Closed oliverlabs closed 1 year ago
As a workaround you can add an exclusion in Windows Security for that specific file, though that does potentially weaken the security of your Windows device.
Not that it helps, but this appears to be a botched Defender definition that went out. It appears to affect all sorts of things, like this issue as well as deleting all app shortcuts in the task bar. Here's a thread about it on Reddit.
https://www.reddit.com/r/sysadmin/comments/10ar1vb/multiple_users_reporting_microsoft_apps_have/
And here's an acknowledgement from the M365 folks.
https://twitter.com/MSFT365Status/status/1613871552256155649
I was just able to fix this on my system. Defender completely deletes that ConsoleMode.ps1 file no matter where it is created, including during reinstall, which made things a challenge. Here are the steps I needed to get back to working again.
C:\Users\{username}\Documents\PowerShell\Modules\posh-git\1.1.0\
C:\Users\{username}\AppData\Local\Temp\
.PowerShellGet\Install-Module posh-git -Scope CurrentUser -Force
Thanks, Adam, @patridge. This worked for me. For those who don't know how to add an exclusion, use the following command:
Add-MpPreference -AttackSurfaceReductionOnlyExclusions "[PATH]"
Ooh...I wonder if that would allow you to preemptively add non-existent files that you plan to have exist soon. That would prevent needing to add exemptions that are more broad than strictly necessary.
Oddly, adding via that system doesn't appear to surface them in the Exclusions page of the Security section of the Windows Settings app. I wonder where those get stored.
Yes, it would. You can add both files and folders to the exception.
System Details
Issue Description
I am experiencing a problem with... ConsoleMode.ps1 is being blocked by Windows Action Guard.