F-Secure blocks powershell
As of this morning (2020-03-03) we're unable to execute powershell commands on both client workstations and servers.
Even a simple get-childitem returns:
The 'Get-ChildItem' command was found in the module 'Microsoft.PowerShell.Management', but the module could not be loaded.
If we stop the "F-Secure Ultralight Network Hoster" service, the commands executes just right.
Also when we try to execute a PS1-file we get the following error:
"This script contains malicious content and has been blocked by your antivirus software."
Can anyone verify this?
Client Security: v14.21
Server Security: 14.00
Same problem here. Does not occur with similar machines without F-Secure installed.1
I have the same issue. Disabling F-Secure resolves the issue so it is F-Secure doing something.
But there is nothing is logged so I can't see what is going on
New update pushed through right now. It works again
Same issue here. Updated Policy Manager from version 14.02 to 14.41 yesterday. Clients using version 14.02 and 14.21.
VBS and Powershell script get blocked without showing any information in F-Secure.0
Yes, same here.
I can confirm this. New Update fixed it! Thanks.0
MonikaL Posts: 207 Former WithSecure Employee
The false positive detection Trojan-Spy:W32/Powershell_Mimikatz.B that is causing Real-Time scanning to block the Windows PowerShell from being executed, has already been removed and the changes are made by 03-03-2020 09:00 UTC
This detection unintentionally triggered on Windows Powershell and was introduced in the version F-Secure Hydra Update 2020-03-03_01 at 2020-03-03 05:50 UTC.
The fix was released on the following version F-Secure Hydra Update 2020-03-03_02 at 2020-03-03 08:22 UTC.