New
#1
New Windows Defender
I cant get the new WD Security Center to scan just one file like the old one did.
I cant get the new WD Security Center to scan just one file like the old one did.
It ends up at that screen after doing the file scan. It could be made clearer what's happening in my view.
Hey Clint, :)
In your "Windows Defender Security Center" screenshot, it shows 0 threats found in the 2 files scanned from what you right clicked on.
If you like, you might see if the context menu in Option Two of the tutorial below may work better for you for this.
Scan with Windows Defender Context Menu - Add in Windows 10 - Windows 10 Customization Tutorials
I've tried a Defender scan on various files, including a .png (1 file scanned), .txt (1), Add_Scan_with_Windows_Defender-UI.reg (3) and Reset_Microsoft_Edge.zip from this tutorial (3). That last one is informative, because if I extract the .ps1 file it contains and scan that it then says 2 files were scanned.
The number of 'files' scanned seems to depend on what Defender finds looking inside the file, and what else may need to be scanned as a consequence. In the case of the zip v. extracted file, the zip container would be the one extra file in the first scan. Typically Defender will individually scan every file packed inside a .exe that is a Setup package.
Exactly what type of file are you trying to scan?
Edit: I have just restored the 1607 image for my test machine (System Two in my 'specs') and scanned the same 'Reset_Microsoft_Edge.zip' as above. This said 2 items for the .zip file, one when scanning the extracted .ps1.
It may be that the Creators' Defender has new functions to scan 'system' related items if found in such text-based files.
Last edited by Bree; 15 Apr 2017 at 21:36. Reason: Additional test.
Works fine here Clint and never seen this bug + not able to reproduce it. See if the old user interface may cause this, never know? In Task Manager/Details/MSASCuiL.exe/End task/End Process.
Regards,
@Clint, I have a full explanation of 'why' (it is actually correct behaviour) and a simple 'how' that will fix it.
On my Creators Update the old and the new UI show the same number 'two' with a custom scan of a folder containing the single file Reset_Microsoft_Edge.ps1
However, I have discovered how to turn this file into a file that Defender sees as only being one file/item. The clue was when I copied to a USB to scan it on another machine, the copy only scanned as one item - even when copied back to the original machine. This was because the file was no longer marked as 'This file came from another computer and may be blocked to help protect this computer'.
The way a file is blocked is that it has a Zone Identifier recorded in an alternate data stream. This is an independent data stream alongside the file contents data. Alternate data streams have been a feature of the ntfs file system since XP. You can read it with the Streams utility from Sysinternals.
Code:C:\TEMP>streams Reset_Microsoft_Edge.ps1 Streams v1.56 - Enumerate alternate NTFS data streams Copyright (C) 1999-2007 Mark Russinovich Sysinternals - www.sysinternals.com C:\TEMP\Reset_Microsoft_Edge.ps1: :Zone.Identifier:$DATA 72
Defender was quite correct in saying it had scanned two files - the first was the content of the file and the second was the alternate data stream.
Copying this 'blocked' file to an ntfs formatted USB and scanning it with Defender on a 1607 PC again shows two items were scanned. This is not a new feature or bug. It is correct behaviour and has always been that way.
Bottom line: All 'blocked' files will have two items for Defender to scan. You can remove the second by unblocking the file.
Last edited by Bree; 16 Apr 2017 at 20:02.
Well, I guess every thing is alright then. Thanks to all that replied. I will mark it solved.