AVG Support Community
Share tips and solutions on AVG Products
Community topics
AllAVG Gurus
These community experts are here to help
-
Alan Binch
-
Borislav Angelov
-
Vladimir Bartl
-
Subhadeep Kanungo
-
Miloslav Serba
Taiki Sato "IDP.HELU.PSE25" is detected.
When I run `powershell -ExecutionPolicy Bypass -EncodedCommand "RwBlAHQALQBEAGEAdABlAA=="` at the command prompt, I get `IDP.HELU.PSE25`.
But, it doesn't happen when I run `powershell -EncodedCommand "RwBlAHQALQBEAGEAdABlAA=="` or `powershell -ExecutionPolicy Bypass -Command "Get-Date"`.
These commands should have the same result.
Is this a bug in the product?
The version of AVG that I am using is as follows
Software version: 064d55fe7c10/211217.2031+0900
Virus definitions version: 211217-0
Number of definitions: 27,056,990
UI version: 1.0.643
The full text of the message displayed is as follows.
Threat secured
We've blocked powershell.exe because it was infected with IDP.HELU.PSE25 - Command line detection
But, it doesn't happen when I run `powershell -EncodedCommand "RwBlAHQALQBEAGEAdABlAA=="` or `powershell -ExecutionPolicy Bypass -Command "Get-Date"`.
These commands should have the same result.
Is this a bug in the product?
The version of AVG that I am using is as follows
Software version: 064d55fe7c10/211217.2031+0900
Virus definitions version: 211217-0
Number of definitions: 27,056,990
UI version: 1.0.643
The full text of the message displayed is as follows.
Threat secured
We've blocked powershell.exe because it was infected with IDP.HELU.PSE25 - Command line detection
We're glad to look into this & help you.
For better clarity, please share us the screenshots of the threat notification after clicking on 'See details' in it & the version info (Open AVG - Menu - About).
I share screenshots.
Thank you for the screenshot.
Could you please confirm how do you run powershell -ExecutionPolicy Bypass? Please explain in detail.
Have you tried to repair AVG Anti-virus program?
Do you have any other Anti-virus program installed in your device?
Please confirm the version of operating system installed.
Keep us updated. Thank you.
I will answer your questions.
> Could you please confirm how do you run powershell -ExecutionPolicy Bypass? Please explain in detail.
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.2#bypass
Please see the link.
Share a screenshot of what I'm actually doing.
The results of all the runs displayed on the screen are the same, but only the last run is detected as `IDP.HELU.PSE25`.
Run on Windows 10 21H2 Enterprise.
Run on Windows 11 21H2 Enterprise.
> Have you tried to repair AVG Anti-virus program?
I haven't.
> Do you have any other Anti-virus program installed in your device?
Only AVG and Windows Defender exist.
> Please confirm the version of operating system installed.
We have confirmed the operation in two environments, Windows 10 21H2 Enterprise and Windows 11 21H2 Enterprise.
- Windows 10 21H2 (Version 10.0.19044.1415)
- Windows 11 21H2 (Version 10.0.22000.258)
Thank you.
Thank you for elaborating the issue & sharing more details, Taiki.
To further investigate this issue, we've sent you an email with detailed instructions to contact our additional support.
Please check your inbox/spam folders to find the email and use it to contact them.
Thank you for your support.
You're welcome, Taiki.
Feel free to contact them at your convenient time. They're available 24/7.
Have a great day!
Thank you very much.
As I told you in the support chat, it seems that the event cannot be reproduced while connected to the support tool.
I will share again the screenshot of the event that occurred immediately after disconnecting the support tool and the various version information.
AVG AntiVirus Free
Software version: 21.11.3215 (build 21.11.6809.439)
Virus definitions version: 211220-0
Number of definitions: 27,112,728
UI version: 1.0.643
Windows Version
Windows 10 21H2 Enterprise [Version 10.0.19044.1415]
Thank you very much for your continuous support.
We would request you to repair your AVG Internet Security and restart you PC.
You can repair your AVG Internet Security with the following steps:
1. Press your window key and R key together and then type "appwiz.cpl" and hit "Enter"
2. Here you can see the list of installed applications in your PC.
3. Uninstall the conflicting antivirus (If found).
4. Uninstall the AVG Internet Security and click "Uninstall".
5. Now select repair and continue.
6. Restart your PC.
Please try the above steps and let us know the status of the issue.
If the issue persists, then feel free to write back to this post.
Thank you.
The result was the same as before, `IDP.HELU.PSE25` was displayed.
Thank you.
We apologize for the inconvenience caused to you.
Did you try to disable behavior shield in AVG Antivirus program and check if it resolves the issue?
If yes, we would request you to uninstall and reinstall AVG Antivirus free program on your computer.
Thank you and keep us informed.
I share screenshot.
We suggest you reinstall the AVG AntiVirus and check if the issue resolves.
Uninstallation link: https://www.avg.com/en-us/download-thank-you.php?product=REM
Installation link: https://www.avg.com/en-us/download-thank-you.php?product=FREEGSR
Keep us posted.
Uninstallation link: https://www.avg.com/en-us/download-thank-you.php?product=REM
Installation link: https://www.avg.com/en-us/download-thank-you.php?product=FREEGSR
Unfortunately, the result is the same as before.
Since the issue appeared again, we request you to get connected with our additional support by following the same email steps.
Our technician can see what can be done and escalate to senior team, if necessary. Thank you.