Monitor Script-Based Applications

Applies To: WatchGuard Advanced Reporting Tool

Script-based applications are legitimate software that hackers might use for malicious actions. It is important to know who uses these applications, and when and where they use them. These applications can include PowerShell, Linux shell, and the Windows cmd shell.

To see script-based applications, from the WatchGuard EPDR or WatchGuard EDR web UI:

  1. From the top navigation bar, select Status.
  2. From the left pane, select Advanced Visualization Tool.
    A new browser tab opens.
  3. From the left pane, select Advanced Reporting > Application Control.
  4. Select the date range for the data you want to see.

Screen shot of Advanced Visualization Tool date selector

  1. Click Refresh.
    The dashboard shows information for the time period selected.
  2. Select Special Applications & Tools tab.

Screen shot of Advanced Visualization Tool, ART > Special Applications and Tools

  1. To determine who uses scripting applications, and when and where they use them, review the Scripting Applications Executed and Scripting Applications Executed by Machine and User tiles.

See Also

Monitor Remote Access Applications

Monitor Unwanted Freeware