HideConsoleWindow = $true and exe file suspended by Crowdstrike (antivirus program)

After setting the HideConsoleWindow = $true in project.psd1 and package the powershell script into exe file. Once I execute the exe file, antivirus program detected it as malicious code and removed the exe file completely. If I set it back to $false, all working well without any issue. Is there any solution for this please?

Hi @PSNewStarter

Thank you for sharing about this as it is very helpful to know the precise behavior (on/off switch) that can trigger some behavior-based security application. I would advise that you will need to check with the CrowdStrike vendor for guidance on this.

I see that have an article that might be related to this at How to Create Custom Rules with CrowdStrike. Can you check into this and let us know if it helps?

@adam - Can you advise a litlte bit around what the HideConsoleWindow property is specifically doing when enabled? That may help in the future with respect to programming exceptions around application behavior.

We create a hidden cmd window and then attach it to the process.

                _console = new Process();
                _console.StartInfo = new ProcessStartInfo();
                _console.StartInfo.UseShellExecute = false;
                _console.StartInfo.CreateNoWindow = true;
                _console.StartInfo.FileName = "cmd";
                _console.Start();

                var attached = AttachConsole(_console.Id);
1 Like

This is the same behaviour if you put Obfuscate = $true, crowdstrike will remove it .