[Question] Usage of _(_)ps File in C:\Users\username\AppData\Local\Temp

[WorldTeacher]

Hello,

I've been using ueli for some time now at my workplace. Today, I got a call from our IT-department regarding the installed software, ueli. It turns out that our antivirus software has detected ueli creating a bunch of web calls and creating and executing a psscriptpolicytest{random_string}.ps1 file every five-ish minutes in the Temp folder. Our antivirus software classifies this as "level 20 deep threat" and as a Malware. I (and our IT-department) just wanted to know what the script is doing and if the periodical execution is necessary. EDIT: executed command and correct filename the exact command executed seems to be: powershell.exe -NoProfile -ExecutionPolicy Bypass -NoLogo -NoExit -Command -

I took a quick search and found a mention of ExecutionPolicy in this function here: https://github.com/oliverschwendener/ueli/blob/af8fa9075dad411433e806060227d95a42123cf0/src/main/plugins/application-search-plugin/windows-app-icon-generator.ts#L39-L45

Kind regards, WorldTeacher

[kristus123]

it might be calling to fetch favicons ? Just a guess based on nothing

[kristus123]

did they say what urls were called ?

[oliverschwendener]

As the filename (windows-app-icon-generator.ts) indicates, this Powershell script is used to generate the app icons on Windows for search results. If you turn off the application search plugin in the settings this Powershell command should not be executed.

[WorldTeacher]

Hey,

thanks for the reply. I'll notify our IT department and let them decide whether I'm allowed to reinstall ueli.

I have a small question though: is it neccessary to generate these icons every 5 minutes?

[oliverschwendener]

You can turn off the automatic rescan in the settings, then the icons are only generated on application start.

[WorldTeacher]

thanks for letting me know, I'll add that to the notification ^^