Windows 10: Allowed threats in Defender that i never added?

When I opened "allowed threats" in microsoft defender, a bunch of trojans appeared. I do not download anything sketchy online and manually allow them on defender, what could possibly explain this? Are these false positives?

Ex. Trojan:win32/ludicrouz.Z Trojan:win32/conteban.B!ml Trojan:win32/defenseevasion!rfn

submitted by /u/terr_terrible
[link] [comments]

:)

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

Windows Defender/Security - no option to "Allow" potential threats?

If you want to control what does defender do to threats you can do it trough GPO in the following location:

Computer configuration\Administrative templates\Windows components\Microsoft defender antivirus\Threats
Here configure option:
Specify threats upon which default action should not be taken when detected

Threats are categorized by level, you assign default action per threat level.

EDIT:
Btw. to open GPO (Local Group Policy) follow these steps:

1. click on start button
2. type: gpedit.msc
3. right click on gpedit.msc and run as Administrator

 

Is restoring a quarantined threat the same as allowing the threat?

My Windows defender scan reported a threat last week. I quarantined it. After a few days, I updated my defender virus definitions, restored the threat, and ran another scan (because I wanted to find out if it was a false positive). This new scan did not
report any threat.

However, under defender's threat history, allowed items, I see this threat listed. I do NOT want to allow the threat, just wanted to find out if the latest definitions would still reported the file as a threat. How should I do that? Thank you. I am using
windows 10.