Panel and Anti-Virus & Anti-Malware
K12Panel runs Modifiers as encoded PowerShell, which some antivirus products flag — here's how to create the right exclusions.
Panel and Anti-Virus / Anti-Malware
K12Panel runs Blueprints by invoking powershell.exe with encoded commands. Many antivirus and anti-malware products flag this — correctly — because it looks like remotely executed code. That is exactly the kind of activity you’d want to monitor if you weren’t intentionally running it. Because you are using K12Panel to manage machines remotely on purpose, you can create exclusions so your security product allows it.
The general approach with any product is to exclude the PowerShell executable (and, where applicable, exempt it from behavioral/IDS modules) for the machines K12Panel manages.
BitDefender (GravityZone) Example
- Sign in to the BitDefender GravityZone portal.
- Select Policies from the left menu.
- Open the policy assigned to your K12Panel-managed machines.
- Select Antimalware, then Settings.
- In the In-Policy Exclusion section, add a new exclusion.
- Set the type to File and the excluded item to:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Apply the exclusion to the relevant modules (for example ATC/IDS).
- Click Save.
Note: client machines may still flag and report activity. With some products, aggressive scanning can slow K12Panel polling by delaying or re-running blueprint reports.
Other Products
The same principle applies to other antivirus products: exclude powershell.exe and exempt it from behavioral or intrusion-detection modules for your managed machines. If K12Panel still isn’t working after adding exclusions, confirm your network also allows the required K12Panel domains (see the whitelisting article).
Common Questions
Why does my antivirus flag K12Panel?
K12Panel runs Modifiers as encoded PowerShell, which looks like remote code execution. It’s expected; add an exclusion.
What exactly should I exclude?
The PowerShell executable at C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, plus any behavioral/IDS module exemption your product offers.
Will excluding PowerShell lower my security?
It allows the specific tool K12Panel uses to run. Scope the exclusion to your managed machines and policy.
Modifiers run slowly or re-run — could antivirus be the cause?
Yes. Aggressive scanning can delay or repeat blueprint reports; exclusions usually resolve it.