I’m in the process of setting some configurations for users using PowerShell via Microsoft Intune (Azure) on Windows 10 devices and containment is blocking the script from running.
On the whole, this is a good thing, however, i would like to be able to set these scripts to be trusted where possible. Unfortunately, the scripts are named randomly and are run under the ‘conhost.exe’ application, which i dont want to whitelist.
Has anyone experienced the same issues and found a way around it?
We thank you for bringing the observations of your test visible to support before performing other actions. We will create a support ticket for our Product Developers to get in tune with those scripts so we can specifically identify what needs to be excluded. Please check your mailbox at your convenience.
Hi @curatrix_pl
We plan to allow exclusions based on parent application. I am assuming in this case, the parent would be MS Intune app. It will take a couple of months for this to be released.
If you have any other suggestion, please feel free to point.
Best regards,
Ilker
As per the oroginal message, the Powershell scripts run under CONHOST.exe.
If it helps, scripts are placed in C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts on the client machine.
Hi @curatrix_pl ,
Ability to create containment rules based on parent process is available in ITSM. By browsing through ITSM Profiles > Containment section, you can create exclusion rules to allow scripts that are run by the applications you define. In addition, you can limit the analyzing of process chain up to any number.
Regards,
Can
thanks, haven’t seen the issues re-occur for a while now, so assuming the fix was made on Junes release.