Windows 10: Threat Detection in Windows Defender Removed or Restored ?

My windows virus and threat protection software picked up on this: SoftwareBundler:Win32/Prepscram and said it was "Removed and Restored."


I assume that means the threat was quarantined, then removed, then the file it affected was restored. When ı click only option to make is allow ı am so confused about it what should ı do? Is pressing allow do something to my computer.Affected file was in the recycle bin but if a search it in my computer ı still see it and restore it.What should ı do and is the threat still in my computer waiting for your answers...

:)

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

Windows Defender Doesnt Remove threats.

Can you give us what is/was the fully qualified name and
path to the file deemed to be a virus/trojan ?

It will be a lot easier to help you remove it once we know what it is and
where its saved into, as it appears under quarantine or on the list of detected items

`~`

I suggest you to use Windows Defender Offline in Safe mode and remove the virus and check if the issue is resolved.

Windows Defender Offline is a stand-alone tool that comes preloaded with the latest antimalware updates. It works outside of Windows, which means it can catch and clean infections that hide themselves when Windows is running.

• 
  Go to another PC that isn’t infected and download Windows Defender Offline.
  
• 
  Insert a blank USB flash drive or CD into the PC, and then run the Windows Defender Offline file that you just downloaded.
  
• 
  You will be prompted to install Windows Defender Offline to the blank USB flash drive or CD.
  
• 
  After you’ve installed Windows Defender Offline onto the USB flash drive or CD, insert it into your infected PC and
  restart in
  Safe Mode. You will be prompted to start the Windows Defender Offline tool.
  

The following articles may help if you're having trouble getting the tool to work:

• 
  Windows Defender Offline: frequently asked questions
  
• 
  Microsoft's Free Security Tools - Windows Defender Offline
  

After you've used Windows Defender Offline, you should make sure your security software is up to date and run a full scan:

• 
  Get the latest updates
  

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Please post to us if the virus issue is resolved. We are glad to help you further.

-=-

 

Windows Defender is missing Restore Button for Quarantined Threats

It wasn't listed under "Quarantined Threats", but was listed in "See full history" as quarantined. It has been about 2 hours
and now it is listed under "Quarantined Threats" which now shows the Restore or Delete options. Something must be causing
a delay in listing the quarantined file under "Quarantined Threats" after they have been found and quarantined by Defender.