03-11-2025 04:42 PM
Hi forum,
I have a problem with PowerShell, specifically with the file located at C:\Program Files\Winget-AutoUpdate\winget-upgrade.ps1.
When I restart the computer, Cortex send alert appears regarding winget-upgrade.ps1.
I created a disable prevention rule, but it is not working. Here is the information I added:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files\Winget-AutoUpdate\winget-upgrade.ps1"Can anyone help us with this problem?
03-11-2025 09:37 PM
Hello @Saul_Najera ,
Please reach out to TAC and get Support Exception. The reason is "Disable prevention rules generate an alert even after allowing the activities where as legacy agent exceptions mostly don't generate alerts and allow a process to run."
However it is not recommended to exclude the behavior. Engineering can help you with the fix.
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
