Have been using PS Pro Tools for a while to compile scripts and distribute via Teams. Recently (last week) all new compiled scripts are being detected as malware in Teams and download blocked. Checking the exe in VirusTotal shows high detection (23-25\70) including some larger AV such as Kaspersky, Symantec and McAfee. Just now local McAfee started detecting the unsigned exe as malware, preventing it being signed unless quick to do so.
Even a simple hullo-world script generates 23\70 malware detections https://www.virustotal.com/gui/file/cdf33b426adfa62bf80a91db3e5bb2a06d2060dbbc60f554a9ba43e87c9b38c9/details
Is this due to recent change in detection algorithms for recent threat, something changed in PS Pro Tools, or an issue with VirusTotal?
We’ve seen a recent up-tick in detections across all AV providers. We have a document here outlining some mitigations.
It’s also the reason we released the Ironman Software Host.