ScriptContainedMaliciousContent

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 2 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
info@t4dt.com
Posts: 8
Last visit: Fri Nov 03, 2023 1:39 am

ScriptContainedMaliciousContent

Post by info@t4dt.com »

Hi,

years old and productive gui-projects are blocked by windows defender since today with following error.
My suspicion is that the embedded icons for a warning.

ERROR: Das Skript enthält schädliche Daten und wurde von Ihrer Antivirensoftware blockiert.
ERROR: + CategoryInfo : ParserError: (:) [], ParseException
ERROR: + FullyQualifiedErrorId : ScriptContainedMaliciousContent


Product, version and build: 5.8.195
Operating system: Windows 10
PowerShell version(s): 5.1
User avatar
Alexander Riedel
Posts: 8478
Last visit: Tue Mar 26, 2024 8:52 am
Answers: 19
Been upvoted: 37 times

Re: ScriptContainedMaliciousContent

Post by Alexander Riedel »

Probably a false positive, but we cannot know or check what is on your machine.
Anti-Virus vendors compare byte sequences from infected files to files on your computer. Sometimes these sequences occur in other files without them actually being infected.
This is generally because they use sequences as short as possible to make the scan go faster (less bytes to compare). That can lead to them being too short.

Regardless, the proper thing to do is to submit a file flagged as infected to your anti-virus vendor. They can then determine if it is truly infected or if it is a false positive.
All anti-virus vendors have a mechanism for doing that and they can then update their tables for future versions.
We cannot submit any files, because they would not come from YOUR machine where it detects the problem, so that would be meaningless.
Alexander Riedel
SAPIEN Technologies, Inc.
info@t4dt.com
Posts: 8
Last visit: Fri Nov 03, 2023 1:39 am

Re: ScriptContainedMaliciousContent

Post by info@t4dt.com »

You got me wrong. My exe-Files i created with PS Studio are blocked on any current windows. Even on my local development machine the .run.ps1 Files are blocked, which worked for 8 years.
You may have recognized any changes in the last windows updates regarding your packager and could give me a hint, which of your gui controls tend to be blocked by current OS
info@t4dt.com
Posts: 8
Last visit: Fri Nov 03, 2023 1:39 am

Re: ScriptContainedMaliciousContent

Post by info@t4dt.com »

Found the issue. It always thrown, if you use something like:
Start-Process $path
You now must alway use a static path without variables to get the .run.ps1 File running. Right now it is impossible to get the created exe-File running:
Screenshot 2021-11-22 120049.png
Screenshot 2021-11-22 120049.png (4.81 KiB) Viewed 3432 times
Its not very fun to use ps studio anymore, even if this may not be a sapien fault
User avatar
Alexander Riedel
Posts: 8478
Last visit: Tue Mar 26, 2024 8:52 am
Answers: 19
Been upvoted: 37 times

Re: ScriptContainedMaliciousContent

Post by Alexander Riedel »

You are making quite some assumptions here.
I added the code you indicated to one of my test scripts and none of the anti-virus packages we use complained about it, least of which Windows Security.
You are assuming that something happening in your environment must happen everywhere else. If this were the case you would most likely see a flood of posts on this subject here in this forum.
You also assume that we surely must know what the problem is that exists on your machine so we can tell you some type of remedy. As you state "You may have recognized any changes in the last windows updates regarding your packager ..", you can rest assured if this were the case, we would. But we wouldn't even know what your latest Windows version is, since you did not specify this anywhere.
You also state "which of your gui controls tend to be blocked by current OS". Which is also an assumption or two.
a) These are not 'our' GUI controls. These are Microsoft Windows Forms controls and are part of the Microsoft .NET framework.
b) Any controls in Microsoft Windows Forms are blocked "by current OS". They are not. Otherwise PowerShell Studio itself would not even start along with an assortment of other software.

As for your last error, the CLR 80004005 one, a quick Google search reveals that this is a network access error code. So something in your environment prevents access to network resources.
It is not us, we do not know anything about it and the Microsoft .NET framework is not something we have control over. Nor can we diagnose your network.

We are always happy to help with anything that falls in our purview, but we have no access to your environment. So any information you think we should have you need to provide.
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 2 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.