schuetzdentalCB 8 Posted December 17, 2018 Share Posted December 17, 2018 Hey, just wondering why EDTD is blocking all of this PowerShell Files: C:\Windows\TEMP\SDIAG_0d3c5bbe-38ba-44cc-9320-c03504ed0553\TS_VolumeErrors.ps1 contains Blocked EDTD. (Happens on a lot of Clients here). - Same File. Google told me that it is created by Windows. False Positive or something to do here? Thank's Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted December 17, 2018 ESET Staff Share Posted December 17, 2018 Hello, can you please send us the hash of the affected file? Link to comment Share on other sites More sharing options...
schuetzdentalCB 8 Posted December 17, 2018 Author Share Posted December 17, 2018 Hi, sure: (some of them) file:///C:/Users/sha/AppData/Local/Temp/SDIAG_bd6bcd71-2578-4123-9e81-0c15a3c74516/TS_VolumeErrors.ps = BE920097E915073F14C3CF55A73D4DBA46AC4619 file:///C:/Users/sha/AppData/Local/Temp/SDIAG_bd6bcd71-2578-4123-9e81-0c15a3c74516/RS_SyncSystemTime.ps1 = 5C3C15B6CE9ACBFC5E35CD124CD3DD06F641F05B file:///C:/Users/vc/AppData/Local/Temp/SDIAG_123bc112-fbad-4c74-8d26-9a5a5d4b8ad1/TS_InaccurateSystemTime.ps1 = C1B6134AA7F1A8D0E3C7903B871568457B392EB6 file:///C:/Users/ba/AppData/Local/Temp/SDIAG_a497407a-985c-491d-a73f-96ec38ea299c/RS_UserDiagnosticHistory.ps1 = CB67BDDD6C00E37386C5C92F1DC18C21F7F46C9F file:///C:/Users/c4/AppData/Local/Temp/SDIAG_d4f231be-748c-4098-9eca-fb0877f6cde1/RS_MachineWERQueue.ps1 = 568F6170ECAA7851B8707D43658EFC4E44F571BD Link to comment Share on other sites More sharing options...
itman 1,716 Posted December 17, 2018 Share Posted December 17, 2018 Also a better way to approach this issue is to determine why this PoweShell script is running in the first place. Its execution indicates system issues. Some background information here: https://www.exefiles.com/en/ps1/ts-volumeerrors-ps1/ . Link to comment Share on other sites More sharing options...
Administrators Marcos 5,155 Posted December 17, 2018 Administrators Share Posted December 17, 2018 I was informed that the issue had been resolved. Link to comment Share on other sites More sharing options...
schuetzdentalCB 8 Posted December 19, 2018 Author Share Posted December 19, 2018 Doesn't look like it has been fixed. - Getting several Notifications of Blocked Powershell Scripts by EDTD on many Clients. - Maybe you guys can check again? 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\RS_SyncSystemTime.ps1 contains Blocked EDTD. 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\TS_InaccurateSystemTime.ps1 contains Blocked EDTD. 19.12.2018 12:40:19 - Module Echtzeit-Dateischutz - Threat Alert triggered on computer DOENMEZPC: C:\Users\gdo\AppData\Local\Temp\SDIAG_9b725989-628b-4bf7-8272-b8623619e37b\RS_RemoveUnusedDesktopIcons.ps1 contains Blocked EDTD. Link to comment Share on other sites More sharing options...
Recommended Posts