Thanks for the input.
Will start labbing soon, I do notice there are quite a numbers of articles shared
e.g
https://www.symantec.com/connect/articles/preventing-powershell-running-office
https://www.symantec.com/connect/articles/block-and-detect-advanced-threats-using-symantec-application-control-rules
Just curious, is there any big different if we block generic (powershell_ise.exe & powershell.exe) compared like sample in links mentioned?
broader coverage but more false positive? for strict environment this would be good right?