Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Triggering AMSI detection in Windows Defender #42284

Open
secabstraction opened this issue Jan 28, 2018 · 4 comments
Open

Triggering AMSI detection in Windows Defender #42284

secabstraction opened this issue Jan 28, 2018 · 4 comments
Assignees
@kieferrm

Comments

@secabstraction
Copy link

  • VSCode Version: 1.19.3
  • OS Version: 10.0.16299.0

Steps to Reproduce:

  1. Open PowerShell project in VS Code

Does this issue occur when all extensions are disabled?: No

Disabling PowerShell extension seems to kill the AMSI detection in windows defender. Looks like it might be tied to the PowerShell Integrated Console.

Trojan:PowerShell/Peasecto.A

Affected items:
amsi:PowerShell_C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.16299.15000000000000000a
amsi:PowerShell_C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.16299.15000000000000000b
@roberttoups
Copy link

image
I just got this alert from Windows Defender a few minutes ago launching Visual Studio Code.

Trojan:PowerShell/Peasecto.A

@ChrisBellew
Copy link

The windows defender team released virus definitions with this problem in it. They have now fixed it.

You can remove this warning by updating your virus definitions.
https://www.microsoft.com/en-us/wdsi/definitions

@KevinMarquette
Copy link

This is resolved in definition update 1.261.424.0

PS:> Get-MpComputerStatus | select anti*

AntivirusSignatureLastUpdated   : 1/28/2018 8:28:37 PM
AntivirusSignatureVersion       : 1.261.424.0

@glennsarti
Copy link

sigh Automatic Updates is still giving me 1.261.421.0 Manual update time :-(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kieferrm kieferrm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@roberttoups @ChrisBellew @kieferrm @secabstraction @glennsarti @KevinMarquette