Top issues
Problem
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are commonly abused by malicious software with the intent to cause harm. When a software package shares behavior traits with malicious software, it may become flagged by security solutions. Any detection from security solutions can cause friction for the end-users during software deployment. While the behavior is likely intended by the developer, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.Prevalence in PowerShell Gallery community
13 packages
found in
Top 100
179 packages
found in
Top 1k
969 packages
found in
Top 10k
1540 packages
in community
Next steps
Investigate reported detections.
If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed, or until the issue is risk accepted.
Consider rewriting the flagged code without using the marked behaviors.
Problem
Obfuscation is a process of mangling the software code legibility. Obfuscation can be applied to both the application source and its compiled code counterpart. In both cases, obfuscation can interfere with the accuracy of security and software quality assessment solutions. For this reason, obfuscation is a technique commonly used by malicious actors as a means of bypassing security solutions and avoiding detection. While presence of obfuscation does not imply malicious intent, all of its uses in a software package should be documented and approved. One example of acceptable use for code obfuscation is minimizing the size of script files that are not intended to be read by humans. In such a case, the trade-off between file size and code legibility is considered acceptable.Prevalence in PowerShell Gallery community
0 packages
found in
Top 100
6 packages
found in
Top 1k
39 packages
found in
Top 10k
59 packages
in community
Next steps
Investigate reported detections as indicators of software tampering.
Consult Mitre ATT&CK documentation: T1027 - Obfuscated Files or Information.
Consider an alternative to code obfuscation to lower the risk of being mistakenly flagged by security solutions.
Top behaviors
Prevents creating an interactive prompt for the user during execution.
stealth
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
2 packages
found in
Top 100
28 packages
found in
Top 1k
156 packages
found in
Top 10k
261 packages
in community
Tampers with installed applications.
settings
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
4 packages
found in
Top 100
53 packages
found in
Top 1k
326 packages
found in
Top 10k
512 packages
in community
Gets or sets the security protocol used by the ServicePoint objects.
settings
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
4 packages
found in
Top 100
95 packages
found in
Top 1k
645 packages
found in
Top 10k
1063 packages
in community
Creates or changes item properties, such as registry keys.
settings
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
3 packages
found in
Top 100
79 packages
found in
Top 1k
444 packages
found in
Top 10k
701 packages
in community
Loads additional snap-ins or modules to the current session.
payload
Prevalence in PowerShell Gallery community
Behavior often found in this community (Common)
90 packages
found in
Top 100
509 packages
found in
Top 1k
3113 packages
found in
Top 10k
5185 packages
in community
Top vulnerabilities
No vulnerabilities found.