Is There anybody who knows that why using Powershell can avoid being recognized as a malware by Windows Defender? #941
-
|
As is known to all, if the Windows Defender is enabled, when we download the script directly from Github, the script will be recognized as a malware( #933 ).But when using the Powershell to get the script, it can run normally without being detected. So how does it work? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
It creates a unique file on each run, hence Defender isn't able to flag it. |
Beta Was this translation helpful? Give feedback.
-
|
So it is reasonable to infer that Windows Defender detects a malware by recognizing its GUID, instead of analysing the code itself, right? |
Beta Was this translation helpful? Give feedback.
-
|
They often recognize malware by file checksum, and if that changes, it can be evaded. |
Beta Was this translation helpful? Give feedback.
https://get.activated.win/
It creates a unique file on each run, hence Defender isn't able to flag it.