Windows 10: MSERT - how does it clear potentially infected files if the scan is running offline? I need...

Hi,I would like a verbose list of files that have been marked as suspicious by MSERT because even if the scan is running OFFLINE, it does not output any suspicious files, although it is unable to submit the files for further analysis. In the context of advanced malware for windows, it does not really help people to further investigate those files. Is there a way to output a file with this list or even a full list of scanned files where I can filter out the suspicious content? I have had Windows Defender tampering found a few times, am concerned that there is further malware to investigate, how

:)

 

MSERT reruns keep showing infected files

Hello!

I ran MSERT the first time and it showed 7 infected files, but at the end only one was listed as removed (VirTool:Win32/DefenderTamperingRestore).

I ran the MSERT twice after that (restarted my laptop after every run) and infected files number went up to 11 but it said no virus or spyware was detected. How could the infected file number increase but nothing is removed or quarantined? is there another method to scan for malware? I also turned on the Virus Threat Protection in my account and have a Virus Protection software that never detected the malware prior to the MSERT scan. how can i make sure my system is cleaned from malware?

thanks!

 

Microsoft Safety Scanner > Files Infected count

There's a bit of a UX problem with the scanner. As it is running it may encounter files that are suspected of being infected but indicate a count as: "Files Infected: XX"

This suggests the files are infected and apparently no list of these potentially infected files are provided.

1. Change the label to "Possible Infected Files"
   
2. Write to the msert log the list of possibly infected files for further review/action.
   

I say this as I let the tool run for over 3 hours, racking up over 20 "Files Infected". My computer was disconnected from the Internet during the scan. So I was surprised that the files in question were somehow "cleared" despite a lack of Internet connection.

From the log:

Results Summary:

----------------

No infection found.

Failed to submit MAPS report: 0x80072EE7

Failed to submit clean hearbeat MAPS report: 0x80072EE7

Microsoft Safety Scanner Finished On Sun Apr 30 13:20:56 2023

If the suspected files couldn't be submitted, then how were they cleared? Which files were suspected?

I appreciate the tool just cannot trust the results.

 

MSERT scanned 23 files infected, viruses/malware

If the Microsoft Safety Scanner shows clean (no detections found) when finished, then it's most likely that MSERT suspected a possible threat during the scan, displayed it as such (infected files) but determined the file(s) were not an actual confirmed threat(s) upon completion.

Keep in mind that Microsoft Safety Scanner (MSERT) is intended to be a supplement to an existing anti-virus program (not a replacement).