Over the weekend, Microsoft released a Windows Defender signature file that falsely reports many PowerShell modules, including PowerCLI as containing a virus.
This is a FALSE POSITIVE widely affecting the PowerShell community.
There is no official statement from Microsoft yet, but the PowerCLI community on VMware {Code} has been working overtime! Here’s what you need to do to get back to automating:
- Update Windows Defender Signatures to the latest (>=
1.261.424.01.261.459.0). - If your PowerShellGet module was affected, you may need to download manually from Github (https://github.com/PowerShell/PowerShellGet)
- Update: Kevin Marquette has a pretty good workaround for PowerShellGet, which reverts back it back to 1.0.0.1.
- Release the affected files from Quarantine, or reinstall PowerCLI (Install-Module VMware.PowerCLI -scope CurrentUser -force)
This story is still developing, so I will update as the info comes in.
This is a great time for a shout out to the PowerCLI community on VMware {Code}. Special thanks to the PowerCLI users that have been working on this over the weekend and this morning: Luc Dekens, Edgar Sanchez, Wouter Kursten, Scott Haas, and John Kavanagh
You can join the VMware {Code} Slack by signing up here: https://code.vmware.com/join