Scroll Top
Evotec Services sp. z o.o., ul. Drozdów 6, Mikołów, 43-190, Poland
+48 502 469 760
[email protected]

Import-Module: This script contains malicious content and has been blocked by your antivirus software.

Import-Module: This script contains malicious content and has been blocked by your antivirus software.
Import-Module: This script contains malicious content and has been blocked by your antivirus software.
By Przemyslaw Klys PowerShell 12 grudnia, 2018

I've been working today on a little project when suddenly my modules stopped working. It was weird because I have not touched anything that could cause it.

Import-Module : The script ‘PSSharedGoods.psm1' cannot be run because the following modules that are specified by the “#requires” statements of the script
are missing: PSWriteColor.
At C:\Support\GitHub\PSWinReporting\Examples\RunMe-SearchEvents.ps1:2 char:1
+ Import-Module PSWinReporting -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (PSSharedGoods.psm1:String) [Import-Module], ScriptRequiresException
+ FullyQualifiedErrorId : ScriptRequiresMissingModules,Microsoft.PowerShell.Commands.ImportModuleCommand

A message was a bit cryptic mentioning that my PSWriteColor module is required but not available. I've decided to try and load PSWriteColor manually using Import-Module command.

Import-Module PSWriteColor

That's where I got this little message at the bottom that made me wonder what I've done with my precious module that it is now a virus.

Import-Module : The module manifest ‘C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSWriteColor\PSWriteColor.psd1' could not be processed because it i
s not a valid Windows PowerShell restricted language file. Remove the elements that are not permitted by the restricted language:
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSWriteColor\PSWriteColor.psd1:1 char:1
+ #
+ ~
This script contains malicious content and has been blocked by your antivirus software.
At line:1 char:1
+ Import-Module PSWriteColor
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (C:\WINDOWS\syst…WriteColor.psd1:String) [Import-Module], MissingMemberException
+ FullyQualifiedErrorId : Modules_InvalidManifest,Microsoft.PowerShell.Commands.ImportModuleCommand

How do I fix it?

As I don't use any antivirus software other than the built-in Windows Defender I assumed that it must have updated its definitions at some point today and none of my PowerShell modules will be working correctly. A quick check into definitions, confirms that the update has kicked in around 11:14 but a day before and I've already worked with that module during that time.

If we check what Windows Defender has been doing behind scenes we will find out that AMSI (Anti-Malware Scan Interface) was responsible for making my module rogue.

I've decided that updating virus definitions again should solve this, eventually I was prepared to totally disable Windows Defender for the time being.

Fortunately, new virus definition kicked in after few seconds everything is now working correctly. Must have been some weird hiccup on Windows Defender part. It didn't require restart of PowerShell session either.

Przemyslaw Klys / About Author
System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.
More posts by Przemyslaw Klys

Posty powiązane

Visually display Active Directory Trusts using PowerShell
Active Directory Trusts are useful to connect one or more domains. But as useful those are, they can be very dangerous. Also, keeping trusts working and in good shape should be a top priority for Active Directory Admins. While there is a couple of command in the Active Directory module Get-ADTrust, I thought I would try and write my own that checks a few more things. I want to thank Chris Dent for his input on the part of this command. His binary skills amaze me!
14 wrz 2020
Forwading Events
PowerShell – Everything you wanted to know about Event Logs and then some
If you feel this title is very familiar to you it’s because I actually have stolen the title from Kevin Marquette. I’m in awe of his posts that take you thru topic from beginning till the end. No splitting, no hiding anything, everything on a plate, in a single post. That’s why I’ve decided to write a post that will take you on a trip on how to work with Event Logs, something that is an internal part of Windows Administration. If you’ve never worked with Events and you’re in IT you most likely should make an effort to find out what it is and how you can eat it.
20 lut 2019
Mentioning users in notifications using PSTeams PowerShell Module
Microsoft Teams over the last few years have grown into an excellent and flexible tool for both small and big companies. Having the ability to chat with users, store files or have all sorts of data in one place makes it easy and functional. Of course, it has its fair share of issues, but it’s getting better. One of the cool features of Microsoft Teams is being able to send notifications to Microsoft Teams Channels using WebHook Notifications. In the beginning, this feature was pretty limited, but after a few years, it got much better with support for Adaptive Cards, List Cards, Hero Cards, Thumbnail Cards, and Office 365 Connector Card.
16 sty 2022
Getting Verified badge next to your GitHub commits in VS Code
A bit over two years ago, I started posting my PowerShell code as modules on GitHub. Initially, I planned to have them hosted on my website, but few people asked to post it there, and they were right. It would be fairly hard for me to keep my code up to date on my website and, at the same time, let people submit bug reports or help with some PR. It was the right decision! Now that I’ve worked for over two years on GitHub as a daily driver, I wanted to get a new green badge that’s shown on GitHub when you edit some code. I don’t know if you ever noticed, but if you write any code, text file directly via the GitHub.com webpage, your commits always have Verified badge next to them.
08 maj 2020
Compare PowerShell
PowerShell – Comparing advanced objects
Two years ago, I wrote a blog post on how you can compare two or more objects visually in PowerShell that works on Windows, Linux, or macOS. I’ve been using that for a while, but it had a specific flaw. Comparing more advanced objects that you often see (for example, returned by Graph API, two config files) wasn’t working correctly, often throwing errors. The reason for this was that having nested hashtables arrays require more advanced logic. Today I’ve updated my module to use the ConvertTo-FlatObject function, which allows the Compare-MultipleObjects function to compare suitably more advanced objects hopefully. Of course, it should not throw errors anymore.
28 lut 2022
Quickly test multiple proxies with Powershell
Recently we were tasked with testing connectivity with Good For Enterprise servers. Since the environment is highly secure it requires…
0
05 sie 2015
PSWinReporting 1.0
PSWinReporting 1.0 – Monitoring Active Directrory Events
10 cze 2018
Windows 2019 Language Pack
Windows 2019 – How to add language pack?
Today I’ve been setting up a new server on Windows 2019. By default, I install Windows with English version even if Client works in their language such as German, Polish or Swedish. While some people install Windows in a language they desire to work with, years of experience taught me that installing English and then adding Language Pack is the best way to go. All errors, windows events, and general troubleshooting is much easier if those are in the native English language. Each version of Windows made it easier to install the language pack and have that up and running in no time. In Windows 2019 it’s even more comfortable… or is it?
02 sty 2019
Adaptive Card Tables
Adaptive Cards with Tables and Linebreaks in Microsoft Teams
PSTeams is a PowerShell module that helps simplify sending notifications to Microsoft Teams via Incoming webhooks. It’s easy to use and doesn’t require playing with JSON. Since version 2.0, it started to support Adaptive Cards; in version 2.1, I’ve added the ability to mention people. Today I’m introducing an easy way to send data as a table and a quick way to add a line break.
21 sie 2022
IIS Logs Parser in PowerShell
Reading IIS logs with PowerShell
Today I was reading Twitter, as I am pretty addicted to technology news when Adam Bacon mentioned that he’s surprised that no one has rebuilt IIS Parser as pure PowerShell. While this is not entirely true, and some modules can do some parsing, I decided to try my luck. While doing it from scratch in PowerShell is possible, I opted to use an external C# library that does all the heavy lifting and is optimized for speed.
04 cze 2022
Restoring (Recovering) PowerShell Scripts from Event Logs
A few days ago, I was asked to take a look at PowerShell Malware. While I don’t know much about malware, my curiosity didn’t let me skip on this occasion, and I was handed over WindowsPowerShell.evtx file. Ok, that’s not what I expected! I wanted PowerShell .ps1 files that I can read and assess? Well, you play with the cards you were dealt with. What I was handed over was PowerShell Event Log. PowerShell writes whatever you execute, and it thinks it is risky, to Windows PowerShell Operation Event Log.
28 sie 2020
Active Directory
Synchronizing Active Directory with External Time Source
0
24 sty 2018
AzureAD – Enable Password Expiration with Password Hash Synchronization
Azure AD Connect allows three ways to make sure the user password is the same in Active Directory and Office 365. Those are Password Hash Sync, Pass-Thru Authentication, and ADFS. While my preferred option to go with would be Pass-Thru Authentication, only Password Hash Synchronization is the easiest and least resource-intensive. It synchronizes user password to Office 365, and even if your Active Directory is down, you can still log in to Office 365. It’s perfect for small and even more significant companies that don’t have resources or can’t guarantee that their infrastructure will stay 100% time online so users can authenticate based on their Active Directory.
24 lut 2020
PowerShell
Get-AdPermission – The operation couldn’t be performed because object couldn’t be found
0
25 lut 2016
Azure Health
Getting Azure Health by parsing HTML using PSParseHTML
Some time ago I’ve wrote PowerShell way to get all information about Office 365 Service Health, and if you were thinking that I would try the same concept for Azure Services you were right. However, I failed. This is because Office 365 Health can be gathered using Microsoft Graph API, and Azure Health information, as far as I know, is not available in the form I wanted it. Azure Status is available as part of Azure Status website. Contrary to Office 365 health you don’t have to login to your Office 365 tenant to read it.
08 gru 2019