我正在运行一个PowerShell脚本,通过DevOps发布管道挂载Azure存储帐户fileshare,该脚本应该在目标机器上创建一个计划作业。
脚本运行正常Fileshare正在被挂载但是Azure安全中心将整个脚本标记为可疑的powershell脚本.
$user = '`"localhosttestuser`"'
$fileShare = '`"testsa.file.core.windows.net`"'
$Secret = ConvertTo-SecureString $(SAKey) -AsPlainText -Force
Write-Host "Adding Testuser2 SA to Admin group"
Add-LocalGroupMember -Group "Administrators" -Member "DomainTestuser2"
$action = New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument '-NoProfile -WindowStyle Hidden -command "& {$connectTestResult = Test-NetConnection -ComputerName testsa.file.core.windows.net -Port 445
if ($connectTestResult.TcpTestSucceeded)
{
# Save the password so the drive will persist on reboot
cmd.exe /C "cmdkey /add:$fileShare /user:$user /pass:$Secret
}
else
{
Write-Error -Message "Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port."
}}"'
$time = Get-Date
$trigger = New-ScheduledTaskTrigger -Once -At $time.AddMinutes(1)
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "AddFileShare" -Description "Add file share for replication" -User "DomainTestuser2" -Password "$(Testuser2Password)" -RunLevel Highest -Force
Write-Host "Waiting for 70s"
Start-Sleep -Seconds 70
Write-Host "Removing Testuser2 SA from Admin group"
Remove-LocalGroupMember -Group "Administrators" -Member "DomainTestuser2"
可能是什么原因或者我应该做什么更改来使它不被标记为可疑脚本,而且我不想在Azure安全中心创建一个抑制规则来抑制此警报。
如果有人回到这个
我不得不将Task schedulers参数更改为更小的代码块,并且不再出现安全警报。