Advice Request Did Avast One really quarantine PowerShell.exe?

Please provide comments and solutions that are helpful to the author of this topic.

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779

@Andrew3000 i was looking at the dynamic result there and the dialog made it sound like it moved the PowerShell interpreter to Quarantine 😂

Did it actually end up doing that? I’m guessing Windows system file self-heal would’ve restored PowerShell.exe, but most behavior blockers seem to understand just killing the process is sufficient and you don’t need to delete a legitimate Windows binary.
 

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
No, it is Avast that shows the different path to the malware that was originally launched. The first time I noticed this thing it scared me, evidently Avast likes jokes!
If you restore from quarantine, the file is restored is the correct one (.vbs)
See the screenshots in the spoiler

1646431854839.png

1646431900199.png
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
No, it is Avast that shows the different path to the malware that was originally launched. The first time I noticed this thing it scared me, evidently Avast likes jokes!
If you restore from quarantine, the file is restored is the correct one (.vbs)
See the screenshots in the spoiler

Ah great! Too funny, if I saw that dialog I would have had a heart attack.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top