I periodically run Power eraser when I notice performance degradation on my Windows 10 machine. On the last several occurrences I received a result that the following threat needs to be fixed -  \RESITRY\MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\"ExecutionPolicy". I issue the "fix" (click the fix button) and Power Eraser fixes and restarts Windows. The next time I run Power Eraser the same threat is identified which I then fix again. Can anyone tell me what this threat is and why it continues to return?

3 Ways to Change PowerShell Execution Policy in Windows 10
https://www.top-password.com/blog/change-powershell-execution-policy-in-windows-10/

KATHE S:

Thank you. I am surmising by your post that my PowerShell execution policy is allowing some malware program to be installed, most likely from a site that I visit often. Per your thread I changed my PowerShell execution policy to "restricted" per the instructions in the link you included. Previously there was no execution policy in place. I will see if that solves the problem.

Thanks

as far as I know, default PowerShell execution policy is Restricted for Windows clients.
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7

my ExecutionPolicy is Restricted - W10 Home 1909 (18363.535)

Thank you. I am surmising by your post that my PowerShell execution policy is allowing some malware program to be installed, most likely from a site that I visit often. Per your thread I changed my PowerShell execution policy to "restricted" per the instructions in the link you included. Previously there was no execution policy in place. I will see if that solves the problem.

NPE does not detect malware (that is what Norton Security is for), it presents you with a list of files that could be malware.  It is meant to be run when your Norton program does not detect anything malicious but you still suspect that something may be acting suspiciously on your PC.  If there doesn't appear to be anything wrong, the results returned by NPE will almost always be safe files that belong to applications on your system.  NPE doesn't tell you much about a file because it really doesn't know much about the files it presents - that's the whole point, if Norton knew whether the file was actually malicious or not you would not have to run NPE, as Norton Security would catch it if it was malicious and NPE would not flag it if it was a known good file. 

https://community.norton.com/en/comment/7865241#comment-7865241

Norton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal. However, you can always undo the results of a scan. It can also help detect and remove Potentially Unwanted Programs.  For instructions on using Norton Power Eraser, see the tutorial.

https://us.norton.com/support/tools/npe.html

The NPE is a very aggressive scanner that was designed to be used as a rescue tool in emergency situations when your operating system becomes unstable or you believe you have deeply embedded malware that cannot be detected by a standard antivirus / anti-malware scan.  The NPE is prone to false positive detections and can sometimes remove important system files and registry entries [...]

https://community.norton.com/en/comment/7944441#comment-7944441

One thing to keep in mind is that NPE does not positively detect known malware - that is the job of your regular Norton Security product.  NPE instead looks for files that might warrant investigation if you suspect that you are infected and regular scans come up clean.  NPE will flag many legitimate files, so never assume that what NPE finds is truly malicious.

https://community.norton.com/en/comment/7975311#comment-7975311

The simple answer is NPE uses a heuristic reputation scale. Something that is very new, even with a Symantec signature, can be flagged as unknown.  

https://community.norton.com/en/comment/8013691#comment-8013691

KATHE S:

I periodically run Power eraser when I notice performance degradation on my Windows 10 machine. On the last several occurrences I received a result that the following threat needs to be fixed -  \RESITRY\MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\"ExecutionPolicy". I issue the "fix" (click the fix button) and Power Eraser fixes and restarts Windows. The next time I run Power Eraser the same threat is identified which I then fix again. Can anyone tell me what this threat is and why it continues to return?

Um, do you run Fast Startup = On. Machine restart (not Shut down) should not be under Fast Startup influence.
I do not know why this so called threat continues to return....on your machine. 
When I recently had may be similar report.  Restart Now > Fixed.

Hi,
Please review user OttoWS recent may be similar NPE report >
https://community.norton.com/en/forums/get-rid-malware

Please review user Imacri post >
https://community.norton.com/en/comment/8289771#comment-8289771

=================================

=========================================================

How to post an image in the forums
https://community.norton.com/en/forums/how-post-image-forums-0