Ash258 / Scoop-Core

Branch: main
Powershell Version: 5.1.19041.1237

Scoop/shovel stops working: This script contains malicious content and has been blocked by your antivirus software.

I've pinpointed it to the Optimize-SecurityProtocol function, when I remove it from the code it works again.

Related ScoopInstaller#4097

Irrelevant. Scoop should be added as exclusion.

Scoop-Core/README.md

Line 45 in 2c43379

1. `scoop checkup`

Scoop-Core/lib/Diagnostic.ps1

Lines 46 to 77 in 2c43379

    
           function Test-DiagWindowsDefender { 
        
               <# 
        
               .SYNOPSIS 
        
                   Test windows defender exclusions. 
        
               #> 
        
               [CmdletBinding()] 
        
               [OutputType([bool])] 
        
               param([Switch] $Global) 
        
               if (Test-IsUnix) { return $true } 
        
               $defender = Get-Service -Name 'WinDefend' -ErrorAction 'SilentlyContinue' 
        
               if ((is_admin) -and ($defender -and $defender.Status) -and ($defender.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running)) { 
        
                   if (Test-CommandAvailable -Command 'Get-MpPreference') { 
        
                       $installPath = if ($Global) { $SCOOP_GLOBAL_ROOT_DIRECTORY } else { $SCOOP_ROOT_DIRECTORY } 
        
                       $exclusionPath = (Get-MpPreference).ExclusionPath 
        
                       if ($exclusionPath -notcontains $installPath) { 
        
                           Write-UserMessage -Message 'Windows Defender may slow down or disrupt installs with realtime scanning.' -Warning 
        
                           Write-UserMessage -Message @( 
        
                               '  Fixable with running following command in elevated prompt:' 
        
                               "    Add-MpPreference -ExclusionPath '$installPath'" 
        
                           ) 
        
                           return $false 
        
                       } 
        
                   } 
        
               } 
        
               return $true 
        
           }

	function Test-DiagWindowsDefender {
	<#
	.SYNOPSIS
	Test windows defender exclusions.
	#>
	[CmdletBinding()]
	[OutputType([bool])]
	param([Switch] $Global)

	if (Test-IsUnix) { return $true }

	$defender = Get-Service -Name 'WinDefend' -ErrorAction 'SilentlyContinue'
	if ((is_admin) -and ($defender -and $defender.Status) -and ($defender.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running)) {
	if (Test-CommandAvailable -Command 'Get-MpPreference') {
	$installPath = if ($Global) { $SCOOP_GLOBAL_ROOT_DIRECTORY } else { $SCOOP_ROOT_DIRECTORY }
	$exclusionPath = (Get-MpPreference).ExclusionPath

	if ($exclusionPath -notcontains $installPath) {
	Write-UserMessage -Message 'Windows Defender may slow down or disrupt installs with realtime scanning.' -Warning

	Write-UserMessage -Message @(
	' Fixable with running following command in elevated prompt:'
	" Add-MpPreference -ExclusionPath '$installPath'"
	)

	return $false
	}
	}
	}

	return $true
	}

Microsoft Defender detects `VirTool:PowerShell/PoshC2.gen!E`- in lib/core.ps1