Home

Blacklisted Commands

Blacklisted commands are commands that may impact your assets or the Cloud Agent functionality, if used in a script. If your script contains blacklisted commands, you will be notified about the blacklisted command while reviewing the script.

Following is a list of blacklisted commands for your reference:

Linux

Shell

rm,dd,mkfs,> /dev/sd,> /dev/hd,mv,wget,find,useradd,cp,chmod,kill,fdisk,chown,umask,shutdown,reboot,mount,unmount,killall,touch,chattr,:(){:|:&};:,mkfs.ext3 /dev/sd,dd if=/dev/random of=/dev/sd,mv / /dev/null,gunzip,untar,at,curl,sudo,ln,apt-get,yum,sh,iptables,rpm -V,rpm -verify,pwck,stat,du,service --status-all,lsof,getent,df

 

Lua

os.remove,os.rename,wget,string.find,cp,os.shutdown(),os.reboot(),lua

 

Perl

rm,move,get,File::Find,copy,chmod,kill,kill(),chown,umask,shutdown,reboot,open,symlink,ppm,perl

 

Python

os.remove,os.rmdir,shutil.rmtree,shutil.move,wget.download,find,os.walk,useradd,shutil copy,os.chmod,os.kill,os.chown,shutil.chown,os.umask,shutdown,reboot,open,pycurl.Curl,os.symlink,pip,pip3,python,python3

 

Windows

Python

os.remove,os.rmdir,shutil.rmtree,shutil.move,wget.download,find,os.walk,useradd,shutil copy,os.chmod,os.kill,os.chown,shutil.chown,os.umask,shutdown,reboot,open,pycurl.Curl,os.symlink,pip,pip3,python,python3

 

Powershell

del, erase, rd,ri,rm,rmdir,Remove-Item,mv,move,mi,Move-Item,wget,Invoke-WebRequest,Get-Item,Get-ChildItem,new-localuser,new-aduser, copy,cp,cpi,Copy-Item,cacls,icacls,set-acl,kill,taskkill,Stop-Process,New-Partition,icacls,takeown,set-acl,shutdown, stop-computer,restart,shutdown /r,restart-computer,mount,mount-DiskImage,New-PSDrive,Dismount-DiskImage,get-process | stop-process,ni,New-Item, attrib,%0|%0,Expand-Archive,New-ScheduledTask,curl,Invoke-WebRequest,Invoke-RestMethod,runas,./script.ps1,powershell script.ps1,netsh firewall,netsh advfirewall,icacls,Get-Service

 

VBScript

DeleteFolder, DeleteFile, MoveFolder, MoveFile, get, CopyFolder, CopyFile, cacls, taskkill, icacls, takeown, shutdown, CreateTextFile, attrib, WScript, CScript