About the subject in this message, I would like to ask you if: Do we have some news about “Switch to Disable Powershell Base64 encoding”? or the only method we have now is enabling the scriptblock logging on newer versions of PowerShell to log the decoded format of “-EncodedCommand” as well explained into this close RFE purpose?
Maybe some new feature since this RFE purpose was available and I’m missing it.
Did anyone have missed a feature like this and was able to workaround it by some other way? We are getting jobs stopped by the corporate security tool because of the encoded content when automating Windows environment.
There is no plans or action to remove this, using ‘-EncodedCommand’ is a valid argument in PowerShell and is used to avoid dealing with quote escaping hell when it comes to embedded quotes inside the actual script as well as newlines. If you are concerned about not knowing what those commands are then PowerShell’s implementation to counteract that is scriptblock logging as it logs the actual scriptblock we are encoded into the event log for anyone to read.
We are getting jobs stopped by the corporate security tool because of the encoded content when automating Windows environment.
There’s not much we can do about that, in my opinions tools that just block invocations of PowerShell that use ‘-EncodedCommand’ are just being lazy and all it ultimately achieves is frustration when people try to use builtin features to run PowerShell commands. As mentioned in the PR if you were to use the psrp connection plugin you could avoid the general ‘-EncodedCommand’ invocation we use for the first command but there will still be other times when we use ‘-EncodedCommand’ so it’s not a catch all.
The reality is that Ansible is used to remotely run commands in an administrative sense, some anti virus tools might flag Ansible’s behaviour because it sees it as a virus. There’s not much we can do to stop this short of having some agent that listens and runs the commands and that goes against one of the primary tenants of Ansible, agentless connections.