Windows 10: Threat detected: VirTool:Win32/DefenderTamperingRestore

Discus and support Threat detected: VirTool:Win32/DefenderTamperingRestore in AntiVirus, Firewalls and System Security to solve the problem; Good evening. Today I did a scan with Microsoft Security Scanner and it found this virus and removed it. Threat detected:... Discussion in 'AntiVirus, Firewalls and System Security' started by the capitan, Sep 8, 2020.

  1. THE CAPITAN
    the capitan Win User

    Threat detected: VirTool:Win32/DefenderTamperingRestore


    Good evening.

    Today I did a scan with Microsoft Security Scanner and it found this virus and removed it.


    Threat detected: VirTool:Win32/DefenderTamperingRestore

    regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware

    SigSeq: 0x0000055555C57273


    Then I've done another scan with microsoft safety scanner, another with malwarebytes and another with kaspersky.

    They haven't found anything.


    I read here the description of the virus and it seems a false positive, linked with windows defender :

    https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=VirTool:Win32/DefenderTamperingRestore&ThreatID=2147741622

    If someone has experience with this threat can confirm that is a false positive or a real virus ?

    And if it's a real virus, or I have to do something else ?

    :)
     
    the capitan, Sep 8, 2020
    #1
  2. CHNEW
    ChNew Win User

    Win32/DefenderTamperingRestore caught by Windows Defender

    Looks like Microsoft has updated the entry on their security site - this is a catch to reconfigure real-time detection if it has been disabled. Below is what is listed on MS's site now:

    Summary

    This detection is for suboptimal configurations that may prevent Windows Defender Antivirus from functioning properly.

    If you see this detection, a suboptimal configuration was detected, and Windows Defender Antivirus will auto-heal by automatically resetting to more secure configurations.

    https://www.microsoft.com/en-us/wds.../DefenderTamperingRestore&ThreatID=2147741622
     
    ChNew, Sep 8, 2020
    #2
  3. JASONS_CCS
    JasonS_CCS Win User
    JasonS_CCS, Sep 8, 2020
    #3
  4. NAHEEL SAMI
    Naheel sami Win User

    Threat detected: VirTool:Win32/DefenderTamperingRestore

    Threat detection Options confusion

    Hello,

    I had a virus on my PC and windows defender quarantined it.

    But I clicked on the “Action” button and has three options: Removes , Restore , and Allow

    I clicked on Remove, but the threat status changed to: “threat removed or restored “

    Which is confusing.

    I then clicked again on the “Action” button and only 1 option appeared which is “ Allowed” I mistakenly Clicked on. But then I removed it from the “ allow history “

    So my question:

    • does allowing a “ removed or restored” threat means releasing it again in the PC or it means only allowing the future similar threat?
    Because I run a scan after i removed it from allow history and nothing is detected.

    I’m very confused. I would appreciate help.

    My threat was : worm win32/bundpil. “Two letter “
     
    Naheel sami, Sep 8, 2020
    #4
Thema:

Threat detected: VirTool:Win32/DefenderTamperingRestore

Loading...

  1. Threat detected: VirTool:Win32/DefenderTamperingRestore - Similar Threads - Threat detected VirTool

  2. Win32/DefenderTamperingRestore issue

    in Windows 10 Software and Apps
    Win32/DefenderTamperingRestore issue: I am having an issue with my laptop. It is as if it is in a deepfreeze type state. When I install new software and restart, the installed software is not there after the restart. I have tried various anti-virus tools but as soon as I download them and install or run, they...

  3. Win32/DefenderTamperingRestore issue

    in Windows 10 Gaming
    Win32/DefenderTamperingRestore issue: I am having an issue with my laptop. It is as if it is in a deepfreeze type state. When I install new software and restart, the installed software is not there after the restart. I have tried various anti-virus tools but as soon as I download them and install or run, they...

  4. VirTool: Win32 / DefenderTamperingRestore

    in AntiVirus, Firewalls and System Security
    VirTool: Win32 / DefenderTamperingRestore: Hi.I have a fully up-to-date HP PAVILION laptop with Windows 11 HOME.I check for updates every day with Windows Update.The PC is protected with Malwarebytes Premium updated in the malware definitions several times a day; I always keep the Windows Defender virus definitions up...

  5. VirTools Win32/ExcludeProc.D Issue please help remove.

    in AntiVirus, Firewalls and System Security
    VirTools Win32/ExcludeProc.D Issue please help remove.: Hello I have been getting this message every time I start up or restart my computer I see people getting help on this issue and would also really appreciate help as well....

  6. Virus virtool win32 exclude poc d

    in AntiVirus, Firewalls and System Security
    Virus virtool win32 exclude poc d: What is this ?????? It making my computer speed damn slow. https://answers.microsoft.com/en-us/protect/forum/all/virus-virtool-win32-exclude-poc-d/02324526-38af-4abc-941b-4fa0bd63ba69

  7. Windows Defender -VirTools Win32/ExcludeProc.D and Win32/ExcludeProc.A

    in AntiVirus, Firewalls and System Security
    Windows Defender -VirTools Win32/ExcludeProc.D and Win32/ExcludeProc.A: Hi, for the past few days I've been getting notifications about VirTool:Win32/ExcludeProc.D and VirTool:Win32/ExcludeProc.A. I tried to remove them in windows defender but when I restart my laptop I get notification again. I tried using Malwarebytes and Avast but they are not...

  8. VirTool:Win32/DefenderTamperingRestore threat

    in AntiVirus, Firewalls and System Security
    VirTool:Win32/DefenderTamperingRestore threat: my windows 10 home says that there's a severe threat and its called VirTool:Win32/DefenderTamperingRestore does anyone else have this? and how do i get rid of it?...

  9. Win32/DefenderTamperingRestore

    in AntiVirus, Firewalls and System Security
    Win32/DefenderTamperingRestore: Hi there. Anybody can help me with how to clean my computer from this virus: Win32/DefenderTamperingRestore Usually, when I run MSERT.exe it says that this virus was eliminated. But I have some questions: a Is it a memory-resident malware? b Is it launched in my computer...

  10. Win32/DefenderTamperingRestore caught by Windows Defender

    in AntiVirus, Firewalls and System Security
    Win32/DefenderTamperingRestore caught by Windows Defender: Just saw this show up on our virus report on one system and one critical server. Microsoft info on it is non-existent and only 5 days old, however. Anyone else see this? Is it just a false positive from turning AV off temporarily at some point in the past? Thanks in advance!...