Triggering AMSI detection in Windows Defender

[secabstraction]

• VSCode Version: 1.19.3
• OS Version: 10.0.16299.0

Steps to Reproduce:

1. Open PowerShell project in VS Code

Does this issue occur when all extensions are disabled?: No

Disabling PowerShell extension seems to kill the AMSI detection in windows defender. Looks like it might be tied to the PowerShell Integrated Console.

Trojan:PowerShell/Peasecto.A

Affected items:
amsi:PowerShell_C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.16299.15000000000000000a
amsi:PowerShell_C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.16299.15000000000000000b

[roberttoups]

I just got this alert from Windows Defender a few minutes ago launching Visual Studio Code.

Trojan:PowerShell/Peasecto.A

[ChrisBellew]

The windows defender team released virus definitions with this problem in it. They have now fixed it.

You can remove this warning by updating your virus definitions.
https://www.microsoft.com/en-us/wdsi/definitions

[KevinMarquette]

This is resolved in definition update 1.261.424.0

PS:> Get-MpComputerStatus | select anti*

AntivirusSignatureLastUpdated   : 1/28/2018 8:28:37 PM
AntivirusSignatureVersion       : 1.261.424.0

[glennsarti]

sigh Automatic Updates is still giving me 1.261.421.0 Manual update time :-(