我正在编写Pester测试以验证Windows计算机的配置。我需要的其中一项测试是验证PowerShell AMSI是否正常工作。
有一个AMSI测试字符串可用于验证该功能。我创建了以下测试。
It '"Antimalware Scan Interface" is working' {
# AMSI test string 'AMSI Test Sample: 7e72c3ce-861b-4339-8740-0ac1484c1386'
# (in the following as an obfuscated string)
# must throw an error if executed (blocked by AMSI)
$TestString = "FHJ+YHoTZ1ZARxNgUl5DX1YJEwRWBAFQAFBWHgsFAlEeBwAACh4LBAcDHgNSUAIHCwdQAgALBRQ="
$Bytes = [Convert]::FromBase64String($TestString)
$String = -join ($bytes | ForEach-Object { [char]($_ -bxor 0x33)})
{ Invoke-Expression -Command $String } | Should Throw
}
如果我运行测试,AMSI运行良好,没有执行完整的Context块,即测试未执行且未报告成功。
我收到"Error occurred in Context block" In Filename.Tests.ps1:420 Character:36 + Context 'Configure PowerShell' { + ~ The Script contains malicious data and was blocked by anti malware.(翻译文本。原文可能略有不同。)
相反,错误,我想要执行上下文并返回"测试成功"抛出错误。
我有什么想法可以处理这个问题或测试AMSI吗?