Windows defender false positive - forced to allow threat

Page 3 of 4 FirstFirst 1234 LastLast

  1. NMI
    Posts : 1,095
    Windows 11 Pro, Version 22H2
       #21

    mb1280 said:
    That site has many affiliate links to paid antivirus products.

    It's not likely to recommend free default security as sufficient.

    There are many such sites around pretending to be independent.
      My Computer


  2. Posts : 31,498
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #22

    NMI said:
    That site has many affiliate links to paid antivirus products.
    It's not likely to recommend free default security as sufficient.
    There are many such sites around pretending to be independent.
    Well, at least they're open about it - at the bottom of the page....

    BestAntivirusPro reviews products independently, but we may earn commissions if you make a purchase using an affiliate link on our website (no additional cost to you).
      My Computers


  3. Posts : 41,424
    windows 10 professional version 1607 build 14393.969 64 bit
       #23

    Many years ago there were false positives for Windows Defender.
    Malwrebytes, and many portable AV software were used for comparison.
    Microsoft feedback was used as well as telephone and chat.
    It took a very long time for Microsoft to modify the Windows defender database.
    There was a Microsoft affiliated person on Technet that was able to get a quick fix.
    So for the long term it may be an option.
      My Computer


  4. Posts : 16,821
    Windows 10 Home x64 Version 22H2 Build 19045.4170
    Thread Starter
       #24

    Try3 said:
    I completed development of my PSCustomMsgBox and would not consider going back to the hta version anyway.



    I can call this from my batch file scripts and from VBA. The caller customises it with the required title, text, number of buttons, button labels, colour scheme, audio announcement & time onscreen.
    Denis
      My Computer


  5. Posts : 87
    Windows 10 Pro 64-bit
       #25

    Ok, now I see why you say Win Defender is good, because it gets a 666:

    The best Windows antivirus software for home users . . . Test antivirus software for Windows 10 - June 2019 | AV-TEST

    I think I'll start using it now, over Avast, because that Fuery.C!cl looks like a legitimate catch, and nothing I've been running caught it.

    But, how do I tell if I have Win Defender "Version" 4.18? I don't see that anywhere . . . I see how - here are my notes (below)

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    I should probably check how the AV program I'm using rates, once per year . . . and, reset my Win Firewall to Default settings

    Weekly, run: Win Defender, Malwarebytes, ADWCleaner

    Do I need to manually update Win Defender before a scan, or does it automatically do that? No way to tell.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    When I install a program, I usually disable all Startups through CCleaner, and non-MS Programs through msconfig

    I went to try disabling these in msconfig for Win Defender, but it re-checks them:

    Windows Defender Advanced Threat Protection Service
    Windows Defender Antivirus Network Inspection Service
    Windows Defender Antivirus Service

    Any idea how to Disable Win Defender, or should I just not worry about this with Win Defender?

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Where are windows 10 defender offline scan logs/results? . . . log files - Where are windows 10 defender offline scan logs/results? - Server Fault

    Right-click on the Start button / Event Viewer

    Applications and Services Logs / Microsoft / Windows / Windows Defender / Operational

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    What virus did it catch?

    See . . . Level / "Warning" . . . most are "Information"

    It is Detected, and then Removed

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    What Version is it? . . . Click into the most recent "Information" Event to see:

    09/12/19

    Platform version: 4.18.1907.4
    Engine version: 1.1.16300.1
    Network Realtime Inspection engine version: 1.1.16300.1
    Antivirus security intelligence version: 1.301.1099.0
    Antispyware security intelligence version: 1.301.1099.0
    Network Realtime Inspection security intelligence version: 1.301.1099.0

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Commands to Restore - Copy and paste into an Admin Command prompt

    cd "%ProgramFiles%\Windows Defender"
    cls
    mpcmdrun.exe /?

    C:\Program Files\Windows Defender>

    MpCmdRun.exe -RemoveDefinitions -All
    MpCmdRun.exe -RemoveDefinitions -Engine
    MpCmdRun.exe -SignatureUpdate -MMPC

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      My Computer


  6. Posts : 16,821
    Windows 10 Home x64 Version 22H2 Build 19045.4170
    Thread Starter
       #26

    WD is updated by WU. You do not have to take any action yourself.

    You can get the WD version through the UI but do not need to normally.
    WD, Settings [in the UI's bottom-left corner], About
    Antimalware Client Version - WD version
    Antivirus Version - WD definitions version

    I have no idea why you are talking about disabling things.

    There is also a log in %UserProfile%\AppData\Local\Temp\MpCmdRun.log

    Denis
      My Computer


  7. Posts : 915
    Windows 10 Pro 64bit 22H2 19045.3324
       #27

    Try3 said:
    There is also a log in %UserProfile%\AppData\Local\Temp\MpCmdRun.log
    I had not known about this, it's extremely convenient and helpful, thanks!
      My Computers


  8. NMI
    Posts : 1,095
    Windows 11 Pro, Version 22H2
       #28

    Try3 said:
    There is also a log in %UserProfile%\AppData\Local\Temp\MpCmdRun.log
    Doesn't that only apply when Windows Defender is run from the Command Prompt?
      My Computer


  9. Posts : 915
    Windows 10 Pro 64bit 22H2 19045.3324
       #29

    NMI said:
    Doesn't that only apply when Windows Defender is run from the Command Prompt?
    Yes, now that you mention it. I'm only seeing logs of my scheduled tasks. While still convenient, not AS helpful... ;o/
      My Computers


  10. Posts : 87
    Windows 10 Pro 64-bit
       #30

    . . . no idea why you are talking about disabling things

    When I install a new program, it's a good idea to disable your AV, so that there's no conflict.

    Maybe I have to go into services.msc . . . Stop the three of them there, first . . . Then do a Restart

    Apparently, they don't think it's a good idea that you should be able to do this through msconfig / Services

    - - - Updated - - -

    THIS LOOKS GOOD
    Microsoft Windows Defender 4.18 for Windows 10 (192315) | AV-TEST . . . 06/19 . . . Protection, Performance, Usability . . . WD scores the highest score in all three categories . . . https://www.av-test.org/en/antivirus/home-windows/windows-10/june-2019/microsoft-windows-defender-4.18-192315/

    PHISHING? SMART SCREEN? I CAN HANDLE THE TASK SCHEDULER
    Microsoft Windows Defender Security Center Review & Rating | PCMag.com . . . 08/20/19 . . . Poor results in phishing protection test. Awkward scan scheduling. SmartScreen Filter works only in Microsoft browsers . . . https://www.pcmag.com/review/171496/microsoft-windows-defender-security-center

    THE SMART SCREEN DOESN'T LOOK LIKE AN ISSUE
    How the SmartScreen Filter Works in Windows 8 and 10 . . . 05/10/17 . . . This operating system level protection works no matter where the application or file comes from. So, if you download an application in Google Chrome, Google’s Safe Browsing service will check if the application is safe. Then, when you try to run it, Windows SmartScreen will check if the application is safe. If that’s all good, Windows Defender or whatever other antivirus you have installed will check whether the application is dangerous. SmartScreen is just another layer of protection . . . On Windows 10, SmartScreen also blocks malicious websites and downloads in Microsoft Edge and Windows Store apps, just as the Google Safe Browsing service blocks access to dangerous websites in Chrome and Firefox . . . Settings / Update & Security / Windows Security / App & browser control . . . [Warn] Check apps and files . . . [Warn] SmartScreen for Microsoft Edge . . . [Warn] SmartScreen for Microsoft Store apps . . . {SmartScreen Filter works only in Microsoft browsers? According to this article, no, it provides OS level protection . . . So what about Poor results in phishing protection test?} . . . https://www.howtogeek.com/123938/htg-explains-how-the-smartscreen-filter-works-in-windows-8/

    BUT, WD DOES NOT DO WELL HERE, AND ISN'T EVEN LISTED AS A CONTENDER
    AMTSO org - Security Features Check . . . 06/14/14 On one of these tests, it has you test a file download. After you see that your AV program rejects it, in Firefox at least, go to where it shows you your downloads, and click to cancel that download, otherwise, it keeps trying to download it . . . https://www.amtso.org/security-features-check/

    - - - - - - - - - - - - - - - - - - - - - -

    09/13/19 WD was Slow or Failed some of these AMTSO tests . . . I currently think that WD might be just good for a second opinion, once per year . . . Go back to Avast - (from memory) Avast aborts the download of malware, before it happens - it never even reaches your SSD

    - - - - - - - - - - - - - - - - - - - - - -

    I run a WD Full Scan - and it can't remove the AMTSO fake EICAR?

    - - - - - - - - - - - - - - - - - - - - - -

    What if I do a WD offline scan?

    Right-click on the Start button / Event Viewer

    Applications and Services Logs / Microsoft / Windows / Windows Defender / Operational

    right-click on Operational / Filter Current Log /
    . . . check: Critical and Warning (to see what it caught)
    . . . do not check Critical and Warning, if you want to see where it shows "Removed"

    WD indicates that it removed them

    - - - - - - - - - - - - - - - - - - - - - -

    I run another WD Full Scan . . . and no threats are found.

    - - - - - - - - - - - - - - - - - - - - - -

    09/13/19 I re-install Avast Free, and run a Full Scan

    It found the AMTSO fake EICAR . . . please see attached screenshots

    Threat: EICAR Test-NOT virus!!!
    Move to Virus Chest
    Action successful

    - - - - - - - - - - - - - - - - - - - - - -

    I'll give the Win Defender submission page the AMTSO link. Maybe they can improve.

    - - - - - - - - - - - - - - - - - - - - - -
    Attached Thumbnails Attached Thumbnails Windows defender false positive - forced to allow threat-2019-09-13-20.07.36.jpg   Windows defender false positive - forced to allow threat-2019-09-13-20.12.41.jpg  
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:30.
Find Us




Windows 10 Forums