Avast blocking execution of PowerShell

Hi,
It seems that from some time of this year Avast started to block PowerShell on my pc.
Major Minor Build Revision


5 1 22000 2538

If I disable Avast, PS is executed quite fine. If Avast is enabled, execution of the any command does not show any error, I just get empty prompt.
Example screen shot attached.

I also have tried to add it in exception list, and to allowed apps list but it’s not working either (the same result).

Regards,
K.

PS seems to work for me, at least opening a Powershell prompt and typing get-process works. I’m on Windows 10 with Avast free version 24.3.6108 (build 24.3.8975.832). On another note, I noticed that I cannot compile Papyrus apps for the past couple weeks, and I traced it to the “Anti-Rootkit Shield.” Turning that off allows me to compile again. Maybe that is also affecting you?

Yes, you are right! When “Enable Anti-Rootkit shield” is disabled, starting PS works fine. When the PS is started, it works fine at least what I tried so far.
Also running the “powershell …” in the command prompt is not working when this is enabled.

Now @Avast can you do something about this?

Regards,
K.

Hello,

Seems as if you both are advanced, so here is a link to an avast anti-rootkit shield article: https://businesshelp.avast.com/Content/Products/AfB_Antivirus/ConfiguringSettings/CoreShieldSettings.htm

Of course these settings may or may not be available in consumer-grade applications tho.

For Avast Premium Security Menu>Settings>Search>Geek:Area will give you a hidden settings area but no anti-root settings available there.

Menu>Settings>Protection>Core Shields will show anti-rootkit but no settings to modify other than to turn on or off.

Thank you for suggesting, but additional things will not resolve the issue.
As you have noticed there is only on/off and this is not the solution I’m satisfied with.
I would expect if something is put to the exception list, it would be on the exception list and would not trigger Avast security (or at least the available possibility to extend the behavior of how Avast would react in an exception situation)

Tnx,
K.

Bump for the topic… anyone else has some additional resolution or suggestion what to try?
the new release still didn’t resolve the issue…
when can I expect the solution to my problem?

Regrads,
K.

Agreed an update would be nice.

I’m facing the same issue. I need to work in PowerShell frequently. I’m not happy with the constant toggling of rootkit protection. PowerShell is an integral part of the system, and no other antivirus software blocks it except yours. Please focus on detecting external threats, not my internal activities. How can I use PowerShell effectively now?

I agree this is must be very annoying but I was wondering why adding a global exception, which the OP said didn’t work, doesn’t work.

So I was wondering what path people are using to add it as an exception?

Previously (older Windows versions) it was located at C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell. You would probably need to put in a wildcard exclusion for the whole folder or another for the powershell ise executable too.

There is an option to add the application to the exception list, but this is not working for some reason for PowerShell. None of the suggested solutions here are working either. The older PS version is working without the problem, but Avast is blocking the later versions for unknown reason.

This is called - We’re not sure if this feature is helpful to you, but we’re turning it off anyway. This is ridiculous!

I’m sorry, but I do not understand this. Could you please explain more?
Exclusion list feature is not helpful? Or the reported problem is ridiculous. Or do you mean something else?

Regards,
K.

If you read back the problem seems to be with the AVAST anti-root kit shield interfering with Powershell.

So in the absence of any fix or explanation being provided by AVAST in the last ten weeks since you reported the problem I assume RedDark has decided the best solution is just to turn off the anti-root kit shield permanently rather than having to do that every time Powershell is needed.

A reasonable response in the circumstances, I think. When with the AVAST shield off there are no more problems with Powershell and, short of some other niche explanation for that, the problem must be with AVAST.

Turning it off of course increases the risk. However there is a balance to be had between protection and being able to use your PC without the likely unnecessary and without doubt annoying interference from that protective software. Particularly so when it involves such a widely used and well known Microsoft Windows tool.

Thank you, Lizard for the explanation! :o
I agree about risk, which I’m not willing to accept. For the sake of me at least I do not need to disable Avast every single day, just occasionally on 5min so I will be fine but would rather be happy if at least “Exclusion list” would work as it’s supposed to.

Regards,
K.

:frowning: → Me…waiting for better days for the fix (that still didn’t come)

Agreed. What’s the point of an exclusion if it doesn’t work?

It appears that Avast employees, instead of identifying a threat, simply eliminated the possibility of its occurrence by disabling the entire application without any reason. They could have just as easily disabled the browser in the same way, since it is also dangerous to use. It’s like instead of fixing something, they decided not to bother and just cut it off at the root. How is it possible that I, as an OS administrator, cannot run PowerShell with administrator rights? I can’t even run it without rights. Are you out of your mind? Why did I install an antivirus program if it’s going to prevent me from using all the features of the OS?

No, it isn’t mended. I still need to disable Avast to run PowerShell.

I’m glad this issue was fixed with the latest update.

Right-click on powershell.exe and select “Run always in sandbox” worked for me