Bypassing Antivirus Restrictions: Installing XM Cloud for Local Development

A step-by-step guide to handling script contained malicious content errors

November 19, 2024

By David Austin

The Problem: Malicious Content Error Blocking XM Cloud Installation

When attempting to install XM Cloud locally, the installation script was flagged as malicious by antivirus software. The error message appeared in PowerShell, halting the process with a "Script Contained Malicious Content" alert. This issue commonly arises when security software identifies certain script patterns as potentially harmful, even if they are safe, disrupting local development setups.

I haven’t ever encountered this before on previous XM Cloud local development setups, but this time I was using the new version of the XM Cloud Foundation Head, and that’s when I encountered this error.

At C:\xmexample2024\local-containers\scripts\init.ps1:1 char:1
+ [CmdletBinding(DefaultParameterSetName = "no-arguments")]
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This script contains malicious content and has been blocked by your antivirus software.
    + CategoryInfo          : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : ScriptContainedMaliciousContent

System.Threading.Tasks.Task`1[System.String]

The Solution: Creating an Antivirus Exception to Install XM Cloud Locally

To bypass the antivirus block, I added an exception for the installation script. This process involved identifying the specific script being flagged, configuring my antivirus software to allow it, and ensuring PowerShell execution policies were set correctly. After making these adjustments, the XM Cloud setup completed without further errors, allowing me to proceed with my local development environment. While my solution largely relates to Bitdefender, in my research I was able to see that similar methods for resolution in other antivirus software, including Windows Security’s Virus & threat protection, work as well.

Checking Notifications

I was able to identify the feature in my antivirus software, Bitdefender, that was preventing the installation. After carefully reviewing the antivirus logs, I found that Bitdefender's Advanced Threat Defense had flagged the PowerShell script as suspicious, even though it was part of a legitimate setup process. This feature is designed to block potentially harmful behaviors, but it can sometimes misinterpret safe scripts, especially those with custom cmdlet bindings. By digging deeper into Bitdefender's settings, I confirmed that the script had been quarantined to prevent any potential risk.

Bitdefender notification screen showing a blocked suspicious activity detected in PowerShell.

From there, I was able to best manage the issue by creating an exception. I navigated to the Advanced Threat Defense section in Bitdefender and located the option to whitelist specific files or scripts. By adding the PowerShell script to the exception list, I ensured it would no longer be flagged or blocked during execution. I also double-checked that the exception applied to all relevant paths and processes to avoid interruptions in future installations or updates.

Bitdefender settings panel with manage exceptions option highlighted.

After saving the changes, I reran the installation, and this time, the setup proceeded without any further issues. This solution not only resolved the immediate problem but also streamlined future development tasks by preventing unnecessary antivirus interference.

Bitdefender exceptions settings showing XMExample2024 folder with multiple protection options enabled.

Here we can see the before and after setting up the exception.

PowerShell screens showing a blocked script error and a successful Sitecore environment setup.

Summary: Seamless XM Cloud Installation by Configuring Antivirus Exceptions

Though encountering antivirus blocks can be frustrating, adding a targeted exception resolved the issue. With the antivirus properly configured and the PowerShell execution policy set, I was able to install XM Cloud locally without any more roadblocks. If you're facing similar issues, these steps should help you overcome the error and get back to developing efficiently. At least now, when I encounter this issue again in the future, I will know precisely what to do.

Image of Fishtank employee David Austin

David Austin

Development Team Lead | Sitecore Technology MVP x 3

David is a decorated Development Team Lead with Sitecore Technology MVP and Coveo MVP awards, as well as Sitecore CDP & Personalize Certified. He's worked in IT for 25 years; everything ranging from Developer to Business Analyst to Group Lead helping manage everything from Intranet and Internet sites to facility management and application support. David is a dedicated family man who loves to spend time with his girls. He's also an avid photographer and loves to explore new places.