0

I have a windows batch script that, depending on the user menu selection, opens a powershell.exe and passing a variable to run a .ps1 script. I then use Bat To Exe Converted (v3.0.10) to convert it to an exe. A few hours ago I made changes to the PS script and copied it to the Win'2019 server and it accepted it. Now, I just changed two letters in a write-host message command and it keeps quarantining the file. Since this will be passed to customers I can't be telling them to ignore it or white list it.

I'm guessing the .bat and .ps1 files are throwing Windows Defender off. Funny how it was fine just a few hrs ago. Even if I undo the 2 letters I added it still deleting the exe.

The .bat is quite big and it'd be very difficult for me to convert and add inside the .ps1 script in hope of not setting off the trojan. What other options do I have to fix this? Is there a process or url to notify MS about this to get them to fix this false positive?

NOTE: No other Windows version or 3rd party antivirus that I've tried is detecting the exe infected. Only Win'2019's Defender is.

yorkman
  • 119
  • 2
  • 16
  • It's possible that it;s a false positive that MS will fix, but if not you either add it to the Defender exclusions on the machines that run it or find another way to do it. – Scepticalist Feb 07 '20 at 20:37
  • How do we reproduce this issue? Have you contacted MS about a possible problem with a false positive in their detection code? Without seeing your source, it's pretty difficult to explain what might be causing the problem. – Ken White Feb 07 '20 at 21:57

2 Answers2

0

It looks like MS has fixed the false-positive with my code. I came in to work this morning and tried to copy the exe again and this time it worked. I didn't even contact MS (we don't have a support contract anyway).

Btw the exe consisted of a bat and ps1 script that just downloads some public install files (such as 7zip) from an https address, saves them and when running the exe the user would just get a menu of which of the downloaded programs they want to install.

yorkman
  • 119
  • 2
  • 16
0

The issue can be reproduced creating a simple new console application (Language : C++) with Visual Studio 2019 (Community Edition) and then just run program: Ctrl + F5. The solution that worked for me, to run the program, was to add the folder as an exclusion in Windows Defender Antivirus. I couldn't find any solution on other threads

user3752527
  • 1
  • 1