« previous next »
Pages: [1]   Go Down

Author Topic: Windows poweshell as false positive  (Read 3134 times)

0 Members and 1 Guest are viewing this topic.

joensson

  • Guest
Windows poweshell as false positive
« on: August 24, 2006, 11:28:28 AM »
Hi,

I am one of the (yet) few people interested in Microsoft's new Windows Powershell (scripting platform). Thus, I have installed the latest version.

After August 22-23, Avast has reported the main poweshell file (PowerShellIDE.exe) as infected with Win32:Pakes-CH [Trj]. I am positive that this is not the case. I also checked it at virustotal and all of the >20 programs said it was OK.

I the news a couple of moths ago it was reported that there now are viruses for the Powershell environment.. but just because there are viruses the entire environment can not be banned.

Thanks for a good product!

rgds,
Fredrik
Logged

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89022
  • No support PMs thanks
Re: Windows poweshell as false positive
« Reply #1 on: August 24, 2006, 01:54:32 PM »
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan, it will need to be temporarily removed from the standard shield exclusions otherwise it won't be scanned), when it is no longer detected then you can also remove it from the program settings, exclusions.
Also see (Mini Sticky) False Positives
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Windows poweshell as false positive
« Reply #2 on: August 24, 2006, 02:00:54 PM »
Win32:Pakes-CH [Trj] was a 'false positive' recently in some other files...
http://forum.avast.com/index.php?topic=23077.msg190411#msg190411
Maybe they've corrected this in the last VPS update  :-\
« Last Edit: August 24, 2006, 02:03:03 PM by Tech »
Logged
The best things in life are free.

joensson

  • Guest
Re: Windows poweshell as false positive
« Reply #3 on: August 24, 2006, 02:11:13 PM »

hmm.. sorry. I now realized that the exe file i mentioned was a part of a an add-on ide-tool and not made by Microsoft.. Thus, not that serious problem.  But I still do not think it is a virus..

But, I scanned with today's iAVS and it was clean. Thus, I guess it was fixed by resolving the other false positive mentioned above.

Thanks a lot for your quick reply. You are state of the art company when it comes to support

regards,
Fredrik
Logged
Pages: [1]   Go Up
« previous next »