My personal and professional life

2017-11-20

AVG Free Antivirus deletes PowerShell scripts

Yesterday, as I was working on my PowerShell backup script (see my SPSB project on GitHub) in a Windows 7 virtual machine, I noticed strange behavior. Just like this the script was getting deleted once it was executed automatically by Windows as a Logoff or Shutdown script set up through Local Group Policy Editor. I was struggling to find explanation of this myself or through Googling the Internet as nothing like this was happening on another Windows 7 (real) machine in my WAN network (where the script was actually supposed to work).
I only understood what's happening after my brother working on the same virtual machine told me via Hangouts that he was receiving strange messages from AVG Free Antivirus about some bak.ps1 script that is being quarantined. It stuck me to once that this was the script I was working on and it explained it's strange disappearance from the file system. I'll still have to find what exactly into the source was causing AVG to quarantine the script file, but I find it rather strange that another system account was receiving the messages from AVG and not the account I was working with.
I'll update this post when I found what exactly in the script was considered a threat by AVG.