We are receiving tons of alerts in the same client with this threat but I image is a false positive, Can you help me to figure it out? I scan system and they are clean, I also use malwarebytes as back up.
Description: The device is infected with a security threat.
Details:
Threat Description: IDP.HELU.PSWM6%s_cmd
Threat Severity: Infection
Threat Shield: Behavior Shield
Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Virus Action: Fix automatically - means try to Repair, if it fails, try to Move to Chest, and if even that fails, delete
Group: Default
Date and Time: 3/3/2020 10:56:29 AM
Notes:
Alert Name: Default
We run the Nessus SCAN Everyday, I’ve been in touch with them and asked me to enable advanced logging. It is still on my list of things to do. But from the tests that I have done here it does seem the Nessus is causing the issue.
Makes sense, I just check and run an Tenable IO agent scan and avast went crazy again, this is getting annoying. Reports powershell.exe or CMD.exe too.
Today we start seeing the same error again in all of our system, the fixed did work for a while but just came back.
An Avast Business CloudCare High-Priority Alert Occurred.
Description: The device is infected with a security threat.
Details:
Threat Description: IDP.HELU.PSWM7%s_cmd
Threat Severity: Infection
Threat Shield: Behavior Shield
Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Virus Action: Fix automatically - means try to Repair, if it fails, try to Move to Chest, and if even that fails, delete
Customer:
Group: Default
Device:
Date and Time: 4/14/2020 11:05:38 AM
Notes:
Alert Name: Default
Click here to view this alert in the CloudCare portal.
as it’s different detection you should create a new topic so it won’t be lost.
We cannot help you based on your current input but there is possibility to create an exclusion from the detection dialog for this detection.
We’d need support package to check if there is something we can go.