I had been using powershell script attached with this for quite a long time. Now windows security is deleting that file as virus. Any suggestion what it finds as security threat?
When I try to exclude that file I get msg as below
There is nothing wrong with the script which is used to download data from stock exchange.
The reason why it might flag it, is because of a download of zip file.
However all downloads are from HTTPS enabled national stock exchange:
https://www.nseindia.com
Another issue is that there is no signature in the script, if you download the script from untrusted sources,
make sure to verify code after script update before using it.
Otherwise feel free to add the script to defender exclusion list, here is how:
https://support.microsoft.com/en-us/...ndows-security
If the script is part of another program, be careful, because other program might change it's contents which is always suspicious, and since there is no signature you'll never know if something happens.
Please share the link, from where you downloaded this script?
Thanks for the response. Powershell script was made by me to download data and select needed data fro the download and arrange it in files for further use. Upto 9th Oct, no warning was there. Only yesterday, I got warning while using it and it was deleted also by defender. I have used it after switchinf of realtime protection. After usage I turned on real time protection. Is there any chance to know why this script is recognised as virus. How to rectify it?
By chance, Defender doesn't recognize "signed certificate" or other credentials?Powershell script was made by me
Add or Remove Windows Defender Exclusions - TenForumsTutorials
I posted your diagram in the tutorial thread with a request that anybody who has seen it before comes here to advise you.
Before trying to exclude the file, you went through the Restore & then Allow procedures in WD, Protection history?
- That's what I did on the only exclusion I have added and I assumed it was essential.
- The tutorial doesn't agree with me though [and I found another TenForums thread that also makes no mention of having to do the Restore, Allow first]. So my assumption was wrong.
- You might still like to try Restore and/or Allow to see if it then lets you Exclude it
This is a related tutorial View Protection History of Microsoft Defender Antivirus - TenForumsTutorials
Denis
Last edited by Try3; 12 Oct 2020 at 22:20.
Thanks to all who helped me. Finally I could add the file to exclusion today. problem is sidelined. When I tried for exclusion, same method failed me. This script was working ie downloading zip file till 9th Oct. Only on 12 th oct problem of virus started. Still reason unknown.
Glad the exclusion was resolved.
How did you manage to do the exclusion in the end? Posting this could help others.
The reason WD detected it as a threat will remain unknown. WD has been picking up two of my scripts recently as well even though they've been in use for more than a year.
- One is a vbs script that monitors power and changes my title bar colour if I switch to battery. I have excluded that.
- The other is a shortcut [a .lnk] to a batch file that copies a specific folder across my home network. WD has never picked up the batch file itself, only its .lnk. It currently looks as though my tenth attempt to Restore-Allow has resolved this problem without having to add another exclusion.
I noticed the folder path in your diagram. I created a C:\Tools folder [and a set of subfolders] for my scripts and applied permissions that match those used for Program Files - any changes need Admin permission so I cannot accidentally edit a tool & hackers would have a harder time trying to infect them.
- I have UAC at its highest setting.
- I have a set of subfolders within C:\Tools so I can organise them all sensibly. Just for example, I might put one like your download tool into C:\Tools\Finance and my vbs script into C:\Tools\Power
Setting my Permissions on my scripts folder
1 Create folder C:\Tools
2 Properties, Security, Advanced
3 Disable inheritance, Confirm convert them into explicit permissions
4 Edit - Authenticated users, Read & execute - Apply
{this sets Read & execute, List folder contents and Read}
{check Users is also Read & execute, as I would expect it to be}
5 Owner, Change - Administrators [note the plural]
6 Replace owner on subcontainers & objects
- Just like with Program files folders, the Admin permission needed to copy a new version into place applies only to that occasion - the permission does not persist & needs to be repeated for future changes.
- The subfolders I later create within C:\Tools inherit these Permissions from C:\Tools itself so I only need to set Permissions once.
I use a separate subfolder for each Tool/script to give me half a chance of not getting completely lost.
I write & amend my scripts in a separate drafting folder and copying them into C:\Tools becomes, in effect, the act of publication.
All the best,
Denis
Last edited by Try3; 03 Nov 2020 at 04:42.
Try3
Thanks for advice.
I tried exclusion both times in same way. First day failed and shown as in first post. Yesterday it worked. No difference in way.
I have a similar setup for utilities...I have each utility in a subfolder of Utilities. My Utilities folder only contains apps that I've downloaded & installed. However, I'm wondering if I should use your method on my Utilities folder. I doubt that my system is as secure as yours.- I have UAC at its highest setting.
- I have a set of subfolders within C:\Tools so I can organise them all sensibly. Just for example, I might put one like your download tool into C:\Tools\Finance and my vbs script into C:\Tools\Power
Setting my Permissions on my scripts folder
1 Create folder C:\Tools
2 Properties, Security, Advanced
3 Disable inheritance, Confirm convert them into explicit permissions
4 Edit - Authenticated users, Read & execute - Apply
{this sets Read & execute, List folder contents and Read}
{check Users is also Read & execute, as I would expect it to be}
5 Owner, Change - Administrators [note the plural]
6 Replace owner on subcontainers & objects
- Just like with Program files folders, the Admin permission needed to copy a new version into place applies only to that occasion - the permission does not persist & needs to be repeated for future changes.
- The subfolders I later create within C:\Tools inherit these Permissions from C:\Tools itself so I only need to set Permissions once.
I use a separate subfolder for each Tool/script to give me half a chance of not getting completely lost.
I write & amend my scripts in a separate drafting folder and copying them into C:\Tools becomes, in effect, the act of publication.
All the best,
Denis
1. Because I kept getting so many notifications whenever I would start a program or app, I set my UAC to Never.
2. If I change the permissions to match the ones you have for Tools, will I have trouble updating those apps?
Thanks again for all your advice!
Quote
