![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 42%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
8,330 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Powershell.sys? That would seem to indicate a kernel driver that has something to do with Powershell. AFAIK there is no such file or feature in Powershell. Powershell is .NET based so running it in kernel doesn't even make sense anyway.
The only online references to such a file I can find is related to installing Marvel Rivals. It appears that the game uses Powershell and it uses a kernel driver, this file, to do something. That isn't an MS product.
I did a quick grep on 2 different systems with the latest PS installed and they don't have that file either. I install PS using WinGet but I don't know that it matters how you installed it.
Can you confirm that this file was actually installed by Powershell? Can you confirm it is digitally signed by Microsoft? Can you look at the path to the file and confirm it is in a path of an MS product (most of the time it is in C:\windows\system32\drivers)?
My gut instinct is that your AV may be right. Either that or somebody is installing a game on their PC.