False positive detection for powershell scripts

Update timeline

1. resolved Jun 13, 2025, 12:38 PM UTC

   On 13 June 2025, Bitdefender identified and promptly addressed a false positive detection generated by Bitdefender Endpoint Security Tools (BEST) for Windows. An analytical signature, originally introduced to detect the “Poweliks” malware family, was triggered by a new Microsoft Windows compatibility script, used during a particular Microsoft Windows KB update. As a result, BEST may have blocked the corresponding powershell.exe process started for the compatibility script, on some endpoints. Timeline 00:35 UTC – Automated monitoring systems detected an unusual spike in PowerShell detections. 02:50 UTC – Root cause identified; emergency fix prepared. 03:17 UTC – Corrective signature created and tested. 03:58 UTC – Corrected signature update released to all update channels. Protection remained uninterrupted throughout the incident. Impact The detection interrupted only the Microsoft compatibility script; there was no data loss, service disruption, or security exposure. Resolution The faulty signature was disabled shortly via an incremental update. Preventive Actions Bitdefender is enhancing its automated response mechanisms for interpreter based detections and refining regression test coverage to prevent similar occurrences. Customer Action No action is required. Please ensure that your endpoints have received the latest signature update dated 13 June 2025, 06:58 UTC. If residual alerts appear, contact Bitdefender Enterprise Support. We apologize for any inconvenience and thank you for your continued trust.