Possible False Positive Detection

[J-SoG-YK]

Bitdefender Internet Security 26.0.34.145 is installed on the PC I intend to use Syncthing. During the installation process, BitDefender through up a notification. The full text:

Malicious command line detected 2 hours ago

Feature: Antivirus

The app C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe was passed a malicious command line and has been blocked. Your device is now safe.

Command line: "C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoProfile -NonInteractive -EncodedCommand ZgB1AG4AYwB0AGkAbwBuACAARABpAHMAYQBiAGwAZQAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5AHsAKAAkAGMAPQAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQALgBHAGUAdABUAHkAcABlACgAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAXwBjAG8AbgB0AGUAeAB0ACIALAAiAE4AbwBuAFAAdQBiAGwAaQBjACwASQBuAHMAdABhAG4AYwBlACIAKQAuAEcAZQB0AFYAYQBsAHUAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAApACkALgBHAGUAdABUAHkAcABlACgAKQAuAEcAZQB0AEYAaQBlAGwAZAAoACIAXwBhAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuAE0AYQBuAGEAZwBlAHIAIgAsACIATgBvAG4AUAB1AGIAbABpAGMALABJAG4AcwB0AGEAbgBjAGUAIgApAC4AUwBlAHQAVgBhAGwAdQBlACgAJABjACwAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAHUAdABoAG8AcgBpAHoAYQB0AGkAbwBuAE0AYQBuAGEAZwBlAHIAIAAiAE0AaQBjAHIAbwBzAG8AZgB0AC4AUABvAHcAZQByAFMAaABlAGwAbAAiACkAKQB9ADsARABpAHMAYQBiAGwAZQAtAEUAeABlAGMAdQB0AGkAbwBuAFAAbwBsAGkAYwB5ADsAJgAgACcAQwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAFMAeQBuAGMAdABoAGkAbgBnAFwASQBuAHMAdABhAGwAbAAtAFMAeQBuAGMAdABoAGkAbgBnAFMAZQByAHYAaQBjAGUALgBwAHMAMQAnACAALQBJAG4AcwB0AGEAbABsACAALQBTAGUAcgB2AGkAYwBlAEEAYwBjAG8AdQBuAHQAVQBzAGUAcgBOAGEAbQBlACAAIgBTAHkAbgBjAHQAaABpAG4AZwBTAGUAcgB2AGkAYwBlAEEAYwBjAHQAIgAgAC0AUwBlAHIAdgBpAGMAZQBBAGMAYwBvAHUAbgB0AEQAZQBzAGMAcgBpAHAAdABpAG8AbgAgACIAUwB5AG4AYwB0AGgAaQBuAGcAIABzAGUAcgB2AGkAYwBlACAAYQBjAGMAbwB1AG4AdAAiACAALQBTAGUAcgB2AGkAYwBlAE4AYQBtAGUAIAAiAHMAeQBuAGMAdABoAGkAbgBnACIAIAAtAFMAZQByAHYAaQBjAGUARABpAHMAcABsAGEAeQBOAGEAbQBlACAAIgBTAHkAbgBjAHQAaABpAG4AZwAgAFMAZQByAHYAaQBjAGUAIgAgAC0AUwBlAHIAdgBpAGMAZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AIAAiAFMAeQBuAGMAdABoAGkAbgBnACAAcwBlAGMAdQByAGUAbAB5ACAAcwB5AG4AYwBoAHIAbwBuAGkAegBlAHMAIABmAGkAbABlAHMAIABiAGUAdAB3AGUAZQBuACAAdAB3AG8AIABvAHIAIABtAG8AcgBlACAAYwBvAG0AcAB1AHQAZQByAHMAIABpAG4AIAByAGUAYQBsACAAdABpAG0AZQAuACIAIAAtAFMAZQByAHYAaQBjAGUAUwB0AGEAcgB0AHUAcABUAHkAcABlACAAUwBFAFIAVgBJAEMARQBfAEQARQBMAEEAWQBFAEQAXwBBAFUAVABPAF8AUwBUAEEAUgBUACAALQBTAGUAcgB2AGkAYwBlAFMAaAB1AHQAZABvAHcAbgBUAGkAbQBlAG8AdQB0ACAAMQAwADAAMAAwADsAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUA

I don't know what specifically triggered this, but it prevented the Syncthing installer from installing the Windows service. But I suspect it's either the use of a path that intimates the use of a deprecated PowerShell (PSVersion 5.1.19041.2673 executed) or more likely the switches used or the presence of Base64 encoded data. I have submitted a false positive report to BitDefender, however, I'm mentioning it here to inform you of the issue. Perhaps you have a means to rectify this on your end.

[Bill-Stewart]

You are correct that this is a false-positive detection. There's nothing for me to do on my end.