Skip to Main Content
Patch My PC Feature and Application Request

A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:

7 VOTE
Status NOTED
Created by Guest
Created on Jul 15, 2021

Support for Constrained Language Mode (CLM)

Certain Governments are requesting that powershell on workstations run with CLM enabled. Using this feature enabled, the detection script used with PatchMyPc fails as it uses lines which are blocked. There already apparently is working scripts with the Intune version of the detection script with CLM enabled, Can we get this with the SCCM deployment version?

  • Attach files
  • Admin
    Ben Reader
    Reply
    |
    Jul 26, 2022

    CLM aggressively lowers what can be done with PowerShell, which means most of our detection logic fails.

    The solution to this is to configure your AppLocker policies to enable location based "whitelisting" and configuring code-signing for all detection / requirement scripts from the PMPC Publisher.

    I do not believe there is anything else we can do.

  • +2