Windows 10: Query Regarding Real Time Windows Defender Alert

Hi Alert,


I manage Antivirus for a company. We use Windows Defender AV. Our OS are Win 10 v1809.


I am getting alerts from machines, where I can see my user ID in the logs, but actually I didnt login those machine at the time of infection.


Alert:-


Detection timeUTC time: 4/26/2020 3:04:55 PM Malware file path: file:_C:\Users\mark.bowlin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\grammarly-keyboard-type-with-confidence_3014778243 1.exe;webfile:_C:\Users\mark.bowlin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\grammarly-keyboard-type-with-confidence_3014778243 1.exehttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fda0v0tn52hquw.cloudfront.net%2Fbes%257Cpid%3A10596%2CProcessStart%3A132323870943297946&data=02%7C01%7Cbalaji.shanmugavel%40capitalone.com%7C9ba54c461d874e42dc8f08d7e9f39f67%7C9e66e0b4768c4506a1b67e44c80595f2%7C0%7C0%7C637235104869506941&sdata=hMf1zUXuhNOubK5FGzn9nPreOQwLh%2Fja645pp3sKxa0%3D&reserved=0

Remediation action: Remove


Action status: Succeeded

If I decode the URL part in the log message I can get something like this:-

https://eur01.safelinks.protection.outlook.com/?url=https://da0v0tn52hquw.cloudfront.net/bes%7Cpid:10596,ProcessStart:132323870943297946&data=0201*** Email address is removed for privacy ***9ba54c461d874e42dc8f08d7e9f39f679e66e0b4768c4506a1b67e44c80595f200637235104869506941&sdata=hMf1zUXuhNOubK5FGzn9nPreOQwLh/ja645pp3sKxa0=&reserved=0

I can see similar alerts in multiple machines. Can you please explain what is going on?

:)

 

I can't turn on Windows Defender Real Time Protection

We appreciate your response. We suggest that you try to turn on Windows Defender Real Time Protection from a Hidden Administrator account. To enable Hidden Administrator, the following are the steps:

• Right-click on the Start button and select Command Prompt (Admin).
• In the command prompt, type in net user administrator /active:yes and press Enter.
• Log out and log back in using the Administrator account.

Let us know if you require further assistance.

 

real time protection in window defender

Hi,

Windows Defender is built-in to Windows 10. Turning on the Windows Defender will help to protect your PC by scanning for malware, viruses and security threats. It uses real-time protection to scan everything you download or run on your PC.

To turn Windows Defender real-time protection on, you can follow the steps below:

1. Click on the Start Menu and choose Settings.

2. In the Setting window, select Update and Security.

3. In Update and Security -> Windows Defender
-> Turn on Real-time protection. See screenshot below:





Regards.

 

Untable to Control Windows Defender Real-time Protection On/Off

Sometimes, we need to turn off Windows Defender Real-time protection. In my experience, this software may cause some error to run Android Emulator such as BigNox. It also slowing down my Android Studio. To disable Windows Defender Real-time protection, I
do these steps:

1. Run Windows PowerShell as administrator
2. execute set-mppreference -DisableRealtimeMonitoring 1

Windows PowerShell

Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> set-mppreference -DisableRealtimeMonitoring 1

PS C:\WINDOWS\system32>

In Windows registry it will create

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection -> DisableRealtimeMonitoring REG_DWORD 1

Tested on Windows 10 Version 10.0.17134 Build 17134

But, during my computer idle, windows always put Real-time protection on. It is so annoying. I want to control Real-time Protection manually.