I dont believe its actually deleting a file, so there is nothing to restore, powershell and svchost arent going anywhere, . If its a false positive, I dont want to add as an exeception as that flags the path (powershell) and the detection, what if the same detection came up that wasnt a false positive? How do I flag the sheduled task (or whatever it is) thats causing this as a false positive in the first place? And firstly how do I even know it is?
Surely I can dig into whats causing this specifically and resolve it. Otherwise im gonna keep recieving notifications that its cleaned, im in the 100's of these accross my machines.