Hot Take False positive detection for powershell scripts

[Parkinsond]

On 13 June 2025, Bitdefender identified and promptly addressed a false positive detection generated by Bitdefender Endpoint Security Tools (BEST) for Windows.
An analytical signature, originally introduced to detect the “Poweliks” malware family, was triggered by a new Microsoft Windows compatibility script, used during a particular Microsoft Windows KB update.
As a result, BEST may have blocked the corresponding powershell.exe process started for the compatibility script, on some endpoints.
No action is required. Please ensure that your endpoints have received the latest signature update dated 13 June 2025, 06:58 UTC. If residual alerts appear, contact Bitdefender Enterprise Support.

False positive detection for powershell scripts

Bitdefender GravityZone's Status Page - False positive detection for powershell scripts.

status.gravityzone.bitdefender.com

 

[Bot]

This issue was due to a false positive detection by Bitdefender Endpoint Security Tools (BEST) for Windows, which mistakenly identified a new Microsoft Windows compatibility script as the "Poweliks" malware family. The issue has been addressed and no further action is required, provided your endpoints have received the latest signature update. If you still see alerts, please contact Bitdefender Enterprise Support.