Charlie Heinz
OBOOpen Brush, Open Blocks, Icosa Gallery
•Created by Charlie Heinz on 9/22/2023 in #open-brush-bugs
Powershell commands in registry key?
Hey folks - we use and love Open Brush at the University of Minnesota - our IT Security flagged a potential issue though. I'm not a programmer; could you take a look at their message and let me know what you think? "Host is triggering alerts in Defender for suspicious process execution of powershell commands and suspicious powershell in registry. Upon investigation it appears that an application that was installed from Steam and is called TilBrush/OpenBrush. This program installation has stored powershell commands in hex in the registry key data value. This is very unusual and suspicious activity. Commands can be written in the registry for persistence by threat actors. It is not unheard of for Steam games to have malware. An attacker might be attempting to execute commands automatically without detection. The recommendation would be to remove this software from the Windows 10 device and scan the host with AV."
7 replies