Wacatac.h!ml and Trojan:Powershell/PowerSploit by Defender

Product: PowerShell Pro Tools 2022.11.2 (and possible previous version)

We are experiencing lots of false positive alerts with various detections by defender. Different Executable are deleted/isolated by defender. Lots a security alerts are going off. What is going on?

We’ve been seeing a large increase in false positives from PowerShell executables across all anti-virus platforms (you can upload it to VirusTotal to get a feeling for that).

Currently, the best options are to:

  • Exclude the executable from Defender scans
  • Sign the executable using a code signing certificate
  • Using our new Ironman PowerShell Host