!#SLF:Win32/SuspClickFix.N in v4.1.0.0 #38
Description
Hi, since I updated ConfigureDefender from 4.0.1.1 to the latest 4.1.0.0, I can no longer execute shortcuts that run PowerShell code. Has something changed?
Example from log; CmdLine:_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command Start-Process powershell.exe -Verb RunAs -ArgumentList 'irm https://christitus.com/win | iex'
It always returns a permissions error, or it is flagged as malware or other potentially unwanted software.
I can run the command "irm https://christitus.com/win | iex" directly from PowerShell without any issues, but the shortcut stopped working after a single use of 4.1.0.0 and does not work again even if I go back to 4.0.1.1.
ConfigureDefender 4.1 probably enabled stricter Microsoft Defender settings. Those settings remain in Defender even if you downgrade the ConfigureDefender app version. Any Idea howto fix?
Sorry for german log:
Event[1]:
Time Created : 04.02.2026 09:04:16
ProviderName : Microsoft-Windows-Windows Defender
Id : 1116
Message : Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=!#SLF:Win32/SuspClickFix.N&threatid=268622141&enterprise=0
Name: !#SLF:Win32/SuspClickFix.N
ID: 268622141
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: CmdLine:_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command Start-Process powershell.exe -verb runas -ArgumentList 'irm https://christitus.com/win | iex'
Erkennungsursprung: Unbekannt
Erkennungstype: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Sicherheitsversion: AV: 1.443.995.0, AS: 1.443.995.0, NIS: 1.443.995.0
Modulversion: AM: 1.1.26010.1, NIS: 1.1.26010.1