Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
WiseVector Free AI Driven Security
Message
<blockquote data-quote="WiseVector" data-source="post: 920386" data-attributes="member: 76851"><p>Hi@Tutman</p><p></p><p>"WIBD:StealthInjector" means PowerShell is creating remote thread in another process. Honestly the first alert looks very suspicious, since normally PowerShell does not start automatically at startup. And PowerShell does not usually inject code into another process. Have you keep WVSX's behavior detection open all the time?</p><p></p><p>"WIBD:Heur.Injector.F0" means PowerShell is injecting code into system process. I just downloaded and installed PowerShell 7.1 X64 in Windows 10 2004. The installer did not execute "RegisterManifest.ps1" during installation. I manually executed "RegisterManifest.ps1" but no alert from WVSX. I also checked the source code of the file but can't find any function related Process Injection. It seems that this issue is related to your specific computer configurations.</p><p></p><p>Have you installed any other security software?</p><p></p><p>Please download Autorun from sysinternals. And then check if any PowerShell script is executed at startup.</p></blockquote><p></p>
[QUOTE="WiseVector, post: 920386, member: 76851"] Hi@Tutman "WIBD:StealthInjector" means PowerShell is creating remote thread in another process. Honestly the first alert looks very suspicious, since normally PowerShell does not start automatically at startup. And PowerShell does not usually inject code into another process. Have you keep WVSX's behavior detection open all the time? "WIBD:Heur.Injector.F0" means PowerShell is injecting code into system process. I just downloaded and installed PowerShell 7.1 X64 in Windows 10 2004. The installer did not execute "RegisterManifest.ps1" during installation. I manually executed "RegisterManifest.ps1" but no alert from WVSX. I also checked the source code of the file but can't find any function related Process Injection. It seems that this issue is related to your specific computer configurations. Have you installed any other security software? Please download Autorun from sysinternals. And then check if any PowerShell script is executed at startup. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
