FP: "Retrieval of Obfuscated PowerShell Cmdlet Name via Windows Globbing Pattern" triggered by Claude Code's shell-discovery probe

InsightIDR Alerts
1

Detection rule: Attacker Technique - Retrieval of Obfuscated PowerShell Cmdlet Name via Windows Globbing Pattern
Rule RRN: rrn:cba:::detection-rule:version:PD8UE3PN2Y2T
Alert source: Attacker Behavior Analytics (ABA)
Priority: High
Platform: Windows 11

What we observed

Claude Code (Anthropic's developer CLI, current version 2.1.x) reliably triggers this rule when it probes the workstation for available Python interpreters. The rule fires on the literal substring python* inside a Get-Command call, treating it as cmdlet-name globbing/obfuscation. The actual purpose is benign command discovery.

Triggering log (sanitized)

process.name        : powershell.exe (Microsoft signed, sha256 0ff6f2c9..., Known/None/0/36 VT)

parent_process.name : claude.exe (Claude Code v2.1.119)

parent_process.path : C:\Users\<dev>\AppData\Roaming\Claude\claude-code\<ver>\claude.exe

working_dir : C:\Users\<dev>\Desktop\<project>\

username : <dev> (interactive, not SYSTEM)

cmd_line:

powershell.exe -NoProfile -NonInteractive -Command "

python3 --version 2>$null;

py --version 2>$null;

Get-Command python* -ErrorAction SilentlyContinue |

Select-Object Name, Source | Format-Table;

$_ec = if ($null -ne $LASTEXITCODE) { $LASTEXITCODE } elseif ($?) { 0 } else { 1 };

(Get-Location).Path |

Out-File -FilePath 'C:\Users\<dev>\AppData\Local\Temp\claude-pwd-ps-<id>'

-Encoding utf8 -NoNewline;

exit $_ec"

Two distinguishing artifacts in every Claude Code-spawned PowerShell invocation:

  1. Get-Command <prefix>* — discovery for Python, Node, Git, etc.

  2. claude-pwd-ps-<hex> temp file — Claude Code's mechanism for tracking shell PWD across tool calls.

CLAUDECODE=1 and CLAUDE_AGENT_SDK_VERSION=<ver> are also present in the process env, so identification is unambiguous.

Why it's a false positive

  • Parent process is the legitimate, signed claude.exe running under the developer's interactive account.

  • The python* glob is being passed as a name filter argument to Get-Command, not used to obfuscate a cmdlet name. PowerShell's Get-Command natively supports wildcards as a documented feature.

  • No outbound network, no encoded payload, no script-block bypass, no persistence write, no lateral movement.

  • The hash, signing chain, and reputation of powershell.exe are clean.

Workaround we deployed

Rule exception, applied via the rule's Exceptions tab:

Field Match Value
process.cmd_line Contains claude-pwd-ps-

This temp-file prefix is unique to Claude Code's PowerShell wrapper across all current versions, so the exception scope is tight. We considered pairing it with parent_process.exe_path Contains \claude-code\ (AND combinator) for defence-in-depth, but the cmd_line marker alone has been sufficient and zero-risk in our environment so far.