During an incident response, an analyst runs a live response command on a Windows device using Microsoft Defender for Endpoint. The command 'Get-Service -Name BITS' returns no output. What is the most likely cause?
Live response runs in ConstrainedLanguage mode, which restricts cmdlets. Get-Service is not allowed.
Why this answer
Live response uses a restricted PowerShell language mode (ConstrainedLanguage) which blocks many commands. Get-Service may not be available. The service might be stopped but still exist; permissions are usually fine.