I don't like how my company keeps looking for bandage solutions instead of technology solutions.

We are a security company and we have an agent. We aren't allowed to drop binaries in customer environment because compliance.

Okay, fair enough. But we still are running powershell and posix sh scripts like nobody's business.

I suggested using embedded Lua or MicroPython or our own DSL or something. But that idea was shot down because embedding Lua or MicroPython could open up attack surface.

But I feel running PowerShell isn't the best idea either because simply having it enabled isn't the best practice.

And can't do our own DSL because of the engineering overhead. Fair enough, I guess.

So, I suggested running embedded C# in our PowerShell scripts so we could have greater control over the virtual patches we ship. And, it was shot down because compliance. I am not even dropping binary. This C# code will be JIT compiled and executed in memory.

So, I suggested going deep into WMI queries, but this was shot down because WMI queries are another attack vector and may not be enabled on the customer end.

We constantly receive feedback from customer regarding how we can build virtual patches that would bypass their local group policies.

So, I am confused now. Maybe its just skill issue for me or maybe its something else. But I am all out of ideas and I don't know what other innovative solution I can offer.