powershell

peacefulcharlie
edited January 2022 in General Topics


Threat Defense has blocked powershell.exe and conhost, stating that the former is malware. TIA for the help.

Annotation 2019-06-24 134823.png

Comments


  • Hello @peacefulcharl


    Please drop us an e-mail at bitsy@bitdefender.com and let me know with what e-mail address you have sent it. 

  • elfaron
    edited July 2019


    On 6/27/2019 at 1:58 AM, Bogdan G. said:



    Hello @peacefulcharl


    Please drop us an e-mail at bitsy@bitdefender.com and let me know with what e-mail address you have sent it. 



    Hello Bogdan G. ,

    I have same problem.These exe's results are clean but still i get notification every 10 seconds.


    Thank you


    Screenshot_1.png


  • Hello /index.php?/profile/216966-elfaron/&do=hovercard" data-mentionid="216966" href="<___base_url___>/index.php?/profile/216966-elfaron/" rel="">@elfaron


     


    We would like to further investigate this matter and to be able to do this, please drop us an e-mail at bitsy@bitdefender.com

  • ShadesOfGrey
    edited July 2019


    While I was troubleshooting problems I was having getting Bitdefender and cmder (based on ConEmu) to cooperate.  I think I have some idea as to why this issue with Powershell is happening.  It seems that, under certain circumstances, if another process starts an instance of PowerShell.  Bitdefender will treat that subsequent execution of Powershell as a "Potentially malicious application".  For example, if you try to execute, Turn off Screen.bat from the TechNet ****** Center, Bitdefender blocks it.  On the other hand, if you ask a ****** to stop a process, Bitdefender has no issue with it.  I haven't been able to narrow down what cmdlets/and or command line parameters that trigger this behavior in Bitdefender.  It doesn't help that I'm just really not that familiar with Powershell.  However...


    You could add an exception for the parent process to resolve this problem.  On the other hand, that can create another very, very bad, and very, very big problem.  Just imagine how big a security hole you would create if you add an exception for Powershell to avoid Bitdefender blocking certain scripts?  You could also try turning off Advanced Threat Defense before running blocked scripts.  But that also means you have to remember to turn it back on afterward.


    I could be wrong.  It wouldn't be the first time, and I'm sure it won''t be the last.  But my testing so far does suggest that this is at least a credible hypothesis.  If my hypothesis is correct, perhaps, Bitdefender could/should allow exceptions for any executable file?  Or an option to confirm a given instance of Powershell was intentionally user initiated?


    I responded here first, instead of via email, in the hopes that others might be more capable of testing Bitdefneder's behavior.  And to possibly give people a sense of what might be happening.

  • I'm getting exactly this error every 6 minutes.



  • Jan 17th

    I am getting exact same behavior with threat messaging for powershell and cohost. Please advise solution

  • Same problem as mentioned above on windows 11 when clean update powershell scripts run to UPDATE WINDOWS which is not possible since it is blocked by the prevention method. If you think windows is malware than just block the entire thing. Many apps work on update at startup using powershell and false positives make your product look very very bad

  • Same problem here, Bitdefender ATD is blocking programs that are invoking a PowerShell scripts. It's so annoying that I'm just going to cancel my subscription.

  • jcoxhead
    edited August 2022

    I agree with the previous comments - and am going to cancel my subscription I am a developer, and I can't work with this product.

    I am constantly pulling stuff out of qaurantine and turning things off when I am running powershell. I was advised this was the best product on the market place. Far from it, it's unusable.

  • A year and a half after the first comment of this group, I also have the same problem as I recently bought a subscription to this antivirus. This means that during this time Bitdefender has not solved the problem and still asks us to email the support department.