Create-Policies script triggers SentinelOne for Malware

[mobilemcclintic]

Running Create-Policies.ps1 triggers SentinelOne as malicious. Powershell is terminated and Accesschk.exe is quarantined.

Alert Name: Shadow copy Deletion detected Severity: High Notable Events and MITRE ATT&K ID's (appears to be in reverse order): Deletes shadow copy Impact (T1490) Identified attempt to access a raw volume Discovery (T1082) User logged on Persistence (T1078) X4 Obfuscated PowerShell command executed from an LNK file was detected Defense Evasion (T1027) X3 An obfuscated PowerShell command was detected Defense Evasion (T1027) X3 Powershell execution policy was changed Execution (T1059.001) Process started from shortcut file Execution (T1204) Indirect command was executed Defense Evasion (T1218) X2