New
#1
Windows Defender detection within WinSxS yesterday - false positive?
As per the subject line: Defender just casually told me yesterday evening that WindowsExplorer.adml within C:\Windows\WinSxS\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_10.0.18362.1_pl-pl_954343e68e282099 has been removed as it allegedly contains HackTool:JS/Revobfoos.A
This is obviously nonsense - this file has been put there by OS back in the end of Jul (according to its date/time stamp) and I dutifully just restored it.
I did this file check today again and Defender is okay with it. I also checked with other scanners (as I do weekly) and all is well.
There is similar file under C:\Windows\WinSxS\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_10.0.18362.1_en-us_95faf8061ffdb6de with the same date/time stamp.
So, any ideas? Or - as I suspect - false positive? But scary thing is that removal was just so casual and it was only because I habitually check contents of notifications, I spotted it.
I can share this file should somebody want to take a look?
What is this file by the way?
--
ARGH! Can you please move to AntiVirus, Firewalls and System Security section where it should belong?
Last edited by krzemien; 21 Dec 2019 at 15:16. Reason: Additional Information Added