Windows 10: Possible False Positive?

Hello!

I've been trying to figure this out all day; on my desktop earlier today, Windows defender flagged a file associated with the Immersive Control Panel - 'Control Panel a.k.a. ControlPanel.settingcontent-ms' - as 'Trojan:O97M/DPlink.A' in my user files and in the 'Windows.Old' files (I'd just reformatted and updated to 1803 about two weeks ago). This seemed strange since I've only logged into my Gmail, Youtube and Amazon since last night and haven't downloaded anything or even opened up an email, so I really haven't been in a position to have been infected by anything. Also, I had scanned my computer with Windows Defender last night too, and nothing came up when I did that. Windows Defender had deleted the file, so I don't have it on my computer anymore to send, if you needed it. I've run a full scan on my laptop and my father's laptop as well; WIndows Defender flagged the same exact file in the same exact location as the same Trojan I named above each time. On VirusTotal, I've noticed that Microsoft (Windows Defender) is the only Antivirus/Antimalware that's flagging it as a malicious XML file, labeling it 'Trojan:O97M/DPlink.A' leading me to suspect that this is a false positive. After a whole day of scouring the internet, I wanted to ask the Microsoft Community if this is indeed a threat or is Windows Defender detecting a false positive?

On a side note, W.D. deleted the suspected file off my laptop as well, but I do have a screenshot of where it detected the suspected file; I'll attach it for reference. I do have the suspected file still on my father's laptop; windows defender is doing a full scan with the most recent virus definitions now as opposed to earlier today and the same file is not being flagged anymore. On all the machines I've scanned I ran a full scan with Malwarebytes Premium before running Windows Defender; Malwarebytes didn't detect anything on any computer during any scan, even when I had it select the exact file in question.



To summerize, I'm wanting to know if the file Windows Defender flagged is truly malicious or just a false positive? Given how my desktop and my laptop have deleted ControlPanel.settingcontent-ms from 'windows.immersivecontrolpanel_cw5n1h2txyewy' folder, will this cause permanent damage to my systems or will they still function properly? (I haven't noticed any problems yet)

Thank you for taking the time to read my lengthy message (especially on July 4th) and I hope to hear from you soon!

:)

 

Possible False Positive?

Quite possible that it is a false positive. There are reports of WD Flagging as malware which in turn it is not.

 

False positive for desktop shortcut scanner.lnk

The 1.239.488.0 virus / spyware definition update that rolled out about 24 hours ago appears to be producing a false positive for any shortcut placed on the desktop called "Scanner.lnk". I can consistently replicate a false positive for Trojan:Win32/FakeSysdef
with the following steps.

• Create a shortcut to an exe file.
• Place the shortcut on the desktop.
• Name the shortcut "Scanner".
• Run "Quick Scan".

I don't get the same result by directly scanning the file, nor by uploading the file to www.virustotal.com, so it would appear this is as a result of a heuristic rather than a file content analysis. I also don't get the same result with a shortcut that links
to a website.

Can anyone else replicate? How can we go about getting the Windows Defender team to reconsider this heuristic? It's a bit heavy-handed.

 

Questioning a false positive for a Windows Defender virus scan

Anytime you suspect a possible
false positive or you want a second opinion, submit it to one of the online services that analyzes suspicious files. There are also number of web resources (URL Link Scanners) which can be used to check suspicious/unfamiliar
sites or get second opinions.

• Comprehensive List of URL analyzers & services