-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installing OSDBuilder triggers malware warning. #91
Comments
I have not experienced this because I only use OSDBuilder in an isolated VM with antivirus disabled. Good information here: |
Please provide some details on the file that was detected, dig through the logs. Keep in mind that OSDBuilder hasn't been updated since February, so nothing has changed recently related to the Module |
Sorry for delay replying. The malware warning was triggered when running the "Import-Module OSDBuilder" command (immediately after running Install-Module). I've attached a pic of the warning (flagged by BitDefender). There are no logs to dig through, since OSDBuilder is not yet installed on this machine. If there are other logs pertinent to this issue please direct me to them. |
The logs for your AV are what need to be reviewed. There should be a clear log that defines which file in the Module is infected. I don't have or use BitDefender so I'm unable to replicate. |
Seems it's not happy with Get-PSCloudScript.ps1 for some reason.
|
Ok, so it's not an issue with OSDBuilder, it is an issue with OSD Module. Can you try the following command? |
Transcript attached. |
This is most certainly a false positive for BitDefender. I suggest submitting a sample for them to look at. Here's a similar issue https://community.bitwarden.com/t/bitdefender-saying-bitwardens-install-script-has-a-virus/52789 |
Yeah I thought as much. I added the OSD/OSDBuilder script locations to BitDefender’s exceptions and was able to install the module without issues. Then when I did an Import-Media from an ISO I downloaded from Microsoft it started throwing malware detections at me during that process, for Microsoft DLL’s. Time to choose a new AV tool I think. |
Got a warning re. malicious content when performing an import-module OSDBuilder today:
Suspicious activity blocked
Feature:
Antivirus
PowerShell tried to load a malicious resource detected as Heur.BZC.ZFV.Boxter.341.C5E73568 and was blocked. Your device is safe.
Anyone else experienced this?
The text was updated successfully, but these errors were encountered: