Windows Defender Virus Test Failure

Page 1 of 2 12 LastLast
  1.    #1

    Windows Defender Virus Test Failure


    I saw this post on the forum to this web site to test whether Defender is correctly configured https://demo.wd.microsoft.com/

    My laptop appears to be correctly configured bit doesn't block the test downloads for Cloud Delivered Protection and Block at First Sight. My desktop PC does block these files.

    Is there a way of resetting Defender short of doing a clean install to ensure that the virus protection is correctly configured?

    Do you find that Defender doesn't block the above test files?
      My ComputersSystem Spec

  2. Bree's Avatar
    Posts : 11,403
    10 Home x64 (1903) (10 Pro on 2nd pc)
       #2

    Steve C said: View Post
    ...My laptop appears to be correctly configured bit doesn't block the test downloads for Cloud Delivered Protection and Block at First Sight... ...Do you find that Defender doesn't block the above test files?
    What I see depends on which browser I use, only IE or Edge show the SmartScreen message...

    Click image for larger version. 

Name:	image.png 
Views:	1 
Size:	27.1 KB 
ID:	232181


    ...for a browser like Firefox that doesn't use SmartScreen then I get an action centre notification of detection. Either way, validatecloud.exe is detected and blocked.

    Click image for larger version. 

Name:	image.png 
Views:	1 
Size:	67.1 KB 
ID:	232184
      My ComputersSystem Spec

  3.    #3

    I found Edge blocks validatecloud.exe but both Edge and Chrome allow download of the Block at First test file wdtestfile.exe
      My ComputersSystem Spec

  4.    #4

    For Block at First Sight to work you need have it set in Group Policy.
      My ComputerSystem Spec


  5. Posts : 162
    Windows 10 Pro, Version 1903
       #5

    win10freak said: View Post
    For Block at First Sight to work you need have it set in Group Policy.
    It works for me, and I don't have it set in Group Policy.

    You just need Real-time protection, Cloud-delivered protection and Automatic sample submission to be turned on at Settings, Update & Security, Windows Security, Virus & threat protection, Manage settings.

    All three of those are on by default: To Turn On Block at First Sight Cloud Protection in Windows Defender
      My ComputerSystem Spec

  6.    #6

    NMI said: View Post
    It works for me, and I don't have it set in Group Policy.

    You just need Real-time protection, Cloud-delivered protection and Automatic sample submission to be turned on at Settings, Update & Security, Windows Security, Virus & threat protection, Manage settings.

    All three of those are on by default: To Turn On Block at First Sight Cloud Protection in Windows Defender
    I have those set as default but the feature doesn't work against the test file I posted.

    These files are allowed to be downloaded but are stopped by SmartScreen of you try to run them. Running a Defender check on the files does not trigger a virus alert. Defender does quarantine the standard EICAR test virus.

    wdtestfile.exe
    wdtestfile.exe

    Are the MS test files in post 1 valid or is there something strange in my PC installation?
    Last edited by Steve C; 30 Apr 2019 at 16:45.
      My ComputersSystem Spec



  7. Posts : 162
    Windows 10 Pro, Version 1903
       #7

    Steve C said: View Post
    I found Edge blocks validatecloud.exe but both Edge and Chrome allow download of the Block at First test file wdtestfile.exe
    Steve C said: View Post
    I have those set as default but the feature doesn't work against the test file I posted.
    These files are allowed to be downloaded but are stopped by SmartScreen of you try to run them. Running a Defender check on the files does not trigger a virus alert.
    I agree with your findings.

    Sorry if I misled by saying, "It works for me ...".

    But I don't believe any Group Policy settings are required for "block at first sight" to work:

    Confirm block at first sight is enabled with the Windows Security app

    You can confirm that block at first sight is enabled in Windows Settings.
    Block at first sight is automatically enabled as long as Cloud-based protection and Automatic sample submission are both turned on.

    Enable Block at first sight
    Last edited by NMI; 01 May 2019 at 00:00.
      My ComputerSystem Spec

  8.    #8

    NMI said: View Post
    I agree with your findings.

    Sorry if I misled by saying, "It works for me ...".

    But I don't believe any Group Policy settings are required for "block at first sight" to work:

    Confirm block at first sight is enabled with the Windows Security app

    You can confirm that block at first sight is enabled in Windows Settings.
    Block at first sight is automatically enabled as long as Cloud-based protection and Automatic sample submission are both turned on.

    Enable Block at first sight
    I followed the test link and validatecloud.exe is downloaded without being quarantined. It is blocked if I try to run it. Defender is correctly configured in Settings. I made the settings in Group Policy as stated in the link but the same behaviour persists after a restart.
    Last edited by Steve C; 01 May 2019 at 02:32.
      My ComputersSystem Spec


  9. Posts : 162
    Windows 10 Pro, Version 1903
       #9

    Steve C said: View Post
    I followed the test link and validatecloud.exe is downloaded without being quarantined. It is blocked if I try to run it. Defender is correctly configured in Settings. I made the settings in Group Policy as stated in the link but the same behaviour persists after a restart.
    I thought you had said in post #3 that validatecloud.exe was correctly blocked. You don't mean wdtestfile.exe is still not blocked?

    I presume you found the necessary path for "C:\Program Files\Windows Defender\MpCmdRun" -ValidateMapsConnection ?

    And just to confirm how you started this thread; everything works as expected on you desktop PC but not on your laptop?
      My ComputerSystem Spec

  10.    #10

    NMI said: View Post
    I thought you had said in post #3 that validatecloud.exe was correctly blocked. You don't mean wdtestfile.exe is still not blocked?

    I presume you found the necessary path for "C:\Program Files\Windows Defender\MpCmdRun" -ValidateMapsConnection ?

    And just to confirm how you started this thread; everything works as expected on you desktop PC but not on your laptop?
    Yes, I eventually found the correct path for the MpCmdRun command.

    The behaviour is different in Chrome & Edge on my laptop. Chrome allows download of validatecloud.exe but the file is blocked by Smartscreen if you try to open it. Edge blocks the download using Smartscreen. My desktop PC quarantines the file on download using Chrome. I don't understand the different behaviour despite both PCs running the latest version of 1809 and having Defender configured the same way.
      My ComputersSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Windows defender -- virus threat protection -- won't restart in AntiVirus, Firewalls and System Security
How does one fix this problem? Windows security virus and threat protection says it needs to be restarted. However, when an attempt is made to restart it, it reports, "Unexpected error. Sorry we ran into a problem. Please try again." Trying...
Windows Defender and anti-virus softwarea in AntiVirus, Firewalls and System Security
If I have a strong, constantly updated anti-virus software installed on my laptop, do I need Windows Defender? Should/can I turn it off? It seems like overkill. Thanks in advance.
Windows defender with 100% protection in December 2017 AV-test in AntiVirus, Firewalls and System Security
Windows defender performed great in Latest AV-test.org test of AV solutions for Windows Home users, achieving 100% for protection. Performance impact is about average, false positives are not so great... 174678 :arrow: www.av-test.org |...
i had a virus on my pc and i got it out but my windows defender is damaged. i already did all the scans like sfc and removed the virus but i cant re enable the windows defender, i just get 0x800700aa.
Read more: Windows Defender improves, rises above nearly half the competition in new antivirus test See also: Test antivirus software for Windows 10 - October 2015 | AV-TEST
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 07:59.
Find Us