winutil icon indicating copy to clipboard operation
winutil copied to clipboard
verified publisher icon ChrisTitusTech

Bitdefender Blocking the script running through Powershell

Open Temoi89 opened this issue 1 year ago • 9 comments

powershell_DFgvAYgN7r

Temoi89 avatar Jul 22 '24 17:07 Temoi89

In the notification area it says: Trojan.GenericKD.73614837 detected

nowrap avatar Jul 24 '24 08:07 nowrap

@Temoi89 @nowrap This happens because the script is not signed from Microsoft so any antivirus detects it as Malware but it's not so to fix this you need to turn off your antivirus and then run the script.

btw it's not signed because the prices for signing a powershell script are too high per year here's the source: https://shop.certum.eu/data-security/code-signing-certificates/certum-ev-code-sigining.html

YusufKhalifadev avatar Jul 24 '24 14:07 YusufKhalifadev

Will the executable run in the admin mode then. Hope that's signed. Thanks a lot anyway, for the response. Meanwhile, I'll try contacting Bitdefender to mark it as a false positive.

On Wed, Jul 24, 2024, 7:40 PM YusufKhalifadev @.***> wrote:

@Temoi89 https://github.com/Temoi89 @nowrap https://github.com/nowrap This happens because the script is not signed from Microsoft so any antivirus detects it as Malware but it's not so to fix this you need to turn off your antivirus and then run the script.

btw it's not signed because the prices for signing a powershell script are too high per year here's the source: https://shop.certum.eu/data-security/code-signing-certificates/certum-ev-code-sigining.html

— Reply to this email directly, view it on GitHub https://github.com/ChrisTitusTech/winutil/issues/2433#issuecomment-2248074608, or unsubscribe https://github.com/notifications/unsubscribe-auth/BKBI2TFQ4UQPSMR2QQCKYYDZN6YWPAVCNFSM6AAAAABLIYFU26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBYGA3TINRQHA . You are receiving this because you were mentioned.Message ID: @.***>

Temoi89 avatar Jul 24 '24 16:07 Temoi89

I have the same issues with Bitdefender! I have to turn if off to use.

FatBastard0 avatar Jul 25 '24 02:07 FatBastard0

This issue was marked as stale because it has been inactive for 7 days

github-actions[bot] avatar Aug 02 '24 00:08 github-actions[bot]

This seems related to #2484 (See my comment as I'm also using the shortcut from the autounattend.xml install), but it seems the issue is that you're running an undocumented command as it's supposed to be irm https://christitus.com/win | iex (not iwr). When I run your command, I also get an error, but again, this is the wrong command (see the README).

The difference is that Invoke-RestMethod "Sends an HTTP or HTTPS request to a RESTful web service" (correct), whereas Invoke-WebRequest "Gets content from a web page on the internet" and the endpoint https://christitus.com/win is not a webpage, but rather serves up the .ps1 script file directly.

In other words, "you're doing it wrong." 😁

Chiramisudo avatar Aug 08 '24 19:08 Chiramisudo

This issue was marked as stale because it has been inactive for 7 days

github-actions[bot] avatar Aug 17 '24 00:08 github-actions[bot]

Well thank you for telling me I was doing wrong like talk about customers service now what time you do it right I would like to thank you in advance for any assistance that you can provide in this matter. Please feel free to contact me at the below listed address, Telephone and/or email.

Richard K. L'Italien Disable Veteran of the US Army The Fat Bastard 5637 Monte Corita Circle Citrus Heights California 95621 (916) 915-3883 http://voice.google.com/calls?a=nc,%2B19169153883 http://voice.google.com/calls?a=nc,%2B19169153883 Voice (916) 943 4967 http://voice.google.com/calls?a=nc,%2B19169434967 http://voice.google.com/calls?a=nc,%2B19167453437

This communication (including any attachments) may contain privileged or confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this communication and/or shred the materials and any attachments and are hereby notified that any disclosure, copying, or distribution of this communication, or the taking of any action based on it, is strictly prohibited.

Thank you.

On Fri, Aug 16, 2024 at 5:11 PM github-actions[bot] < @.***> wrote:

This issue was marked as stale because it has been inactive for 7 days

— Reply to this email directly, view it on GitHub https://github.com/ChrisTitusTech/winutil/issues/2433#issuecomment-2294471690, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJPGEYFSIZT5PBX7KIRSNHDZR2IKBAVCNFSM6AAAAABLIYFU26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOJUGQ3TCNRZGA . You are receiving this because you commented.Message ID: @.***>

FatBastard0 avatar Aug 17 '24 01:08 FatBastard0

This issue was marked as stale because it has been inactive for 7 days

github-actions[bot] avatar Aug 25 '24 00:08 github-actions[bot]

Nothing else to do at the moment /close

Marterich avatar Sep 25 '24 11:09 Marterich