Help
FortiDLP
FortiDLP is a cloud-native endpoint DLP and Insider Risk Solution which is aimed at monitoring and Preventing Data Theft on the endpoint, across Windows, macOS and Linux.
Anthony_E
Community Manager
Community Manager

Created on ‎10-28-2024 06:56 AM Edited on ‎10-28-2024 11:16 PM

Article Id 353367

Technical Tip: Windows Defender flags a Reveal policy as a threat

Description This article describes Windows Defender flags a Reveal policy as a threat.
Scope FortiDLP.
Solution

Windows Defender may flag the 'Malicious PowerShell script executed' policy as a threat. It might look something like this in the 'History' section of the Windows Defender interface:

Anthony_E_0-1730123701275.png

 

To be able to identify known malicious PowerShell script execution, the policy file contains some identifying signatures for this code which may be incorrectly identified by Windows Defender as the malicious code itself. There is no code executed by PowerShell as part of this policy, so there is no danger within the file itself.

 

A workaround is to exclude the Reveal policy folder in Windows Security settings. Further information on how to do this is shown here

 

The policy scripts are stored in this folder:

C:\ProgramData\Jazz Networks\Agent\policy
Labels:
102
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.