[BUG] Claude Code `-EncodedCommand` PowerShell Execution Blocked by EDR/AV — No Opt-Out Available

Resolved 💬 1 comment Opened May 26, 2026 by molinajp89k-hash Closed Jun 26, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Claude Code internally executes PowerShell using -EncodedCommand combined
with -NoProfile -NonInteractive -NoLogo. This pattern is indistinguishable
from known malware tradecraft at the EDR signature level and is blocked by
endpoint security tools on hardened Windows environments.

Error received: "The app powershell.exe was passed a malicious command line
and has been blocked. Your device is now safe."

There is no documented setting, environment variable, or configuration flag
to disable encoded command execution in favor of plain-text PowerShell.

What Should Happen?

Claude Code should provide a configuration option — such as
DISABLE_ENCODED_POWERSHELL=1 in settings.json — to execute PowerShell
commands as plain-text rather than Base64-encoded strings.

Plain-text execution should be the default. Encoding should be opt-in,
not opt-out. This is a hard blocker for enterprise and security-focused
users running any EDR solution (Microsoft Defender ATP, CrowdStrike, etc.).

Error Messages/Logs

The app C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe was passed 
a malicious command line and has been blocked. Your device is now safe.

Command line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 
-NoProfile -NonInteractive -NoLogo -EncodedCommand <Base64 payload>

EDR Product: Microsoft Defender for Endpoint (ATP)
Trigger: Claude Code internal PowerShell AST parser/script analyzer

Steps to Reproduce

  1. Run Windows 11 with Microsoft Defender for Endpoint (or equivalent EDR) active

and set to block encoded PowerShell execution (standard hardened policy)

  1. Install Claude Code and launch it in any project directory
  1. Issue any prompt that causes Claude Code to analyze or execute a PowerShell

script internally (e.g., ask Claude to write or review a .ps1 file)

  1. Claude Code internally spawns:

powershell.exe -NoProfile -NonInteractive -NoLogo -EncodedCommand <Base64>

  1. EDR intercepts and blocks with: "malicious command line" alert
  1. Claude Code operation fails — no fallback, no plain-text retry, no user guidance

NOTE: This is 100% reproducible on any Windows endpoint with encoded PowerShell
blocking enabled. No workaround exists without weakening EDR policy.
CLAUDE_CODE_USE_POWERSHELL_TOOL=1 (preview) is being tested but does not
have confirmed resolution for this specific execution path.

Claude Model

None

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

Unknown - not in system PATH

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

Security Context

  • EDR Product: Microsoft Defender for Endpoint (ATP)
  • EDR Policy: Encoded PowerShell execution blocking enabled (standard

enterprise hardening — NOT a custom rule)

  • Windows Version: Windows 11
  • Claude Code not registered in system PATH after installation

(secondary bug — claude --version returns "not recognized")

OWASP Risk Context

  • OWASP LLM02 (Insecure Output Handling): Encoded execution reduces

transparency of commands running on endpoint

  • OWASP LLM06 (Sensitive Information Disclosure): Opaque Base64 commands

bypass security monitoring pipelines

Business Impact

This is a hard blocker for any security-focused or enterprise user.
The current behavior forces a choice between:

  1. Using Claude Code (requires weakening EDR policy)
  2. Maintaining security posture (blocks Claude Code entirely)

This is unacceptable for practitioners in cybersecurity, compliance,
and regulated industries — exactly the users who should be able to
trust and adopt this tooling.

Workaround Status

Attempted: CLAUDE_CODE_USE_POWERSHELL_TOOL=1 (preview flag)
Result: Unconfirmed — blocked before version could be verified

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗