Microsoft’s PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it becasue PowerShell is powerful, available almost everywhere, and doesn’t look out of place running on a company network.
In most places it isn’t practical to block PowerShell completely, which raises the question:
Windows AppLocker is a feature that was introduced in Windows 7 and Windows Server 2008 R2 as a means to limit the use of unwanted applications. AppLocker provides administrators with the ability to specify which users can run specific applications. AppLocker was designed to replace the Software Restriction Policies feature. It is considered a potentially po