Windows 10: Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

:)

 

Why does Windows Defender not understand "False Positive"?

Almost daily now, I've had to clear a "threat" from Defender's "actions needed" list on a specific program that is a false positive.

How do I make it work as expected?

 

Is restoring a quarantined threat the same as allowing the threat?

My Windows defender scan reported a threat last week. I quarantined it. After a few days, I updated my defender virus definitions, restored the threat, and ran another scan (because I wanted to find out if it was a false positive). This new scan did not
report any threat.

However, under defender's threat history, allowed items, I see this threat listed. I do NOT want to allow the threat, just wanted to find out if the latest definitions would still reported the file as a threat. How should I do that? Thank you. I am using
windows 10.

 

defender false positive

Hi Bob,

To better assist you, kindly verify the following:

• Where did you submit the file about Windows Defender being false positive?
• Right after the recent Windows 10 update, your Zara Radio stopped working?
• Regarding the 404 error, what application were you using when you got that error?

Let us know.