Since yesterday Avast has made Visual Studio Code unusable because its “Behavior Shield” triggers a “IDP.HELU.PSE16 - Fileless malware” – see screenshot.
Adding an exclusion for C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe doesn’t help.
I’ll have to live with disabling the “Behavior Shield” for now, but given that PowerShell.exe is a critical part of Windows and of my developer work, I’d like a fix ASAP.
I can confirm that I received the same message (only once) when installing Visual Studio 2019 Community today.
Program version: 19.4.2374
Virus definitions: 190511-2
The difference for me is that the installation didn’t stop, but completed successfully!
I’ve a powershell script in which I have to store a password (I know this is unsafe, but there is no way around). For this reason I am obfuscating it, for at least a minimum of security. Additionally, I have to make a workaround by calling it from a batch script, otherwise it doesn’t works correctly.
And sometimes if the script gets run, avast says that powershell.exe has been moved to virus container. I’ve already set exclusions for the scripts and the powershell file, but avast seems to constantly ignore this. And also if I’m looking into the virus chest, there is no new file, but powershell doesn’t work any more until I reboot my system.
So is there any way to tell avast to leave my files alone exept disabling behaviour shield? I’d really like to avoid that.