scoop windows install in being block by antivirus
PS C:\Users\Narsi Nallamilli> Get-Host | Select-Object Version
Version
-------
5.1.18362.752
PS C:\Users\Narsi Nallamilli> iwr -useb get.scoop.sh | iex
iex : At line:1 char:1
+ #Requires -Version 5
+ ~~~~~~~~~~~~~~~~~~~~
This script contains malicious content and has been blocked by your antivirus software.
At line:1 char:26
+ iwr -useb get.scoop.sh | iex
+ ~~~
+ CategoryInfo : ParserError: (:) [Invoke-Expression], ParseException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand
narsinallamilli
All 8 comments
Having same issue here, but with PowerShell 7.0.3 as suggested in the Wiki, please advise:
Microsoft Windows [Version 10.0.19041.450]
(c) 2020 Microsoft Corporation. All rights reserved.
C:\Users\ckwwi>pwsh PowerShell 7.0.3 Copyright (c) Microsoft Corporation. All rights reserved.
https://aka.ms/powershell
Type 'help' to get help.
PS C:\Users\ckwwi> Set-ExecutionPolicy RemoteSigned -scope CurrentUser
PS C:\Users\ckwwi> Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh')
ParserError:
Line |
1 | Invoke-Expression (New-Object System.Net.WebClient).DownloadString('h …
| ~~~~~~~~~~~~~~~~~
| This script contains malicious content and has been blocked by your antivirus software.
PS C:\Users\ckwwi> iwr -useb get.scoop.sh | iex
Invoke-Expression:
Line |
1 | iwr -useb get.scoop.sh | iex
| ~~~
| This script contains malicious content and has been blocked by your antivirus software.
chrisbigboulder
on 27 Aug 2020
You may be able to disable Windows Defender temporarily while installing Scoop.
Calinou
on 28 Aug 2020
Yes, but since scoop is designed to work perfectly without admin rights, you can’t have disable Windows Defender as an install step. Is Defender reporting what malware it thinks scoop is?
jedieaston
on 28 Aug 2020
Is Defender reporting what malware it thinks scoop is?
Yes, it's very likely to be Windows Defender (or SmartScreen maybe) unless you have a third-party antivirus installed.
Calinou
on 28 Aug 2020
@Calinou @jedieaston You both nailed it, thank you! I have Mcafee LiveSafe installed with Windows Defender set to "These settings are managed by vendor application McAfee Personal Firewall" and my error was recorded with McAfee LiveSafe firewall and Real-Time Scanning turned off. Opening up Windows Defender advanced settings I found that the Defender firewall was indeed still turned on. I thought that McAfee disabled Windows Defender Firewall to run its own firewall, but both were actually on and Defender was blocking the install as malware. I ran install again after disabling both with success:
PowerShell 7.0.3
Copyright (c) Microsoft Corporation. All rights reserved.
https://aka.ms/powershell
Type 'help' to get help.
PS C:\Users\ckwwi> Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh')
Initializing...
Downloading scoop...
Extracting...
Creating shim...
Downloading main bucket...
Extracting...
Adding ~\scoop\shims to your path.
'lastupdate' has been set to '2020-08-28T11:03:55.4318437-06:00'
Scoop was installed successfully!
Type 'scoop help' for instructions.
@narsinallamilli You'll most likely need to install Windows Powershell Version 7.x.x to eliminate this install error as noted in the wiki here: https://github.com/lukesampson/scoop/wiki/Antivirus-false-positive
One you have Powershell 7 installed you need to make sure that you install Scoop using Powershell 7 instead of 5.1. Powershell 7 installs alongside 5.1, so both can be run from windows and are stored as separate programs. You can either open a specific instance of Powershell 7 to execute the install, or you can execute it from Command Prompt. Note that command "powershell" from Command Prompt executes v5.1, so use the "pwsh" command to execute v7.x.x, then install Scoop as documented in the tutorial.
chrisbigboulder
on 28 Aug 2020
@chrisbigboulder @jedieaston @Calinou
I’m deeply grateful! You helped me a lot. I spent a long time trying to install Chocolatey and the problem was the Windows Defender with Mcafee LiveSafe.
luanjesus
on 2 Jan 2021
not worked in my laptop, i disabled both antivirus, but still same msg showing
kunalkishoresharma
on 13 Jan 2021
Hi, I tried to install scoop on PC with McAfee with following error:
User ran C:\Program Files\WindowsApps\Microsoft.PowerShell_7.1.0.0_x64__8wekyb3d8bbwe\pwsh.exe. The Trojan named AMSI-FHR!AACF0989324C was detected but wasn't blocked because AMSI was set to Observe mode.
Analyzer / Detector
Analyzer content creation date 13.1.2021 10:17 AM
Product name McAfee Endpoint Security
Product version 10.6.1
Task name AMSIScan
Feature name AMSI
Threat
Action taken Would Block
Threat category Malware detected
Threat event ID 34937
Threat handled No
Threat name AMSI-FHR!AACF0989324C
Threat severity Critical
Threat timestamp 14.1.2021 4:23 PM
Threat type Trojan
Source
Source description "C:\Program Files\WindowsApps\Microsoft.PowerShell_7.1.0.0_x64__8wekyb3d8bbwe\pwsh.exe"
Source hostName --redacted--
Source process name C:\Program Files\WindowsApps\Microsoft.PowerShell_7.1.0.0_x64__8wekyb3d8bbwe\pwsh.exe
Target
Target hash --redacted--
Target host name --redacted--
Target user name User
Other
Vector type Local System
Cleanable Yes
Detection message McAfee Endpoint Security detected a threat.
Duration before detection (days) 0
Description User ran C:\Program Files\WindowsApps\Microsoft.PowerShell_7.1.0.0_x64__8wekyb3d8bbwe\pwsh.exe. The Trojan named AMSI-FHR!AACF0989324C was detected but wasn't blocked because AMSI was set to Observe mode.
First action status Succeeded
First attempted action Would Block
Scoops unpacks and seems to work (at least scoop help works), but paths are not (env. PATH) set and quick app search from start menu does not see applications.
Powershell 7.10 was installed from MS Store.
Unfortunately, I don't have full control over this PC and cannot create antivirus exception or anything similar.
diggit
on 14 Jan 2021
Related issues
vpratfr
·
3Comments
yetangye
·
3Comments
quantuumsnot
·
3Comments
mpro7
·
3Comments
bernstein82
·
3Comments
Most helpful comment
@Calinou @jedieaston You both nailed it, thank you! I have Mcafee LiveSafe installed with Windows Defender set to "These settings are managed by vendor application McAfee Personal Firewall" and my error was recorded with McAfee LiveSafe firewall and Real-Time Scanning turned off. Opening up Windows Defender advanced settings I found that the Defender firewall was indeed still turned on. I thought that McAfee disabled Windows Defender Firewall to run its own firewall, but both were actually on and Defender was blocking the install as malware. I ran install again after disabling both with success:
PowerShell 7.0.3
Copyright (c) Microsoft Corporation. All rights reserved.
https://aka.ms/powershell
Type 'help' to get help.
PS C:\Users\ckwwi> Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh')
Initializing...
Downloading scoop...
Extracting...
Creating shim...
Downloading main bucket...
Extracting...
Adding ~\scoop\shims to your path.
'lastupdate' has been set to '2020-08-28T11:03:55.4318437-06:00'
Scoop was installed successfully!
Type 'scoop help' for instructions.
@narsinallamilli You'll most likely need to install Windows Powershell Version 7.x.x to eliminate this install error as noted in the wiki here: https://github.com/lukesampson/scoop/wiki/Antivirus-false-positive
One you have Powershell 7 installed you need to make sure that you install Scoop using Powershell 7 instead of 5.1. Powershell 7 installs alongside 5.1, so both can be run from windows and are stored as separate programs. You can either open a specific instance of Powershell 7 to execute the install, or you can execute it from Command Prompt. Note that command "powershell" from Command Prompt executes v5.1, so use the "pwsh" command to execute v7.x.x, then install Scoop as documented in the tutorial.