1. Home
  2. Knowledge Base
  3. Rules
  4. How to run PowerShell scripts at Startup

It is important that PowerShell scripts designed to run at startup use the correct techniques so they are not detected as possible threats which use deceptive commands to bypass system security. This will require the creation of 2 separate files, a .CMD file and the normal powershell script with  .PS1 extension.

Create a startup.cmd file and enter the following lines:

PowerShell -Command “Set-ExecutionPolicy Unrestricted -Force” >> “%TEMP%\StartupLog.txt” 2>&1

PowerShell C:\Users\\Desktop\script.ps1 >> “%TEMP%\StartupLog.txt” 2>&1

PowerShell -Command “Set-ExecutionPolicy Restricted” >> “%TEMP%\StartupLog.txt” 2>&1

This will enable the PowerShell script to execute without using subversive commands used by fileless malware. The command file will enable the PowerShell to execute the script at the path specified and log the behavior to a log file. It will then set the policy back to restricted when complete.

Was this article helpful?

Related Articles