Our webroot Secure Anywhere on an HP laptop running Windows 10 22H2 displays a warning message either upon restart or sometimes during normal operation of the laptop. Running a scan turns the icon Green. Here is the information as listed in the scan log. Does anyone have more information about this suspicious script detection and what should be the remediation I should perform to remove this from the laptop?
Suspicious script detected (rt): script file name: <unknown>, c-ref: 1817920AF7D9B8AF25E060E7862F5AFBAA014891701AE63D7D567A27E0E2D7AE, h-ref: 126, h-enabled: yes, h-type: PS/IEXObfuscated.E, h-id: 58c1d409-8750-4bee-96e9-6b4a8ac63c76, s-consulted: yes, s-advice: 3(0)
Wed 2023-05-24 16:21:38.0373 File blocked in realtime: C:\windows\sysnative\WindowsPowerShell\v1.0\powershell.exe [UniqueID: 00000000, MD5: (null), Size: 0 bytes]
Thank you. I submitted a support ticket. Let’s see what support finds as the problem and offers as a solution. I will re-post the solution once it is received and confirmed to resolve the issue.
I would contact support so they can assist. Powershell is built into windows and legitimate, but malware authors will abuse it for malicious behavior. It’s best to have an agent look at logs from your system.
Submit a ticket
Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.