Issue abstract: New Norton showing powershell.exe infected with IDP.Generic/IDP.HELU.PSS23 etc
Detailed description: Last night the new version of Norton was pushed to my computer. This morning all sorts of issues but the most troubling is that I’m constantly popping up with “We’ve blocked powershell.exe because it was infected with IDP.HELU.PSS23 - Command line detection” (or IDP.Generic or other IDP.* named files). I was able to do one exclude but now I can’t get rid of it at all.
Product & version number: Norton 360 Premium Version 24.10.9535 (build 24.10.9535.882)
OS details: Windows 23H2 (build 22631.4317)
What is the error message you are seeing?
We’ve blocked powershell.exe because it was infected with IDP.HELU.PSS23 - Command line detection"
If you have any supporting screenshots, please add them:
I have a case opened with Norton which is supposedly with their escalations team. They called me Saturday evening while I was in the car. I arranged for a call back on Sunday at a specific time. They called me one hour early. Then chatted with them yesterday and arranged for a call back today. They never even called this time. I chatted again and was assured someone would contact me within 2 hours. Alas… 5 hours later…nothing. They claim they tried to call me yesterday which is total BS. Does anyone have any suggestions at all? This is absolutely unbelievable!!!
Thank you all for your responses! Neither Windows Defender nor Norton scan detect anything. I disconnected from the network and ran rkill and re-ran my scans and still nothing is detected. All my scans are clean. The only suspicious software that I know of is something called Rippling my company was using for endpoint updates. We are getting rid of it and I had already removed it but rkill found an autorun .exe running. It killed that and I downloaded autoruns and deleted that from system startup.
Literally as I’m typing this the popup occurred again.
@bjm I did just submit a false positive report now. I know I probably should have done that first but it’s been so troubling because normal scanning, etc doesn’t show anything at all. And all very suspicious that I logged on one morning last week and discovered the update overnight and two of these things popped up.
Quick update…some Windows updates were applied during a reboot this morning and so far I’ve been about an hour or so without a popup. Not sure if that or my false positive report helped but so far so good. Keeping fingers crossed!!