Help CenterOverview
ThreatLocker denies PsScriptPolicyTest scripts (scripts that Microsoft will run to determine if there is a Whitelisting solution present in the environment) quietly in the background without logging in the Unified Audit to improve the user experience and decrease white noise in the Unified Audit log.
When PsScriptPolicyTest scripts get denied, it forces PowerShell into ConstrainedLanguage Mode. ConstrainedLanguage Mode only allows basic language elements and as a result, reduces the available attack surface.
Known Error
In a scenario where an extension attached to PowerShell requires PowerShell to be in FullLanguage Mode, the PsScriptPolicyTest scripts deny prompts ConstrainedLanguage Mode and causes the launch to fail with the error shown in the image below.
ThreatLocker Recommendation
To resolve this error, administrators should enable the "PermitPsScript" option for the organization.
For more information about enabling options for your organization, please see our related Knowledge Base article: https://threatlocker.kb.help/options-tab-choices-and-descriptions-for-the-computers-page-the-computer-groups-page-and-the-entire-organization-page/
Additional Resources
For more information about PowerShell Language Modes, please see the Microsoft article: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes?view=powershell-7.4