Windows 10: False positive threats

I bought recently a new computer with Windows 11 pre-installed, I made all the necessary updates, installed my applications and finally downloaded Google drive, by the way I was thinking to switch back to OneDrive but Microsoft didn't as usual fix the damn cloud.Anyway, after getting everything ready, Windows Defender started to find Trojans in my google drive folder, precisely in the temporary folder "C:\Users\don't_have_enough_money_to_buy_mac\My Drive\.tmp.drivedownload", and it keeps warning me about them every time with a lot of notifications, any action I choose allow or remove will no

:)

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

Why does Windows Defender not understand "False Positive"?

Almost daily now, I've had to clear a "threat" from Defender's "actions needed" list on a specific program that is a false positive.

How do I make it work as expected?

 

Windows defender false positive - forced to allow threat

Thanks, I've noted the link for reference. WD still reports the hta as a trojan [it now calls it kovter.g].




I completed development of my PSCustomMsgBox and would not consider going back to the hta version anyway.





I can call this from my batch file scripts and from VBA. The caller customises it with the required title, text, number of buttons, button labels, colour scheme, audio announcement & time onscreen.

Denis