Devolutions ForumDevolutions Forum

Update to RDM 13.0.6.0 caused Windows Defender trojan alert

Update to RDM 13.0.6.0 caused Windows Defender trojan alert

avatar
jason04
Disabled

I let the auto-update run to install 13.0.6.0 (I think I was on 13.0.5.x) and during the installation Windows Defender popped up a warning that it had quarantined a trojan, Trojan:PowerShell/Peasecto.a for affected file C:\Program Files (x86)\WindowsPowerShell\Modules\RemoteDesktopManager.PowerShellModule\RemoteDesktopManager.PowerShellModule.psd1. I'm running Windows 10 Enterprise version 1709.

All Comments (4)

avatar
David Hervieux

Hi,
This is strange. Its the PowerShell script to regsiter the RDM powershell cmdLet. We will investigate.

Regards

David Hervieux

avatar
jens03

Hi,

i have the same problem.
Here my windows defender log:


Trojan:PowerShell/Vigorf.A

Betroffene Elemente:
file: C:\Program Files (x86)\WindowsPowerShell\Modules\RemoteDesktopManager.PowerShellModule\RemoteDesktopManager.PowerShellModule.psd1
file: C:\Program Files\WindowsPowerShell\Modules\RemoteDesktopManager.PowerShellModule\RemoteDesktopManager.PowerShellModule.psd1

avatar
Ferd

I confirm same here but I'm on v13.0.12.0

avatar
Hubert Mireault

Hello,

Microsoft should have released an update for windows defender on January 28th to fix the Trojan:PowerShell/Peasecto.a false positive.
Here's a link for more information:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:PowerShell/Peasecto.A&ThreatID=-2147241818
NOTE: On January 28, 2018, cases of an incorrect detection for this protection were reported and immediately fixed.

On that page there is also a link on how to manually update windows defender. Hopefully with this fix from Microsoft there won't be a false positive again.

Regards,

Hubert Mireault