script is being blocked by windows antivirus

[ziadrrr]

Describe the bug

A clear and concise description of what the bug is.

To Reproduce

Steps to reproduce the behavior: simply tried to run the script from both the shortcut and command in github

Expected behavior

A clear and concise description of what you expected to happen. the utility would run

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here. i can't restore it the AV simply blocked it with no way to restore it

[JustHereForUpdates]

I actually managed to execute the script despite also encountering this error. You just need to be quick enough to allow this false positive Trojan on your device. After that, I was able to load the script without any issues. However, I didn't activate or change anything, but it should work as intended. You could do it the same way I did until the error is fixed. 👍

[IgorKerstges]

I just encountered same problem. I opened 'virus & threat protection' (this is windows defender) and then 'Virus & tread protection settings' --> 'Manage settings'. In the new page, at the bottom of the page: in section 'Exclusions' I chose 'Add or remove exclusions'. There I added exclusion for 'File type' and entered 'irm'. After saving this change, I can now open the Winutil again. I did not need a reboot.

Not sure if my action makes sense, but it seems to help me out.. If this indeed is a confirmed solution, then maybe Chris can add an option to the Winutil where this exclusion can be set by a powershell script.

[NotYourAverageGamer]

Interesting... I've run WinUtil on fresh installs on both Win10 Pro & Win11 Pro (admittedly, with modified iso's) in the last 12hrs and have not encountered this.

I'm not sure, but; Is it possible this is something to do with Set-ExecutionPolicy? LINK You can run Get-ExecutionPolicy from powershell to check what yours is currently set to. (I use RemoteSigned on most of my PC's FWIW)

Also found many reports of McAfee causing this error with other utils, do you have any of their software installed? (i do see you've mentioned defender, but it doesn't hurt to ask :P )

It looks (to me) like it doesn't like something about iex/Invoke-Expression (?)

If all else fails, Igor's comment should be a viable workaround in the meantime.

[tsoruu]

Yeah, It seems that it's fixed already as I've tried it just now. I've encountered this error and commented on YouTube on Chris's updated winutil video around 2. p.m. UTC about this, which is think someone has deleted the comment. It makes me wonder and concern whether the warning is true or not...

[github-actions[bot]]

This issue was marked as stale because it has been inactive for 7 days

[Chiramisu]

I ran this using the LAUNCH-CTT-WINUTIL.lnk shortcut created by a clean Windows Install using the autounattend.xml from @memstechtips, which just executes the same command as this repo documents; i.e. powershell.exe -NoProfile -ExecutionPolicy Bypass -Command 'irm https://christitus.com/win | iex'.

The odd thing is that when I copy that .lnk file to a thumbdrive and plug it into other Windows machines, Windows Security eats it, but when I download the winutil.ps1 file that the shortcut points to directly from https://christitus.com/win, and scan that, it finds nothing. Same, when I execute the command directly from PowerShell; no warning, just runs. Strange false positive.

[github-actions[bot]]

This issue was marked as stale because it has been inactive for 7 days

[github-actions[bot]]

This issue was closed because it has been inactive for 7 days since it was marked as stale