Bitdefender Total Security False Positive Triggered by Intelligent Terminal Agent Hook Bundle #252
MasterYeti
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
Bitdefender Total Security raises a CMD:Heur.BZC.ZFV.Boxter.830.53BD2DDB antivirus alert when Intelligent Terminal's agent hook bundle is active within an AI coding assistant session.
Environment
Windows 11
Bitdefender Total Security
Claude Code v2.1.111+
Intelligent Terminal (Microsoft Store)
Description
Following installation of Intelligent Terminal and enabling of its AI agent integration, Bitdefender Total Security began blocking PowerShell activity on every AI assistant response with the following alert:
"PowerShell tried to load a malicious resource detected as CMD:Heur.BZC.ZFV.Boxter.830.53BD2DDB and was blocked."
The detection originates from Bitdefender's Antivirus real-time scanner intercepting PowerShell command strings generated by Intelligent Terminal's hook bundle staging directory. The commands themselves are benign but contain patterns that match Bitdefender's heuristic signature for malicious PowerShell activity, resulting in a false positive. While this was confirmed with Claude Code as the configured agent, it is likely that other supported agents such as Gemini may exhibit the same behaviour, as the hook bundle originates from Intelligent Terminal rather than any specific AI assistant.
Resolution
Add the Intelligent Terminal hook bundle staging directory as an exclusion in Bitdefender Total Security under Protection → Antivirus → Settings → Exclusions → Files and Folders:
C:\Users\<username>\AppData\Local\Packages\Microsoft.IntelligentTerminal_8wekyb3d8bbwe\LocalCache\Local\IntelligentTerminal\hook-bundle-stagingNote the exclusion path has been set at the hook-bundle-staging level rather than the agent-specific subdirectory, to cover all configured agents. This exclusion is targeted specifically at the Intelligent Terminal staging directory and does not broadly exempt PowerShell or any system components from Bitdefender protection.
Beta Was this translation helpful? Give feedback.
All reactions