I have a powershell script that runs as part of an installshield installer on a machine with Windows 10. Powershell version (Major: 5, Minor: 1, Build 17134, Revision 112). Dev machine (where everything works fine) (Major: 5, Minor: 1, Build 15063, Revision 1155)
Basically, a .bat script runs an encoded powershell command, but it is not executing, I simplified it down to a simple script to show what I am talking about:
Powershell Script:
$text="Write-Output Hello"
$encoded=[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($text))
Write-Output "Trying encoded command:"
powershell -EncodedCommand $encoded
Write-Output "Trying not encoded command:"
powershell $text
This is the output:
Trying encoded command:
Trying not encoded command:
Hello
I also added a decoded statement to do an additional check:
$decoded = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($encoded))
Write-Output "Decoded:"
Write-Output $decoded
Output:
Trying encoded command:
Trying not encoded command:
Hello
Decoded:
Write-Output Hello
The execution policy is set to "Bypass", i'm just wondering if there is something in the windows registry/settings/security/group policies/etc. that will block encoded commands like this? Why does it work in plain text but not encoded? Could the Powershell version have anything to do with it?
Turns out there was a block from the AV on encoded commands. Thank you @TessellatingHeckler