CMD Watcher Updated
I've gotten several good feedback regarding CMD Watcher so I'm releasing a new update with these changes. Big thanks to @James_inthe_Box and @ledtech3 for the ideas.
This new version monitors both cmd.exe and powershell.exe and you have the option to kill either or both processes.
Now let's try this on some live malscripts to see what this app can do!
Here's one that produces a DOSfuscated CMD command. Getting this script without having to debug the VBA macro is already helpful. Notice that both cmd.exe and powershell.exe processes are getting killed.
What if I allow cmd.exe to run but have it kill only powershell.exe. The results are better. The CMD script is passed over to PowerShell process already deobfuscated.
You can get this version on the Tools page.