Windows 10: New Windows Defender

I cant get the new WD Security Center to scan just one file like the old one did.

:)

 

Will Windows 10 NEW Version (April, 2017) have an improved version of Windows defender?

Windows Defender does catch most malware, however many do get through. Windows Defender constantly receives updates to its definitions. The new Windows Defender has a new user interface, but I do not believe the new Windows Defender has any major definition
update, other than the almost-daily updates as of currently.

 

Windows Defender Offline for Windows 10

FYI...

<QP>

Several new features and management options have been added to Windows Defender in Windows 10, version 1607. [For example,]

Windows Defender Offline in Windows 10 can be run directly from within Windows...

</QP>

Source:
https://technet.microsoft.com/en-us/itpro/windows/whats-new/whats-new-windows-10-version-1607#windows-defender

<QP>

In Windows 10 [1607], Windows Defender Offline can be run with one click directly from the Windows Defender client...

</QP>

Source:
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-offline

 

That doesn't work. This is what I get when I R click and choose Scan with WD.

 

It ends up at that screen after doing the file scan. It could be made clearer what's happening in my view.

 

Hey Clint, *Smile

In your "Windows Defender Security Center" screenshot, it shows 0 threats found in the 2 files scanned from what you right clicked on.


If you like, you might see if the context menu in Option Two of the tutorial below may work better for you for this.

Scan with Windows Defender Context Menu - Add in Windows 10 - Windows 10 Customization Tutorials

 

Brink, I get that screen on every file that I try to scan. It always shows 2 files. I download the reg file in option 2 It does the same.

 

I've tried a Defender scan on various files, including a .png (1 file scanned), .txt (1), Add_Scan_with_Windows_Defender-UI.reg (3) and Reset_Microsoft_Edge.zip from this tutorial (3). That last one is informative, because if I extract the .ps1 file it contains and scan that it then says 2 files were scanned.

The number of 'files' scanned seems to depend on what Defender finds looking inside the file, and what else may need to be scanned as a consequence. In the case of the zip v. extracted file, the zip container would be the one extra file in the first scan. Typically Defender will individually scan every file packed inside a .exe that is a Setup package.

Exactly what type of file are you trying to scan?



Edit: I have just restored the 1607 image for my test machine (System Two in my 'specs') and scanned the same 'Reset_Microsoft_Edge.zip' as above. This said 2 items for the .zip file, one when scanning the extracted .ps1.

It may be that the Creators' Defender has new functions to scan 'system' related items if found in such text-based files.

 

Works fine here Clint and never seen this bug + not able to reproduce it. See if the old user interface may cause this, never know? In Task Manager/Details/MSASCuiL.exe/End task/End Process.

Regards,

 

@Clint, I have a full explanation of 'why' (it is actually correct behaviour) and a simple 'how' that will fix it.

On my Creators Update the old and the new UI show the same number 'two' with a custom scan of a folder containing the single file Reset_Microsoft_Edge.ps1






However, I have discovered how to turn this file into a file that Defender sees as only being one file/item. The clue was when I copied to a USB to scan it on another machine, the copy only scanned as one item - even when copied back to the original machine. This was because the file was no longer marked as 'This file came from another computer and may be blocked to help protect this computer'.

The way a file is blocked is that it has a Zone Identifier recorded in an alternate data stream. This is an independent data stream alongside the file contents data. Alternate data streams have been a feature of the ntfs file system since XP. You can read it with the Streams utility from Sysinternals.

Code: C:\TEMP>streams Reset_Microsoft_Edge.ps1 Streams v1.56 - Enumerate alternate NTFS data streams Copyright (C) 1999-2007 Mark Russinovich Sysinternals - www.sysinternals.com C:\TEMP\Reset_Microsoft_Edge.ps1: :Zone.Identifier:$DATA 72[/quote]

Defender was quite correct in saying it had scanned two files - the first was the content of the file and the second was the alternate data stream.

Copying this 'blocked' file to an ntfs formatted USB and scanning it with Defender on a 1607 PC again shows two items were scanned. This is not a new feature or bug. It is correct behaviour and has always been that way.

Bottom line: All 'blocked' files will have two items for Defender to scan. You can remove the second by unblocking the file.

 

Well, I guess every thing is alright then. Thanks to all that replied. I will mark it solved.