Technical Tip: Windows Defender flags a Reveal policy as a threat
| Description | This article describes Windows Defender flags a Reveal policy as a threat. |
| Scope | FortiDLP. |
| Solution | Windows Defender may flag the 'Malicious PowerShell script executed' policy as a threat. It might look something like this in the 'History' section of the Windows Defender interface: 
To be able to identify known malicious PowerShell script execution, the policy file contains some identifying signatures for this code which may be incorrectly identified by Windows Defender as the malicious code itself. There is no code executed by PowerShell as part of this policy, so there is no danger within the file itself.
A workaround is to exclude the Reveal policy folder in Windows Security settings. Further information on how to do this is shown here.
The policy scripts are stored in this folder: C:\ProgramData\Jazz Networks\Agent\policy |