Windows Defender - Ransomware - Onedrive


  1. Eagle51
    Posts : 1,471
    Win10 Home x64 - 1809
       New #1

    Windows Defender - Ransomware - Onedrive


    Anyone else seen this ... just showed up on my desktop today after a reboot. WDSC under Virus & Threat Protection it had Setup One Drive or Dismiss. I clicked Setup One Drive (which is already setup) ... just to see what it was and all it did was ask me to sign in to One Drive.
    Windows Defender - Ransomware - Onedrive-wd-ransomware.png

    Note:
    1. One Drive did update a couple days ago.
    2. Both Desktop and Laptop (see specs) have the same version of One Drive (18.091.0506.0006).
    3. Have not seen this on my Laptop.
    4. I don't have Office 365 or Office of any kind on either PC (if it matters).
    5. This is the regular One Drive program, NOT the store app.

    Edit: Did a little digging and on my desktop in AppData\Local\Microsoft\OneDrive\settings and logs it has a Business1 folder. Laptop doesn't have that folder.
      My Computers
    Quote Quote

  3. Eagle51
    Posts : 1,471
    Win10 Home x64 - 1809
    Thread Starter
       New #2

    I'm wonder if the WD being slow to load on boot (i.e. Virus & Threat Protection and Firewall & Network Protection - Getting Protection Info... ) has anything to do with this new (it's new to me) OneDrive Ransomware Data Protection. Clicking Dismiss does nothing, but closing and reopening WDSC the following does disappear.
    Windows Defender - Ransomware - Onedrive-wd-ransonmware1.png
      My Computers
    Quote Quote

  4. Eagle51
    Posts : 1,471
    Win10 Home x64 - 1809
    Thread Starter
       New #3

    Just an observation ...

    OneDrive updated today from 18.091.0506.0006 to 18.091.0506.0007 and for whatever reason it didn't copy/move the OneDrive.exe from C:\Users\USERNAME\AppData\Local\Microsoft\OneDrive\18.091.0506.0007 to C:\Users\USERNAME\AppData\Local\Microsoft\OneDrive and when this happens it doesn't clean up after itself (i.e. run the scheduled task to remove the old 18.091.0506.0006 folder. This also breaks the OneDrive shortcut location which points to C:\Users\USERNAME\AppData\Local\Microsoft\OneDrive\OneDrive.exe.

    I completed removed OneDrive from PC and rebooted and altho I still got the Getting Protection Info in WDSC, it only took a couple secs for it to get protection info vs the ~30+ secs it took with OneDrive installed and obviously I didn't get that setup OneDrive under Virus and Proctection, since OneDrive wasn't installed.

    Note: On the last two OneDrive updates it didn't copy/move the OneDrive.exe file ... on my desktop PC ...

    Update: So much for that idea ... on 2nd reboot it took ~30+ secs for the Getting Protection Info to go away.
    Last edited by Eagle51; 20 Jun 2018 at 16:47.
      My Computers
    Quote Quote

 

  Related Discussions
Microsoft Defender Ransomware Protection Block Powershell.exe
in AntiVirus, Firewalls and System Security

windows Defender block this App Protecd Folder: %system%\CatRoot -Chome.exe -MRT.exe -powershell.exe -takeown.exe ********** And *********** -mscorsvw.exe (windows Defender block this App Protecd Folder:%system%\config\systemprofile)...
Does Windows Defender include Anti ransomware?
in AntiVirus, Firewalls and System Security

Title says it all really. BTW I am not asking how well it does it? Just if it does it or not?
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 14:32.
Find Us




Windows 10 Forums