When a user opens chrome out of local.exe, it runs the command
C:\Windows\System32\WindowsPowerShell\v1.0\powershell -NoProfile -NonInteractive –ExecutionPolicy Bypass -EncodedCommand [REDACTED BASE64] that decodes to
"" -ArgumentList ""http://[REDACTED INTERNAL DOMAIN]
"" which appears to be suspicious behavior to AV software.
Is it possible to configure whether the command is encoded when powershell runs it, since it causes antivirus software to treat the executible with suspicion.
- Does this happen for all sites in Local, or just one in particular?
As far as I can tell it happens when a user views any local site
Click the “Open Site” button that opens a site that you are working on.
Sorry I don’t have an answer to your specific question, but I do want to help if possible. Are you unable to open any Local sites due to this? Or getting any other errors or warnings while developing?
Within your machine are you able to do any allowing for Local within security or antivirus checkers to help out?
Keep us posted and we’d be happy to help further!
My users aren’t experiencing any problems, it’s that it keeps setting off antivirus alarms, which adds to the noise of our AV environment.
I know nothing about Local so if there’s anything you need just treat me like a 5 year old and I can run down the requested info.
Is there any way within your AV environment to flag this as a false positive or add an allowance for the app?
Yeah I can, my hope though is that this could be addressed upstream, to avoid repeat work from each of your customers who also run enterprise AV.
I will raise this up with the Local Devs to see if it’s feasible, but I’m glad to hear you at least have a workaround for the time being!
Thanks. If there’s a valid purpose that’s not a problem, our processes require that we document the reason for the exception so we’d just need to know why it’s doing it that way.
I’ve raised this with our Dev team, and the short answer is that the command is generated by an upstream library, and barring any changes to the library we likely wouldn’t add an option to change it within Local. Not to say that it may not see a change in the future, but right now it wouldn’t have any priority or ETA.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.