BitDefender Blocks Sharphound

[snoski3]

When I try to download the sharphound exe, my companies BitDefender scanner removes it. I downloaded and ran the ps1 script and BitDefender blocked that as well.

[jesseflorig]

Unfortunately, this doesnt seem to be a valid issue and should be closed.

[andyrobbins]

Hey @snoski3, yup unfortunately SharpHound has been classified as malicious by several AV vendors. This is an unfortunate consequence of BloodHound being a penetration testing/red teaming tool. If you are using BloodHound for offensive purposes (e.g. as part of a penetration test or red team exercise), you'll have to find a way to bypass BitDefender or any other A/V that may flag it. The easiest method I can think of is using the PS1 and running it only in memory, which is very easy with tools like Cobalt Strike.

@jesseflorig Thanks for commenting, but this is a valid question, as our users are primarily penetration testers and red teamers, who have to deal with the A/V and EDR arms race.

[jesseflorig]

@andyrobbins whoops, my bad. I misunderstood the issue and thought this was more about getting it to run on a corporate network without permission/authorization.