powershell


Threat Defense has blocked powershell.exe and conhost, stating that the former is malware. TIA for the help.

Annotation 2019-06-24 134823.png

Comments


  • Hello @peacefulcharl


    Please drop us an e-mail at [email protected] and let me know with what e-mail address you have sent it. 

  • edited July 2019


    On 6/27/2019 at 1:58 AM, Bogdan G. said:



    Hello @peacefulcharl


    Please drop us an e-mail at [email protected]m and let me know with what e-mail address you have sent it. 



    Hello @Bogdan G. ,

    I have same problem.These exe's results are clean but still i get notification every 10 seconds.


    Thank you


    Screenshot_1.png

  • edited July 2019


    While I was troubleshooting problems I was having getting Bitdefender and cmder (based on ConEmu) to cooperate.  I think I have some idea as to why this issue with Powershell is happening.  It seems that, under certain circumstances, if another process starts an instance of PowerShell.  Bitdefender will treat that subsequent execution of Powershell as a "Potentially malicious application".  For example, if you try to execute, Turn off Screen.bat from the TechNet Script Center, Bitdefender blocks it.  On the other hand, if you ask a script to stop a process, Bitdefender has no issue with it.  I haven't been able to narrow down what cmdlets/and or command line parameters that trigger this behavior in Bitdefender.  It doesn't help that I'm just really not that familiar with Powershell.  However...


    You could add an exception for the parent process to resolve this problem.  On the other hand, that can create another very, very bad, and very, very big problem.  Just imagine how big a security hole you would create if you add an exception for Powershell to avoid Bitdefender blocking certain scripts?  You could also try turning off Advanced Threat Defense before running blocked scripts.  But that also means you have to remember to turn it back on afterward.


    I could be wrong.  It wouldn't be the first time, and I'm sure it won''t be the last.  But my testing so far does suggest that this is at least a credible hypothesis.  If my hypothesis is correct, perhaps, Bitdefender could/should allow exceptions for any executable file?  Or an option to confirm a given instance of Powershell was intentionally user initiated?


    I responded here first, instead of via email, in the hopes that others might be more capable of testing Bitdefneder's behavior.  And to possibly give people a sense of what might be happening.

  • I'm getting exactly this error every 6 minutes.



Sign In or Register to comment.