Can you confirm this is normal or provide a resolution?   The powershell.exe process can be stopped manually and does not start again until reboot.   Process explorer shows powershell is started by ekrn.exe and the powershell command line looks like the following . . .  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -Command if (((Get-AppxPackage -Name 'EsetContextMenu').length -ne '1') -Or ((Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.39.34.0')) { Get-AppxPackage -Name 'EsetContextMenu' | Remove-AppxPackage; Add-AppxPackage -Path 'C:\Program Files\ESET\ESET Security\EsetContextMenu.msix' -ExternalLocation 'C:\Program Files\ESET\ESET Security\' } parent: ekrn.exe I did raise a support ticket and received a confirmation for it but could not find a place to access the ticket to check for responses.   I received no response via email either.  So, I opened a chat ticket and  the support person said he couldn't access/see the ticket I created which caused me to re-send the problem information / question to him!   I showed him everything via remote support, etc. and still he couldn't tell me where the ticket could be accessed to see updated responses OR whether EKRN.EXE uses powershell that way or why it runs continuously, etc.   All I got from him was call MS for Powershell problem!   Is that the type of support I can expect from ESET?   Is it true that I can't access the support ticket myself for updated - as he told me?   If so, I am very disappointed after 10 or more years of using the product.   Thanks in advance.    Customer support for home users is provided by an external company in the USA, however, the staff should be trained to handle support cases properly. I've asked colleagues from the US to look into it. The technical support should have helped you create a ticket and at least collect ELC logs and pass them to ESET HQ for assistance with the case. If PowerShell continues to run after Windows starts. please try to create a Procmon boot log by following the instructions in the linked KB. Beforehand please temporarily disable protected service in the HIPS setup in the advanced setup and reboot the machine. When done, save the Procmon log unfiltered, compress it and supply it to me via a personal message or upload it to a safe location and drop me a message with a download link. They did start communicating with me by emailing back but their answer was still "we dont use powershell, call MS".   Well, since I have a bootlog here showing that ekrn.exe in the eset folder starts powershell, my confidence isn't high in their answer. I'm working on getting this for you.   I forgot to turn off hips first time.  Will do it again.  Either way, fyi, procmon boot shows the start of the process be from ekrn.   VERY STRANGE THING I'VE NOTICED THOUGH ..  During normal operation, I see the powershell task in Task manager but can NOT find it using procmon!   I'd expect to see the opposite behavior with a hidden task or something missing from taskmgr, not from procmon!    I should have this zip file for you next posting.     Thank You again for your input. "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -Command if (((Get-AppxPackage -Name 'EsetContextMenu').length -ne '1') -Or ((Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.39.34.0')) { Get-AppxPackage -Name 'EsetContextMenu' | Remove-AppxPackage; Add-AppxPackage -Path 'C:\Program Files\ESET\ESET Security\EsetContextMenu.msix' -ExternalLocation 'C:\Program Files\ESET\ESET Security\' } Can you confirm this is normal or provide a resolution?   The powershell.exe process can be stopped manually and does not start again until reboot.   Process explorer shows powershell is started by ekrn.exe and the powershell command line looks like the following . . .  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -Command if (((Get-AppxPackage -Name 'EsetContextMenu').length -ne '1') -Or ((Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.39.34.0')) { Get-AppxPackage -Name 'EsetContextMenu' | Remove-AppxPackage; Add-AppxPackage -Path 'C:\Program Files\ESET\ESET Security\EsetContextMenu.msix' -ExternalLocation 'C:\Program Files\ESET\ESET Security\' } parent: ekrn.exe Update #2:  I re-Installed Nod32 from the Eset website and the Powershell process has been started again with the same parameters before even restarting the system.    Initial (after-installation) scan is being performed as we speak.    Again, the powershell process is using 15.4% cpu time - which matches what was going on before uninstall. No, it's behaving the same way.   I just have to kill it after each restart or I can uninstall Nod32 to  solve the problem and keep it from starting.   Like you and ITMan pointed out, it seems to be legitimately getting called and doesn't seem to be encountering or throwing an error an error but it doesn't end and it sits and uses around 15% cpu time until I kill it.   And, even though it's reported to be using 15% or more cpu time, I can't really tell it's running at all.   Also, it seems to have no effect on any Nod32 operations after I kill it.   I'm wondering at this point if task manager is mis-reporting the process as still active when it's not.   So, after I restart next time, I think I'm going to check procmon, procexp, and tasklist again to see if it's listed in the active tasks with those utilities.   I've already killed it today and can't restart right now.   Unless you have another idea, I'll check that out and let yall know the results before I close this.   Something tells me that tasklist won't show it running - because maybe it isn't? © 1992 - 2022 ESET, spol. s r.o. - All rights reserved. Trademarks used therein are trademarks or registered trademarks of ESET, spol. s r.o. or ESET North America. All other names and brands are registered trademarks of their respective companies. Powered by Invision Community