New Windows Defender


  1. Posts : 429
    Windows 10 Pro 64 bit
       #1

    New Windows Defender


    I cant get the new WD Security Center to scan just one file like the old one did.
      My Computers


  2. Posts : 27,166
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #2

    New Windows Defender-image-003.png
      My Computers


  3. Posts : 429
    Windows 10 Pro 64 bit
    Thread Starter
       #3

    That doesn't work. This is what I get when I R click and choose Scan with WD.
    New Windows Defender-wde1.png
    New Windows Defender-wde2.png
      My Computers


  4. Posts : 7,254
    Windows 10 Pro 64-bit
       #4

    It ends up at that screen after doing the file scan. It could be made clearer what's happening in my view.
      My Computers


  5. Posts : 68,679
    64-bit Windows 11 Pro for Workstations
       #5

    Hey Clint, :)

    In your "Windows Defender Security Center" screenshot, it shows 0 threats found in the 2 files scanned from what you right clicked on.


    If you like, you might see if the context menu in Option Two of the tutorial below may work better for you for this.

    Scan with Windows Defender Context Menu - Add in Windows 10 - Windows 10 Customization Tutorials
      My Computers


  6. Posts : 429
    Windows 10 Pro 64 bit
    Thread Starter
       #6

    Brink said:
    Hey Clint, :)

    In your "Windows Defender Security Center" screenshot, it shows 0 threats found in the 2 files scanned from what you right clicked on.


    If you like, you might see if the context menu in Option Two of the tutorial below may work better for you for this.

    Scan with Windows Defender Context Menu - Add in Windows 10 - Windows 10 Customization Tutorials
    Brink, I get that screen on every file that I try to scan. It always shows 2 files. I download the reg file in option 2 It does the same.
      My Computers


  7. Posts : 31,480
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #7

    Clint said:
    I get that screen on every file that I try to scan. It always shows 2 files...
    I've tried a Defender scan on various files, including a .png (1 file scanned), .txt (1), Add_Scan_with_Windows_Defender-UI.reg (3) and Reset_Microsoft_Edge.zip from this tutorial (3). That last one is informative, because if I extract the .ps1 file it contains and scan that it then says 2 files were scanned.

    The number of 'files' scanned seems to depend on what Defender finds looking inside the file, and what else may need to be scanned as a consequence. In the case of the zip v. extracted file, the zip container would be the one extra file in the first scan. Typically Defender will individually scan every file packed inside a .exe that is a Setup package.

    Exactly what type of file are you trying to scan?



    Edit: I have just restored the 1607 image for my test machine (System Two in my 'specs') and scanned the same 'Reset_Microsoft_Edge.zip' as above. This said 2 items for the .zip file, one when scanning the extracted .ps1.

    It may be that the Creators' Defender has new functions to scan 'system' related items if found in such text-based files.
    Last edited by Bree; 15 Apr 2017 at 21:36. Reason: Additional test.
      My Computers


  8. Posts : 1,079
    10 + Linux
       #8

    Works fine here Clint and never seen this bug + not able to reproduce it. See if the old user interface may cause this, never know? In Task Manager/Details/MSASCuiL.exe/End task/End Process.

    Regards,
      My Computer


  9. Posts : 31,480
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #9

    @Clint, I have a full explanation of 'why' (it is actually correct behaviour) and a simple 'how' that will fix it.

    On my Creators Update the old and the new UI show the same number 'two' with a custom scan of a folder containing the single file Reset_Microsoft_Edge.ps1

    New Windows Defender-scan-1703.png


    However, I have discovered how to turn this file into a file that Defender sees as only being one file/item. The clue was when I copied to a USB to scan it on another machine, the copy only scanned as one item - even when copied back to the original machine. This was because the file was no longer marked as 'This file came from another computer and may be blocked to help protect this computer'.

    The way a file is blocked is that it has a Zone Identifier recorded in an alternate data stream. This is an independent data stream alongside the file contents data. Alternate data streams have been a feature of the ntfs file system since XP. You can read it with the Streams utility from Sysinternals.

    Code:
    C:\TEMP>streams Reset_Microsoft_Edge.ps1
    
    Streams v1.56 - Enumerate alternate NTFS data streams
    Copyright (C) 1999-2007 Mark Russinovich
    Sysinternals - www.sysinternals.com
    
    C:\TEMP\Reset_Microsoft_Edge.ps1:
       :Zone.Identifier:$DATA       72


    Defender was quite correct in saying it had scanned two files - the first was the content of the file and the second was the alternate data stream.

    Copying this 'blocked' file to an ntfs formatted USB and scanning it with Defender on a 1607 PC again shows two items were scanned. This is not a new feature or bug. It is correct behaviour and has always been that way.

    Bottom line: All 'blocked' files will have two items for Defender to scan. You can remove the second by unblocking the file.
    Last edited by Bree; 16 Apr 2017 at 20:02.
      My Computers


  10. Posts : 429
    Windows 10 Pro 64 bit
    Thread Starter
       #10

    Well, I guess every thing is alright then. Thanks to all that replied. I will mark it solved.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:14.
Find Us




Windows 10 Forums