New-PASSession being quanrined by Windows Defender

[jbalcorn]

Describe the issue Defender identifying New-PASSession as Trojan:Powershell/Mountsi.A!ml as of 10/2/2020

To Reproduce Attempt to run on Windows 10 with updated Windows Defender Anti-Virus

Expected behavior Not eb identified as a virus

Screenshots & Console Output

Your Environment Windows 10 1809

• PowerShell Version:
• psPAS Version: 4.4.71

[pspete]

Hi @jbalcorn - It is not possible to reproduce what you report; Windows Defender reports no findings.

• The psPAS code is fully transparent:
  • Complete update history for New-PASSession:
  • https://github.com/pspete/psPAS/blame/master/psPAS/Functions/Authentication/New-PASSession.ps1
  • https://github.com/pspete/psPAS/commits/master/psPAS/Functions/Authentication/New-PASSession.ps1
  • Virus Total analysis of New-PASSession from psPAS 4.4.71:
    • https://www.virustotal.com/gui/file/6d89e2a8a4f9879fd71d2a6e5647fd61722736b77657846f4eec6b52fd648b10/detection

Confirmation of file hash of file analysed by VirusTotal against the hash of New-PASSession from psPAS 4.4.71.

Get-FileHash "C:\Temp\psPAS-v4.4.71\4.4.71\Functions\Authentication\New-PASSession.ps1" | fl

Algorithm : SHA256
Hash      : 6D89E2A8A4F9879FD71D2A6E5647FD61722736B77657846F4EEC6B52FD648B10
Path      : C:\Temp\psPAS-v4.4.71\4.4.71\Functions\Authentication\New-PASSession.ps1

[jbalcorn]

We got a Signature update and it was no longer being quarantined. -- Justin B. Alcorn The views expressed are not necessarily my own, much less anyone else's PGP Fingerprint CCEB F776 C3FD 1050 C8DB 532E B8B9 BED7 7764 406C

On Sat, Oct 3, 2020 at 11:01 AM Pete Maan notifications@github.com wrote:

Hi @jbalcorn https://github.com/jbalcorn - It is not possible to reproduce what you report; Windows Defender reports no findings.

• The psPAS code is fully transparent:

  • Complete update history for New-PASSession:

    https://github.com/pspete/psPAS/blame/master/psPAS/Functions/Authentication/New-PASSession.ps1

    https://github.com/pspete/psPAS/commits/master/psPAS/Functions/Authentication/New-PASSession.ps1

  • Virus Total analysis of New-PASSession from psPAS 4.4.71:

    https://www.virustotal.com/gui/file/6d89e2a8a4f9879fd71d2a6e5647fd61722736b77657846f4eec6b52fd648b10/detection

Confirmation of file hash of file analysed by VirusTotal against the hash of New-PASSession from psPAS 4.4.71.

Get-FileHash "C:\Temp\psPAS-v4.4.71\4.4.71\Functions\Authentication\New-PASSession.ps1" | fl

Algorithm : SHA256 Hash : 6D89E2A8A4F9879FD71D2A6E5647FD61722736B77657846F4EEC6B52FD648B10 Path : C:\Temp\psPAS-v4.4.71\4.4.71\Functions\Authentication\New-PASSession.ps1

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/pspete/psPAS/issues/315#issuecomment-703116949, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABXEEZHCL4HQAZBFJUPGQGDSI44EHANCNFSM4SCI4RDA .

[pspete]

Good to know 👍