Issue abstract: New Norton showing powershell.exe infected with IDP.Generic/IDP.HELU.PSS23 etc
Detailed description: Last night the new version of Norton was pushed to my computer. This morning all sorts of issues but the most troubling is that I’m constantly popping up with “We’ve blocked powershell.exe because it was infected with IDP.HELU.PSS23 - Command line detection” (or IDP.Generic or other IDP.* named files). I was able to do one exclude but now I can’t get rid of it at all.
Product & version number: Norton 360 Premium Version 24.10.9535 (build 24.10.9535.882)
OS details: Windows 23H2 (build 22631.4317)
What is the error message you are seeing?
We’ve blocked powershell.exe because it was infected with IDP.HELU.PSS23 - Command line detection"
If you have any supporting screenshots, please add them:
I have a case opened with Norton which is supposedly with their escalations team. They called me Saturday evening while I was in the car. I arranged for a call back on Sunday at a specific time. They called me one hour early. Then chatted with them yesterday and arranged for a call back today. They never even called this time. I chatted again and was assured someone would contact me within 2 hours. Alas… 5 hours later…nothing. They claim they tried to call me yesterday which is total BS. Does anyone have any suggestions at all? This is absolutely unbelievable!!!
Thank you all for your responses! Neither Windows Defender nor Norton scan detect anything. I disconnected from the network and ran rkill and re-ran my scans and still nothing is detected. All my scans are clean. The only suspicious software that I know of is something called Rippling my company was using for endpoint updates. We are getting rid of it and I had already removed it but rkill found an autorun .exe running. It killed that and I downloaded autoruns and deleted that from system startup.
Literally as I’m typing this the popup occurred again.
@bjm I did just submit a false positive report now. I know I probably should have done that first but it’s been so troubling because normal scanning, etc doesn’t show anything at all. And all very suspicious that I logged on one morning last week and discovered the update overnight and two of these things popped up.
Quick update…some Windows updates were applied during a reboot this morning and so far I’ve been about an hour or so without a popup. Not sure if that or my false positive report helped but so far so good. Keeping fingers crossed!!
Click the small “See details” link below the “Scam my PC”. If your case is also “detected by” the behaviourl thing as shown in this image.
I decided to run the application as an administrator and it worked. Another option possibly is to configure the behaviour settings from this link : Norton forum is not allowing me to post the link. Do google for Norton behavioural setttings.
@Steven_Mohl Following up to see if your issue is solved and whether we can assist further. If solved please mark the thread as solved so other users can see the solution. Glad we could help.
