Did the Power Rule for Privilege Management for Windows become obsolete with the introduction of the Application Rule filter option?

Absolutely not. Power Rules are indeed more powerful that what is documented and brings many more options, to cover a “lack” of functions or new innovation.

I frequently encounter scenarios where customers struggle to capture batch files, registry files, or other unusual launches that show up in our analytics from client machines they can’t access.

To address this, I developed a PowerShell script to be used as a Power Rule. My objective was to collect these uncommon `.bat`, `.cmd`, `.ps1`, `.reg`, and `.vbs` files which may pose unknown threats or conflict with software restriction policies etc.

In the script, I defined the target file extensions and used:

Get-PRVariable -Name "PG_PROG_PATH"

to retrieve the file and path. If the file matched one of the specified extensions and was under 200KB, the script would initiate its workload.

The workload involved connecting to an FTP server and uploading the file—provided it met the criteria. To avoid duplicates, I added a check to compare the file name and its SHA256 checksum before uploading.

This has help me and some of our customers getting hands-on some of these usually unreachable files to investigate them.

I hope this example inspires others to explore the true potential of Power Rules. If you think you're missing functionality—chances are, Power Rules can help you build it.

feel free to reach out.