Issue Summary
When a user opens chrome out of local.exe, it runs the command C:\Windows\System32\WindowsPowerShell\v1.0\powershell -NoProfile -NonInteractive –ExecutionPolicy Bypass -EncodedCommand [REDACTED BASE64]
that decodes to Start "
"chrome"" -ArgumentList "
"http://[REDACTED INTERNAL DOMAIN]""
which appears to be suspicious behavior to AV software.
Is it possible to configure whether the command is encoded when powershell runs it, since it causes antivirus software to treat the executible with suspicion.
Troubleshooting Questions
- Does this happen for all sites in Local, or just one in particular?
As far as I can tell it happens when a user views any local site
Replication
Click the “Open Site” button that opens a site that you are working on.
System Details
-
Which version of Local is being used?
6.6.1.20230202.4(VirusTotal) -
What Operating System (OS) and OS version is being used?
Windows 10 Enterprise