Author Topic: Application trying to execute powershell  (Read 137 times)

Offline radarradar

  • Newbie
  • *
  • Posts: 18
Application trying to execute powershell
« on: August 13, 2022, 02:06:14 PM »
Hello
I have PureVPN and when im using the Wireguard protocol i get message from firewall:
C:\Program Files (x86)\GZ Systems\Atom\AtomService\Atom.SDK.WindowsService.exe trying to create process C:\ProgramData\Comodo\Cis\tempscrpt\C_powershell.exe_C252EC87FD9C1FFCE5A7A04162C217C80DD1F96F.ps1
Is this normal?
The reason im worried is because i have someone hacking my router(s) several times over the past year and i dont know what to do about it. I have switched router several times and format pc but they always come back.
I asked the PureVPN support but they dont have a clue.
Update: Now the firewall message popped again and immediately i lost connection to the vpn. And i cant connect again.
« Last Edit: August 13, 2022, 02:32:08 PM by radarradar »

Offline C.O.M.O.D.O RT

  • Comodo Staff
  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 917
Re: Application trying to execute powershell
« Reply #1 on: August 15, 2022, 05:36:08 AM »
Hi radarradar,

Thank you for reporting.
Quote
I have PureVPN and when im using the Wireguard protocol i get message from firewall:
C:\Program Files (x86)\GZ Systems\Atom\AtomService\Atom.SDK.WindowsService.exe trying to create process
Could you please share us the SHA1 value of this file ?
Quote
C:\ProgramData\Comodo\Cis\tempscrpt\C_powershell.exe_C252EC87FD9C1FFCE5A7A04162C217C80DD1F96F.ps1
Is this normal?
We are aware of this and already brought this to the team notice.
For time being you can just disable embedded-code detection for powershell in order to avoid the alert

Thanks
C.O.M.O.D.O RT

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek