Microsoft Defender "Suspicious Scheduled Task Launched"


Since the last update of the toolkit [V3.9.2] the Microsoft Defender goes crazy if we deploy a app with the toolkit.

“Suspicious Scheduled Task Process Launched”
"wscript.exe /e:vbscript “C:\Users\username\PSAppDeployToolkit\ExecuteAsUser\PSAppDeployToolkit-ExecuteAsUser.vbs”

1 Like

I’m guessing the Last update you mean v3.9.2

This is a known issue.
The guys decided to move the VBS script used to show popups in the user’s context to the same user’s Profile. I don’t agree with it because Windows features like AppLocker will stop most scripts and EXEs from running from a user’s profile.

I guess Defender doesn’t like it either.

Hey we have detected the same.
Is there any workaround scheduled on your side?
We will keep 3.9.1 for the moment, time you solve it.

Alas I am but a long-time user of PSADT.
I do not know what they plan to do.
I’ve suggested they move the PSADT temp file location to \ProgramFiles\ to make AppLocker (And now Defender too) trust the VBS/PS1 scripts but they are either too busy or have better ideas.

1 Like

We deployed a exclusion for %USERPROFILE%\PSAppDeployToolkit\ in the defender settings.
Seems to work so far.

FYI: by doing this your defeating the purpose of script blocking.
If a hacker or the user wants to run a script in your environment, they now can run it in that folder.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.