Norton Flags Win11Debloat.ps1 as IDP.Generic Threat – False Positive ?

[motsmanish]

Describe the bug
Norton Antivirus flags Win11Debloat.ps1 as IDP.Generic, even though the script is clean and community-trusted. This causes users to either bypass warnings or be blocked entirely from using the script.

To Reproduce
Steps to reproduce the behavior:

Download Win11Debloat.ps1 using:
& ([scriptblock]::Create((irm "https://debloat.raphi.re/")))
Run the script in PowerShell as Administrator

Norton scans and blocks the script as a threat (IDP.Generic)

User sees a popup: "Threat blocked"

Expected behavior
The script should run without being flagged by antivirus, especially since it only performs OS cleanup tasks like removing bloatware and modifying registry settings.

Screenshots

Additional context
This appears to be a false positive triggered by the use of system-modifying commands (Remove-AppxPackage, registry changes, etc.). Other users running similar scripts also experience this.

Recommend:

Requesting whitelisting from Norton

Noting this in the README

Signing script or adding checksum verification for clarity

[motsmanish]

Just wanted to add that the script worked flawlessly for me — very effective and clean. Huge thanks for building this. The only hiccup was Norton flagging it as IDP.Generic, but after adding an exception, everything ran perfectly. Great work! 💯

[Raphire]

Heya,

Thanks for reporting this. As you already noted yourself, Win11Debloat makes system level changes so it's not surprising that some antivirus software would falsely label it as a possible threat. I'll look ways to possibly prevent this, including your recommendations.

P.S. Glad to hear Win11Debloat worked well for you!