Devolutions ForumDevolutions Forum

Antivirus reporting PS Script as trojan

Antivirus reporting PS Script as trojan

avatar
masteryoda

Hi

I have bitdefender and when i tried to install the server, bitdefender blocks the install and says "a malicious resource detected"

leTRWAVz5q.png

34RtYhLr41.png

All Comments (6)

avatar
masteryoda

I temporarily disabled the AV & installed it. Thats the only way out for now I guess

avatar
Marc-André Moreau

Hi,

I assume this happened with the Devolutions Gateway installer? We install a copy of the DevolutionsGateway PowerShell module and call it during the installation to configure Devolutions Gateway. This is odd, it is code signed, and has never been flagged before by an AV. Can you try installing it separately and see if your AV flags it?

https://www.powershellgallery.com/packages/DevolutionsGateway

Best regards,

Marc-André Moreau

avatar
masteryoda
Hi,

I assume this happened with the Devolutions Gateway installer? We install a copy of the DevolutionsGateway PowerShell module and call it during the installation to configure Devolutions Gateway. This is odd, it is code signed, and has never been flagged before by an AV. Can you try installing it separately and see if your AV flags it?

https://www.powershellgallery.com/packages/DevolutionsGateway

Best regards,


Got this message, but when I selected Yes to All, it installed just fine.

4f336854-42ba-4ec8-9f70-752345242439.png

avatar
Marc-André Moreau

Hi,

PSGallery is untrusted by default, so the prompt is expected. In your original error, the AV appears to have flagged the DevolutionsGateway module when it was initially imported, so can you try:

Import-Module DevolutionsGateway

And see if the AV kicks in as the module is loaded. If it works, then the AV is likely unhappy about the same PowerShell module being installed, loaded and called from inside an MSI installer.

Best regards,

Marc-André Moreau

avatar
masteryoda
Hi,

PSGallery is untrusted by default, so the prompt is expected. In your original error, the AV appears to have flagged the DevolutionsGateway module when it was initially imported, so can you try:

Import-Module DevolutionsGateway

And see if the AV kicks in as the module is loaded. If it works, then the AV is likely unhappy about the same PowerShell module being installed, loaded and call from inside an MSI installer.

Best regards,


f1bf8f2c-d891-4ecd-b9b7-69d4d33e1126.png

avatar
Marc-André Moreau

Hi,

We have reported this false positive to Bitdefender, we don't know when they'll process it, but at least it is sent. In the meantime, I would recommend adding an exclusion rule.

Best regards,

Marc-André Moreau