Author Topic: IDP.HELU.PSE25 command line detection  (Read 9312 times)

0 Members and 1 Guest are viewing this topic.

Offline utkarshbhangale009

  • Newbie
  • *
  • Posts: 1
IDP.HELU.PSE25 command line detection
« on: August 05, 2021, 06:35:04 PM »
I have been getting this detection for quite a few days
it says we've blocked powershell.exe because it was infected by IDP.HELU.PSE25-Command line detection

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: IDP.HELU.PSE25 command line detection
« Reply #1 on: August 06, 2021, 11:00:02 AM »
I have been getting this detection for quite a few days
it says we've blocked powershell.exe because it was infected by IDP.HELU.PSE25-Command line detection

Hi,

Please report it here: https://www.avast.com/false-positive-file-form.php
(it might be caused by a script you are running)

Offline robhills

  • Newbie
  • *
  • Posts: 1
Re: IDP.HELU.PSE25 command line detection
« Reply #2 on: September 04, 2021, 02:10:37 PM »
I have been getting this issue as well, it happens to me when trying to install the Azure extension for Visual Studio and again when uninstalling it - done to check if it is the cause of the notification and have repeated this process circa 10 times with the same result. Visual Studio is a mainstream, reputable, provider of software - sure they can have issues and security leaks, but from reading the forums and how far back this issue goes (not specifically relating to Visual Studio) it is nothing new.

I have tried all ways to allow this via the exceptions and Avast still blocks it. I even went to the extreme and done a clean install of windows - to no avail.

The issue has been reported but guessing a fix will not happen in a hurry.

Offline lindakomoll

  • Newbie
  • *
  • Posts: 1
Re: IDP.HELU.PSE25 command line detection
« Reply #3 on: September 22, 2021, 12:31:25 AM »
I have been getting this message as well:  We've blocked powershell.exe because it was infected with IDP.HELU.PSE25 - Command line detection
Process:          C:Window\SysWOW64\WindowsPowerShellv1.0\powershell.exe
Detected by:    Behavior Shield

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: IDP.HELU.PSE25 command line detection
« Reply #4 on: September 22, 2021, 01:42:26 AM »
Have you submitted it as a possible false positive as r@vast suggested in Reply #1 ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline autumneden

  • Newbie
  • *
  • Posts: 2
Re: IDP.HELU.PSE25 command line detection
« Reply #5 on: November 12, 2022, 08:35:07 PM »
Same exact issue: Visual Studio Community 2022 - installing directly from Microsoft's web-site. During the installation - where Azure dev tools are being installed - I get the same issue. Has this not been corrected yet? I submitted a false positive, but if other folks submitted false positives back in 2021...how long will it take for this to be resolved? Is there  a workaround? I don't have confidence that my VS installer worked properly because powershell was blocked while it was running some sort of script to get VS working.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: IDP.HELU.PSE25 command line detection
« Reply #6 on: November 12, 2022, 11:30:12 PM »
The fact that you are posting in what is an old topic doesn't mean it wasn't resolved at that time or there wouldn't have been such a long gap without posts.

So as suggested use the link in the first reply to report it (as you have) - You should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline THE-MZ

  • Newbie
  • *
  • Posts: 2
Re: IDP.HELU.PSE25 command line detection
« Reply #7 on: December 04, 2022, 12:00:24 AM »
Well, it is back... in December 2022! what is it? it popup up every 2 mins!


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: IDP.HELU.PSE25 command line detection
« Reply #8 on: December 04, 2022, 02:40:14 AM »
As mentioned in Reply #1 and #4 you could report it as a possible false positive.

Have you submitted it as a possible false positive as r@vast suggested in Reply #1 ?

If it is happening every two minutes, what is powershell.exe attempting to do that might cause the alert by the behaviour shield.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline THE-MZ

  • Newbie
  • *
  • Posts: 2
Re: IDP.HELU.PSE25 command line detection
« Reply #9 on: December 04, 2022, 11:50:13 AM »
Is it really a false positive? or safe? I am worried the file is infected!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: IDP.HELU.PSE25 command line detection
« Reply #10 on: December 04, 2022, 11:55:25 AM »
As an Avast User I can't say that - I don't have access to your system or know why powershell.exe is running.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security