F-Secure blocks powershell

KlausRN

As of this morning (2020-03-03) we're unable to execute powershell commands on both client workstations and servers.

Even a simple get-childitem returns:

The 'Get-ChildItem' command was found in the module 'Microsoft.PowerShell.Management', but the module could not be loaded.

If we stop the "F-Secure Ultralight Network Hoster" service, the commands executes just right.

Also when we try to execute a PS1-file we get the following error:

"This script contains malicious content and has been blocked by your antivirus software."

MonikaL

Hi,

The false positive detection Trojan-Spy:W32/Powershell_Mimikatz.B that is causing Real-Time scanning to block the Windows PowerShell from being executed, has already been removed and the changes are made by 03-03-2020 09:00 UTC

This detection unintentionally triggered on Windows Powershell and was introduced in the version F-Secure Hydra Update 2020-03-03_01 at 2020-03-03 05:50 UTC.

The fix was released on the following version F-Secure Hydra Update 2020-03-03_02 at 2020-03-03 08:22 UTC.

Regards,

Monika