Windows 10: MSE Detecting MpSigStub.exe As 'Severe' Threat

Today doing my usual weekly essential software updates I was surprised on my other PC which uses MSE to get a pop-up message soon after boot.


The MSE tray icon went red and reported a 'Severe' rated threat that required action including a full system scan to clean up the PC. The 'threat' detected was stated as suspicious behaviour by:-


C:\Windows\System32\MpSigStub.exe


I elected to quarantine using the offered options and then did the required full system scan. All good, 'threat' dealt with.


Because that PC hasn't been used for a week I began thinking about how this alleged malware had got onto it as the last downloads/browsing I'd done was the weekly maintenance updates which include, as always, a quick system scan by MSE and two anti-malware programs I use for on demand scanning.


That MpSigStub.exe is actually the: Microsoft Malware Protection Signature Update Stub which is used by and updated as part of MS's anti-malware protection features. That means Defender and MSE. I've also read that even on PCs not using either ie. other anti-virus programs, it is still regularly updated.


So I checked another PC, with a very similar set up but using other AV protection and, yes, there it is sitting in the System32 folder. I checked it under previous versions and it had updated.................................yesterday when I'd been doing my weekly maintenance on that PC.


The conclusion I've had to come to is that MSE has detected part of its own protection system being updated as the 'severe' threat.


As said the MpSigStub.exe is now quarantined so is not in System32 any more but I assume will still be doing what it is supposed to do. That is if it is the genuine one and not some alleged malware replacement, as claimed in the hysterical AV/MW web site posts you find about any computer problems.


The question is how do I deal with this now? Is it a false positive? If so how do I create an exception so this doesn't happen again the next time it updates as it is going to do at some point?

:)

 

Severe threat detected

I need help I do not know what to do next can someone please help me Windows Defender found a severe threat I send file to Windows Defender team for evaluating, and I got a message today said it is a Severe threat ::::: ( Backdoor:Win32/Floxif ) the
Alert Level Status is SEVERE to remove it immediately, But I have know clue how to do this and make my computer safe please help me

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

PUP Threats Detected By Malwarebytes

Check your list of installed programs and remove any toolbars. Run MBAM again, including rootkit detection, and do a full scan of all your hard drives, not just a Threat scan. Then, reset your Chrome browser.