ismayilov-ismayil
commented
3 months ago Hi @maf1024, thanks for reporting! We are working on more prioritized issues at the moment, but will get back to this one soon.
Open maf1024 opened 3 months ago
ismayilov-ismayil
commented
3 months ago Hi @maf1024, thanks for reporting! We are working on more prioritized issues at the moment, but will get back to this one soon.
What happened?
The ProtectedData conversion of a base64 payload which happens here is triggering Sophos AV detection as "WIN-EXE-ENR-ML-MALICIOUS-3" due to the execution of obfuscated powershell.
Versions
Agent.Version: 2.210.1
OS Name: Microsoft Windows Server 2022 Standard Version: 10.0.20348 Build 20348
Environment type (Please select at least one enviroment where you face this issue)
Azure DevOps Server type
Azure DevOps Server (Please specify exact version in the textbox below)
Azure DevOps Server Version (if applicable)
Azure DevOps Server Version 19.205.33122.1
Operation system
Microsoft Windows Server 2019 Standard - Version 10.0.17763 Build 17763
Version controll system
git
Relevant log output
No response