Win10 host build issue - Powersploit/ART install failed

[2xyo]

• Operating System Version: Debian GNU/Linux 10 (buster)
• Provider (VirtualBox/VMWare): Virtualbox 6.1.4 r136177
• Vagrant Version: 2.2.7
• Packer Version: 1.5.4
• Are you using stock boxes (downloaded) or were they built from scratch using Packer? : from box
• Is the issue reproducible or intermittent? reproducible

Description of the issue:

While building the win10 host, I'm running into the following error message:

$ vagrant logger up dc wef win10
...
$ tail Vagrant/vagrant_up_win10.log 

==> win10: Running provisioner: shell...
    win10: Running: scripts/install-redteam.ps1 as c:\tmp\vagrant-shell.ps1
    win10: [11:07] Installing Red Team Tooling...
    win10: [11:07] Determining latest release of Mimikatz...
    win10: [11:07] Downloading Powersploit...
    win10: powershell.exe : Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10:     + CategoryInfo          : NotSpecified: (Copy-Item : Ope...ins a virus or :String) [], RemoteException
    win10:     + FullyQualifiedErrorId : NativeCommandError
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Find-AVSignature.ps1:FileInfo) [Copy-Item], IOExceptio 
    win10:    n
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-DllInjection.ps1:FileInfo) [Copy-Item], IOExcep 
    win10:    tion
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-ReflectivePEInjection.ps1:FileInfo) [Copy-Item] 
    win10:    , IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-Shellcode.ps1:FileInfo) [Copy-Item], IOExceptio 
    win10:    n
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-WmiCommand.ps1:FileInfo) [Copy-Item], IOExcepti 
    win10:    on
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (index.md:FileInfo) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Get-GPPAutologon.ps1:FileInfo) [Copy-Item], IOExceptio 
    win10:    n
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Get-Keystrokes.ps1:FileInfo) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Get-MicrophoneAudio.ps1:FileInfo) [Copy-Item], IOExcep 
    win10:    tion
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Get-TimedScreenshot.ps1:FileInfo) [Copy-Item], IOExcep 
    win10:    tion
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Get-VaultCredential.ps1:FileInfo) [Copy-Item], IOExcep 
    win10:    tion
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-CredentialInjection.ps1:FileInfo) [Copy-Item],  
    win10:    IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-Mimikatz.ps1:FileInfo) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-NinjaCopy.ps1:FileInfo) [Copy-Item], IOExceptio 
    win10:    n
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-TokenManipulation.ps1:FileInfo) [Copy-Item], IO 
    win10:    Exception
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Out-Minidump.ps1:FileInfo) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (VolumeShadowCopyTools.ps1:FileInfo) [Copy-Item], IOExc 
    win10:    eption
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Mayhem.psm1:FileInfo) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Persistence.psm1:FileInfo) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Invoke-Portscan.ps1:FileInfo) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Out-EncodedCommand.ps1:FileInfo) [Copy-Item], IOExcept 
    win10:    ion
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Out-EncryptedScript.ps1:FileInfo) [Copy-Item], IOExcep 
    win10:    tion
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : WriteError: (Remove-Comment.ps1:FileInfo) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
    win10:    Command
    win10:  
    win10: Copy-Item : Operation did not complete successfully because the file contains a virus or 
    win10: potentially unwanted software.
    win10: At C:\tmp\vagrant-shell.ps1:37 char:3
    win10: +   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
    win10: +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    win10:     + CategoryInfo          : NotSpecified: (:) [Copy-Item], IOException
    win10:     + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.CopyItemCommand
    win10:  
    win10: [11:08] Downloading Atomic Red Team...
    win10: [11:09] Red Team tooling installation complete!
The following WinRM command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

powershell -ExecutionPolicy Bypass -OutputFormat Text -file "c:\tmp\vagrant-shell.ps1"

Stdout from the command:

[11:07] Installing Red Team Tooling...
[11:07] Determining latest release of Mimikatz...
[11:07] Downloading Powersploit...
[11:08] Downloading Atomic Red Team...
[11:09] Red Team tooling installation complete!

Stderr from the command:

powershell.exe : Copy-Item : Operation did not complete successfully because the file contains a virus or 
    + CategoryInfo          : NotSpecified: (Copy-Item : Ope...ins a virus or :String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Find-AVSignature.ps1:FileInfo) [Copy-Item], IOExceptio 
   n
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-DllInjection.ps1:FileInfo) [Copy-Item], IOExcep 
   tion
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-ReflectivePEInjection.ps1:FileInfo) [Copy-Item] 
   , IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-Shellcode.ps1:FileInfo) [Copy-Item], IOExceptio 
   n
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-WmiCommand.ps1:FileInfo) [Copy-Item], IOExcepti 
   on
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (index.md:FileInfo) [Copy-Item], IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Get-GPPAutologon.ps1:FileInfo) [Copy-Item], IOExceptio 
   n
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Get-Keystrokes.ps1:FileInfo) [Copy-Item], IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Get-MicrophoneAudio.ps1:FileInfo) [Copy-Item], IOExcep 
   tion
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Get-TimedScreenshot.ps1:FileInfo) [Copy-Item], IOExcep 
   tion
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Get-VaultCredential.ps1:FileInfo) [Copy-Item], IOExcep 
   tion
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-CredentialInjection.ps1:FileInfo) [Copy-Item],  
   IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-Mimikatz.ps1:FileInfo) [Copy-Item], IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-NinjaCopy.ps1:FileInfo) [Copy-Item], IOExceptio 
   n
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-TokenManipulation.ps1:FileInfo) [Copy-Item], IO 
   Exception
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Out-Minidump.ps1:FileInfo) [Copy-Item], IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (VolumeShadowCopyTools.ps1:FileInfo) [Copy-Item], IOExc 
   eption
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Mayhem.psm1:FileInfo) [Copy-Item], IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Persistence.psm1:FileInfo) [Copy-Item], IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Invoke-Portscan.ps1:FileInfo) [Copy-Item], IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Out-EncodedCommand.ps1:FileInfo) [Copy-Item], IOExcept 
   ion
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Out-EncryptedScript.ps1:FileInfo) [Copy-Item], IOExcep 
   tion
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Remove-Comment.ps1:FileInfo) [Copy-Item], IOException
    + FullyQualifiedErrorId : CopyDirectoryInfoItemIOError,Microsoft.PowerShell.Commands.CopyItem 
   Command

Copy-Item : Operation did not complete successfully because the file contains a virus or 
potentially unwanted software.
At C:\tmp\vagrant-shell.ps1:37 char:3
+   Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\Sys ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Copy-Item], IOException
    + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.CopyItemCommand

Obviously fix: disable Windows defender

Link to Gist Containing Build Logs:

https://gist.github.com/2xyo/298611b1349daac5143ac1ae7ba210b8

[lnxg33k]

Defender realtime is already disabled and path exclusion is also in place https://github.com/cyberdefenders/DetectionLabELK/commit/ec7f2827dbe2f228a0e59a73aa3dfed53dce1c0d, what version of DetectionLabELK are you using ?!

[2xyo]

Defender realtime is already disabled and path exclusion is also in place ec7f282, what version of DetectionLabELK are you using ?!

Latest release on git:

$ git rev-parse --verify HEAD
8a600622a74ae7f71fbd46188106d50aed281703

The build was done with $ vagrant up (so from Vagrant cloud box). I rebuild from scratch with ./build.sh virtualbox and everything is OK now.