Issue abstract: getting a false positive when using powershell in windows 11 pro
Detailed description: Trying to run Gemini CLI in VSCode. As soon as Gemini tries to connect, Norton stops it from running.
Product & version number: Everything is up to date as of 29/8/2025
OS details: Windows 11 Pro
What is the error message you are seeing?
Details
Threat name: IDP.HELU.PSE46%s_cmd
Threat type: Miscellaneous - This is malicious software that could harm your data, computer, or network.
Status: Threat detected
Detected by: Behavioral Protection
On PC from: 12/03/2025, 13:21
Last Used: 29/08/2025, 21:09
Startup Item: Yes
Many users
Millions of users in the Norton Community have used this file.
Mature
This file was released 6 months ago.
High
The file risk is high.
Activity
Path | Type | Status
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process | Terminated
559CB6880484BD6FED96EFCF5B4274CE | File | Deleted
If you have any supporting screenshots, please add them:
FYI. I’ve added Windows Powershell and the correct path to App Permission section of Norton. I’ve also added the path to antivirus exclusions, but it makes no difference.
Thank you for your reply SA. Much appreciated. Yes I have the latest Gemini CLI 0.2.2, and also yes, I added the paths (for powershell and my project directory) to both the exclusions section as per your screenshot and the App Permissions as below.
Thank you for the post back. Follow the links below, since you have the CLI executable file on your side that Norton is flagging, please submit a copy of it to Norton for a review:
Norton Submissions Portal:
And here at VirusTotal, lets see what comparative results we can garner.
Thank you SA. There is no executable, just a windows cmd file and a hundred other files and folders etc. I’ve zipped the entire @Google folder and submitted it to Norton. Because VirusTotal can only accept a single file, I submitted the gemini.cmd to that and as expected, it says “No security vendors flagged this file as malicious“. I don’t know which file in Gemini CLI that is causing the problem. If you have any ideas, I would love the hear them. Thanks again.
You’re welcome! Lets see what results Norton gives you before getting into something that leads away from where we are currently asking questions about.
Edited: Submit the file GEMINI.md to VirusTotal lets see what results it gives.
Submitted the gemini.md file and it reported no issues - BUT FYI, gemini.md is not part of the installation, it’s only available direct from github. Thanks again for your help. Will wait for Norton to get back.
I found a solution. Installed Powershell 7 and disabled Powershell 5 and Norton is fine. You have to disable Powershell 5 because it is still called even when VSCode has been told to use Powershell 7. This is not ideal as I’ve been told some apps rely on Powershell 5, but for me, it works.
Awesome new, thanks for posting back with your solution. I will indeed bookmark the thread so I can give your solution to others who may have the same or similar issue. Thanks for allowing me to assist as well.
