Windows 10: Win10 2004 defender identifies virus threat even though file had been deleted

Hello,


Some weird stuff with MS Security Virus & threat protection since upgrading to Win10 2004. It's identifying a current threat PUA:Win32/InstallCore that I cannot remove even though the file associated with the threat was previously deleted. The threat was first identified back on 7/3/2020 and that's when I manually deleted the file. Since then I've tried to remove the threat associated with a non-existent file in Virus & threat protection, but every time I rescan after removing, it reappears. Also, the Quick Scan is taking 10 to 15 minutes to complete. It gets to about 85% complete then seems to stop for awhile, before it finally completes showing the threat.


Any suggestions for what I can try? Is there any way of resetting Defender to flush its record of threats and start over? I have tried installing Win10 2004 on top of Win10 2004 retaining data and apps, but that makes no difference. I'd prefer not to do a full OS reinstall unless I absolutely have to.


Also, I temporarily installed Malwarebytes and ran a full scan -- it found no threats. It seems that Defender is stuck thinking there is still a threat.


Thanks in advance.

:)

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

Cannot turn on Windows Defender virus protection

I had the same sort of symptoms. In the Windows Security Center, under Virus and threat protection, it said "Your virus & threat protection is managed by your organization."





I note you mentioned the Registry Keys under HKLM/SOFTWARE/Microsoft/Windows Defender. Nice spotting, but it seems like there is another key that is causing the problem for some users.

Steps to a solution:

1. Press the Windows key and type "regedit"
   
2. On the regedit icon that appears, right-click and select Run as Administrator.
   
3. Navigate to the folder located at HKLM\SOFTWARE\Policies\Microsoft\Windows Defender (You can paste this into the address box at the top of the window, or navigate manually using the side directory structure)
   
4. In this folder, there are probably two keys. Right-click and Delete the DisableAntiSpyware key.
   
5. Exit regedit, and return to the Windows Defender settings screen (refresh it if necessary). Windows Defender should have the scan options available and working.
   

Solution adapted from here, with a much more detailed solution here.

 

virus and threat protection

Virus and threat protection has stopped and will not restart, Windows 10 ver 1709, antimalware client ver 4.12.16299.15 . SuperAntiSpyware installed.

I have tried most of the suggestions from the support pages, all have been ineffective. Any suggestions

Moved from: Virus and Malware / Windows Defender / Updating Virus and Spyware Definitions / Windows 10