Why am I getting repeated alerts from Deepguard about Powershell?

This discussion has a more recent version.

Issue:

Every day at the same time I get an alert from Deepguard that it has blocked Powershell.exe

Resolution:

The most likely scenario is that a piece of malware or potentially unwanted application has created a scheduled task in the Windows task scheduler. This task is ordered to run the Powershell application, which is a part of Windows, with a set of instructions that Deepguard is recognizing as malicious or questionable.

Collect an fsdiag-file from the affected computer following these instructions and then contact support with a description of the situation. They will need to analyze the fsdiag-file to suggest further instructions.

Article no: 000005016

Sign In or Register to comment.