IDP.HELU.PSE25 command line detection

I have been getting this detection for quite a few days
it says we’ve blocked powershell.exe because it was infected by IDP.HELU.PSE25-Command line detection

Hi,

Please report it here: https://www.avast.com/false-positive-file-form.php
(it might be caused by a script you are running)

I have been getting this issue as well, it happens to me when trying to install the Azure extension for Visual Studio and again when uninstalling it - done to check if it is the cause of the notification and have repeated this process circa 10 times with the same result. Visual Studio is a mainstream, reputable, provider of software - sure they can have issues and security leaks, but from reading the forums and how far back this issue goes (not specifically relating to Visual Studio) it is nothing new.

I have tried all ways to allow this via the exceptions and Avast still blocks it. I even went to the extreme and done a clean install of windows - to no avail.

The issue has been reported but guessing a fix will not happen in a hurry.

I have been getting this message as well: We’ve blocked powershell.exe because it was infected with IDP.HELU.PSE25 - Command line detection
Process: C:Window\SysWOW64\WindowsPowerShellv1.0\powershell.exe
Detected by: Behavior Shield

Have you submitted it as a possible false positive as r@vast suggested in Reply #1 ?

Same exact issue: Visual Studio Community 2022 - installing directly from Microsoft’s web-site. During the installation - where Azure dev tools are being installed - I get the same issue. Has this not been corrected yet? I submitted a false positive, but if other folks submitted false positives back in 2021…how long will it take for this to be resolved? Is there a workaround? I don’t have confidence that my VS installer worked properly because powershell was blocked while it was running some sort of script to get VS working.

The fact that you are posting in what is an old topic doesn’t mean it wasn’t resolved at that time or there wouldn’t have been such a long gap without posts.

So as suggested use the link in the first reply to report it (as you have) - You should get a response in a day or two.

Well, it is back… in December 2022! what is it? it popup up every 2 mins!

https://i.imgur.com/wSDHGhN.png

As mentioned in Reply #1 and #4 you could report it as a possible false positive.

If it is happening every two minutes, what is powershell.exe attempting to do that might cause the alert by the behaviour shield.

Is it really a false positive? or safe? I am worried the file is infected!

As an Avast User I can’t say that - I don’t have access to your system or know why powershell.exe is running.