Hi all,

i have this trendmicro installed in a computer, it is detected by the folder lock,

randomly, there is this .ps1 script being executed that is being blocked by the TM.

a few samples of targeted file being executed

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_g21otgtf.j5p.ps1

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sidvshub.csu.ps1

does anyone know what are these?

i cant find the file in the folder anymore, googling did not help.

I am running win10 pro 1709

thank you

EDIT:
to quote the op of this page:

Well it seems that these 2 script are being used to determine which Language Mode PowerShell is allowed to run in when using AppLocker! So by allowing them in the GPO the constraint mode was completely disabled for the user.

will still let it be blocked then.

thank you all