Windows poweshell as false positive

Hi,

I am one of the (yet) few people interested in Microsoft’s new Windows Powershell (scripting platform). Thus, I have installed the latest version.

After August 22-23, Avast has reported the main poweshell file (PowerShellIDE.exe) as infected with Win32:Pakes-CH [Trj]. I am positive that this is not the case. I also checked it at virustotal and all of the >20 programs said it was OK.

I the news a couple of moths ago it was reported that there now are viruses for the Powershell environment… but just because there are viruses the entire environment can not be banned.

Thanks for a good product!

rgds,
Fredrik

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan, it will need to be temporarily removed from the standard shield exclusions otherwise it won’t be scanned), when it is no longer detected then you can also remove it from the program settings, exclusions.
Also see (Mini Sticky) False Positives

Win32:Pakes-CH [Trj] was a ‘false positive’ recently in some other files…
http://forum.avast.com/index.php?topic=23077.msg190411#msg190411
Maybe they’ve corrected this in the last VPS update :-\

hmm… sorry. I now realized that the exe file i mentioned was a part of a an add-on ide-tool and not made by Microsoft… Thus, not that serious problem. But I still do not think it is a virus…

But, I scanned with today’s iAVS and it was clean. Thus, I guess it was fixed by resolving the other false positive mentioned above.

Thanks a lot for your quick reply. You are state of the art company when it comes to support

regards,
Fredrik