itm4n
commented
2 years ago Hello and thank you for letting me know. :)
I can reproduce the issue on my own machine. Funny enough though, only the ZIP file seems to trigger the alert. If I copy the extracted folder into a location that is monitored by Defender, nothing happens.
Anyway, with this project, I was expecting people to download only the final PrivescCheck.ps1 file, which is specially built (thanks to the Build.ps1 script) to partially evade AV and EDR.
So, in the end, I don't see what I can do more. I mean, most offensive security tools tend to be detected by AV and EDR so this kind of behavior is to be expected I guess. If people don't download it because they actually think it's a virus/trojan or whatever, I don't really care. The code is completely open source so they can make their own opinion about it without trusting my word if I say 'don't worry, it's safe'. ;)
RotaN8
Hello,
I have tried to download the tool but Windows Defender removes it because it says it contains a virus (Trojan). I think it is because in the Build.ps1 file there are Links to the original repository and, as it was called, PowerSploit detects that word as malicious and therefore the entire tool is quarantined (even if you download it as ZIP)
I want to think that the tool is safe. More than anything, I'm warning you in case you didn't know that this was happening, since maybe many people don't download it because of that link that Windows Defender sees as a threat.
PD: I'm sorry that the photo is in Spanish, but I think it is understood 😃
Thanks!