\MSI commands?

Wouldn’t this potentially ring true about any installation method.

Usually installing exe’s on a corporate desktop would also be blocked.

On our corporate desktops, you can’t run scripts or install software.

It has to be packaged and installed centrally. Scripts have to be signed and the execution policy set (Although I do have admin rights as I work in IT, so I could bypass this :slight_smile: )

Too be truthful, I wouldn’t try to run this from my standard desktop. I have a development VM for that purpose where the rules are bit more relaxed (but segmented from most of the core network).

Anyway back to the original question, if you post a copy of the script, I can probably advise as I use PowerShell a lot.

I have admin rights / developer build (specific profile) and generally installs dont trigger warnings, but running PowerShell scripts does.

Could probably have used curl too but the point was more to provide feedback that it could trigger security etc.

I have this working myself now, after justifying my actions to infosec. But worth knowing for other users that may experience similar situations.

Mmmm, a script calling another script.

The main script doesn’t do much. It does make a web request to download the latest ZIP containing the exe, and then also sends a web request on completion.

All it does is extract the exe and then move it to AppData. It’s not an installer per se.

I can imagine that some users will fail before this step as the PowerShell execution policy if not set will block it.

On our corporate desktop. It will also fail as a normal user won’t have rights to copy the files to AppData as that is usually protected if you don’t have admin rights. (Intune or SCCM usually manages that aspect).

I’m also wondering if that executable is signed, as that would also get blocked on our system.

In relation to running PowerShell scripts, as PowerShell is just included in a base Win10 install, then monitoring any script execution sounds like a good policy (as it is a potential attack vector).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.