Advice Request Did Avast One really quarantine PowerShell.exe?

Please provide comments and solutions that are helpful to the author of this topic.
M

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
782
7,141
1,469

@Andrew3000 i was looking at the dynamic result there and the dialog made it sound like it moved the PowerShell interpreter to Quarantine 😂

Did it actually end up doing that? I’m guessing Windows system file self-heal would’ve restored PowerShell.exe, but most behavior blockers seem to understand just killing the process is sufficient and you don’t need to delete a legitimate Windows binary.
 
  • Like
  • Wow
Reactions: Shadowra, Kongo, Andrew3000 and 2 others
No, it is Avast that shows the different path to the malware that was originally launched. The first time I noticed this thing it scared me, evidently Avast likes jokes!
If you restore from quarantine, the file is restored is the correct one (.vbs)
See the screenshots in the spoiler

1646431854839.png

1646431900199.png
 
  • Like
  • HaHa
Reactions: harlan4096, Shadowra, MacDefender and 3 others
Andrew3000 said:
No, it is Avast that shows the different path to the malware that was originally launched. The first time I noticed this thing it scared me, evidently Avast likes jokes!
If you restore from quarantine, the file is restored is the correct one (.vbs)
See the screenshots in the spoiler

View attachment 264778
View attachment 264779
Click to expand...
Ah great! Too funny, if I saw that dialog I would have had a heart attack.
 
  • HaHa
  • Like
Reactions: Andrew3000, harlan4096, Shadowra and 1 other person

You may also like...