[BUG] Claude Code `-EncodedCommand` PowerShell Execution Blocked by EDR/AV — No Opt-Out Available
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Claude Code internally executes PowerShell using -EncodedCommand combined
with -NoProfile -NonInteractive -NoLogo. This pattern is indistinguishable
from known malware tradecraft at the EDR signature level and is blocked by
endpoint security tools on hardened Windows environments.
Error received: "The app powershell.exe was passed a malicious command line
and has been blocked. Your device is now safe."
There is no documented setting, environment variable, or configuration flag
to disable encoded command execution in favor of plain-text PowerShell.
What Should Happen?
Claude Code should provide a configuration option — such as
DISABLE_ENCODED_POWERSHELL=1 in settings.json — to execute PowerShell
commands as plain-text rather than Base64-encoded strings.
Plain-text execution should be the default. Encoding should be opt-in,
not opt-out. This is a hard blocker for enterprise and security-focused
users running any EDR solution (Microsoft Defender ATP, CrowdStrike, etc.).
Error Messages/Logs
The app C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe was passed
a malicious command line and has been blocked. Your device is now safe.
Command line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
-NoProfile -NonInteractive -NoLogo -EncodedCommand <Base64 payload>
EDR Product: Microsoft Defender for Endpoint (ATP)
Trigger: Claude Code internal PowerShell AST parser/script analyzer
Steps to Reproduce
- Run Windows 11 with Microsoft Defender for Endpoint (or equivalent EDR) active
and set to block encoded PowerShell execution (standard hardened policy)
- Install Claude Code and launch it in any project directory
- Issue any prompt that causes Claude Code to analyze or execute a PowerShell
script internally (e.g., ask Claude to write or review a .ps1 file)
- Claude Code internally spawns:
powershell.exe -NoProfile -NonInteractive -NoLogo -EncodedCommand <Base64>
- EDR intercepts and blocks with: "malicious command line" alert
- Claude Code operation fails — no fallback, no plain-text retry, no user guidance
NOTE: This is 100% reproducible on any Windows endpoint with encoded PowerShell
blocking enabled. No workaround exists without weakening EDR policy.
CLAUDE_CODE_USE_POWERSHELL_TOOL=1 (preview) is being tested but does not
have confirmed resolution for this specific execution path.
Claude Model
None
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
Unknown - not in system PATH
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
PowerShell
Additional Information
Security Context
- EDR Product: Microsoft Defender for Endpoint (ATP)
- EDR Policy: Encoded PowerShell execution blocking enabled (standard
enterprise hardening — NOT a custom rule)
- Windows Version: Windows 11
- Claude Code not registered in system PATH after installation
(secondary bug — claude --version returns "not recognized")
OWASP Risk Context
- OWASP LLM02 (Insecure Output Handling): Encoded execution reduces
transparency of commands running on endpoint
- OWASP LLM06 (Sensitive Information Disclosure): Opaque Base64 commands
bypass security monitoring pipelines
Business Impact
This is a hard blocker for any security-focused or enterprise user.
The current behavior forces a choice between:
- Using Claude Code (requires weakening EDR policy)
- Maintaining security posture (blocks Claude Code entirely)
This is unacceptable for practitioners in cybersecurity, compliance,
and regulated industries — exactly the users who should be able to
trust and adopt this tooling.
Workaround Status
Attempted: CLAUDE_CODE_USE_POWERSHELL_TOOL=1 (preview flag)
Result: Unconfirmed — blocked before version could be verified
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗