[BUG]: Sophos Antivirus detects the decryption of a powershell payload as malicious #4934
Open
1 of 4 tasks
Labels
Comments
|
Hi @maf1024, thanks for reporting! We are working on more prioritized issues at the moment, but will get back to this one soon. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened?
The ProtectedData conversion of a base64 payload which happens here is triggering Sophos AV detection as "WIN-EXE-ENR-ML-MALICIOUS-3" due to the execution of obfuscated powershell.
Versions
Agent.Version: 2.210.1
OS Name: Microsoft Windows Server 2022 Standard
Version: 10.0.20348 Build 20348
Environment type (Please select at least one enviroment where you face this issue)
Azure DevOps Server type
Azure DevOps Server (Please specify exact version in the textbox below)
Azure DevOps Server Version (if applicable)
Azure DevOps Server Version 19.205.33122.1
Operation system
Microsoft Windows Server 2019 Standard - Version 10.0.17763 Build 17763
Version controll system
git
Relevant log output
No response
The text was updated successfully, but these errors were encountered: