Avast WEBforum
Other => Viruses and worms => Topic started by: nynjguy on March 03, 2020, 04:59:30 PM
-
Hi
We are receiving tons of alerts in the same client with this threat but I image is a false positive, Can you help me to figure it out? I scan system and they are clean, I also use malwarebytes as back up.
Description: The device is infected with a security threat.
Details:
Threat Description: IDP.HELU.PSWM6%s_cmd
Threat Severity: Infection
Threat Shield: Behavior Shield
Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Virus Action: Fix automatically - means try to Repair, if it fails, try to Move to Chest, and if even that fails, delete
Group: Default
Date and Time: 3/3/2020 10:56:29 AM
Notes:
Alert Name: Default
-
Here is the screenshot of the error.
-
Report it to avast lab >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
-
HI Nynjguy,
By any chance are you running Nessus (Tennable.IO) agents on your machines as well?
-
Hi Nynjguy,
could you follow these steps https://support.avast.com/en-us/article/33/ and write the Ticket ID here in the comments?
We cannot really help you when only screen should is provided.
Thanks,
PDI
-
HI Nynjguy,
By any chance are you running Nessus (Tennable.IO) agents on your machines as well?
Yes we are doing Tenable IO scanning every week, this may be>?
-
Hi Nynjguy,
could you follow these steps https://support.avast.com/en-us/article/33/ and write the Ticket ID here in the comments?
We cannot really help you when only screen should is provided.
Thanks,
PDI
The case number is 10221416
-
Hi,
we did change the detection and it'd be fixed in the VPS tomorrow.
Regards,
PDI
-
HI Nynjguy,
By any chance are you running Nessus (Tennable.IO) agents on your machines as well?
Yes we are doing Tenable IO scanning every week, this may be>?
We run the Nessus SCAN Everyday, I've been in touch with them and asked me to enable advanced logging. It is still on my list of things to do. But from the tests that I have done here it does seem the Nessus is causing the issue.
-
HI Nynjguy,
By any chance are you running Nessus (Tennable.IO) agents on your machines as well?
Yes we are doing Tenable IO scanning every week, this may be>?
We run the Nessus SCAN Everyday, I've been in touch with them and asked me to enable advanced logging. It is still on my list of things to do. But from the tests that I have done here it does seem the Nessus is causing the issue.
Makes sense, I just check and run an Tenable IO agent scan and avast went crazy again, this is getting annoying. Reports powershell.exe or CMD.exe too.
-
Hi,
please be patient. The fix'd be released today as I wrote yesterday.
Regards,
PDI
-
Hi
Today we start seeing the same error again in all of our system, the fixed did work for a while but just came back.
An Avast Business CloudCare High-Priority Alert Occurred.
Description: The device is infected with a security threat.
Details:
Threat Description: IDP.HELU.PSWM7%s_cmd
Threat Severity: Infection
Threat Shield: Behavior Shield
Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Virus Action: Fix automatically - means try to Repair, if it fails, try to Move to Chest, and if even that fails, delete
Customer:
Group: Default
Device:
Date and Time: 4/14/2020 11:05:38 AM
Notes:
Alert Name: Default
Click here to view this alert in the CloudCare portal.
-
Hi,
was there any update to the Nessus software?
Thanks,
PDI
-
Not that I'm aware, but is the same thing. Nessus and Tenable IO always uses CMD or Powershell to scan the machines.
I check all the warning is the exact same thing as the one before. Anything you need from us to help out?
-
Hi,
it's ok for now. I'll let you know when the fix is ready or if we need more information.
Regards,
PDI
-
Hi,
the fix should be released tomorrow.
Regards,
PDI
-
Thank you so much!
-
Hi,
it's ok for now. I'll let you know when the fix is ready or if we need more information.
Regards,
PDI
Hi
The error came back again today on few users, can you help me please.
Everything is whitelist, no idea why this keep happening with Tenable IO.
-
The error came back again today on few users, can you help me please.
How to report stuff is still found at the same place, see sticky posts at top in this forum section
direct link https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
-
Hi nynjguy,
as it's different detection you should create a new topic so it won't be lost.
We cannot help you based on your current input but there is possibility to create an exclusion from the detection dialog for this detection.
We'd need support package to check if there is something we can go.
Regards,
PDI
-
Hi,
please be patient. The fix'd be released today as I wrote yesterday.
Regards,
PDI
It's not fixed yet. I just got this notification today, March 16, for the first time since I started using Avast CloudCare. It is constantly receiving current updates.