Windows 10: Is this a false alarm, or legitimate threat? I checked updates, and updated Windows...

submitted by /u/Ninetales7700
[link] [comments]

:)

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

False Alarm Tracking System

I'm doing some work for a security company that monitors alarm systems. They are currently using an ancient piece of software that tracks false alarms.

Basically, ever time there is a false alarm it is entered into the system, each one is entered manually so it doesn't have to interface with another piece of software or anything. When the person gets their 3rd false alarm the software automatically flags the person and spits out a $35 invoice so it can be sent to the person. Every false alarm after that the system generates another $35 invoice and tracks the persons balance as well. Then on January 1 the number of false alarms are reset to 0 and the process starts over, but obviously their balance is kept if they haven't paid it.

I'm looking to replace this old program with something that will actually run in Windows 7/8, right now they have to use XPMode to run it and it barely runs under that.

Anyone know of anything free of paid that could do this?

 

Minor suggestion for Check for updates

No, I know that. Exactly where I suggest this to be changed, please note.
Sorry for not being clear.

The Check for updates small window currently does not show what I ask to be added - program version. Please consider adding this. Many other programs have this, so I suggest for GPU-Z to have it too.