I have a simple Question how can i block Windows Powershell commands like this:
I created a Firewall Policy where Source is my Test Client and moved Policy before Rule #1 and activated DPI + Application Control + selected Windows.Powershell Action block in the Application Control Profile. What did i do wrong? When i visit the website "https://raw.githubusercontent.com/itm4n/PrivescCheck/master/PrivescCheck.ps1" manually with the browser I see that i have the fortigate ssl cert instead of the github one.
Also in FortiAnalyzer the log tells me that traffic toraw.githubusercontent.comgoes via my newly created policy. Under Application in the log there is only the application HTTP.BROWSER but not Powershell.
I suspect that you get FortiGate deep inspection default certificate, since the traffic was blocked by FortiGate and replacement message was generated using FortiGate deep inspection default certificate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.