Windows 10: Windows Defender False-Positives loop

After spending all day on this literally my patience has worn out.


I have been using Windows Defender for many years on many different computers, they've done their job and never given me grief-until now.


I've been able to download several tools/programs without issue and have done so for years. I'd download, scan then run the program once they show up clean. Windows Defender WD never gave me any grief with any of these, until I tried to download a specific file from a forum. I know for an absolute fact that this file is safe, but when I first tried downloading it, it appeared as:

Backdoor:Win32/Bladabinda!ml


I did various checks online with well trusted antivirus browsers and the fact that thousands upon thousands of individuals have used this program/tool hassle-free, further proving the program is safe. With this being a false-positive, I figured I could just whitelist the program, but this is where the loop happens. The moment I try to download it, WD immediately deletes it. If I go into Exclusions, it asks for a specific file to whitelist.


Do you see the issue here? With this bug causing an infinite loop of frustration, I went to switch WD off while I did my work, but soon discovered that you actually cannot turn Windows Defender off. There's online remedies for editing the registry on your computer and doing other workarounds however absolutely none of these worked. So now I cannot download a needed program and Windows Defender has now refused to turn off. After trying to download the exact same file, the following false-positive triggered:

Trojan:Script/Oneeva.a!ml


I then tried Microsoft Support, who recommended the exactly guides I'd followed earlier, so because of this, it tells me that Windows Defender is a very slack program that it not monitored or updated. It frequently puts out false positives, cannot be turned off and terminates programs willy-willy.

This is a severe oversight and a major bug. You should not have something so important create a loop and require such extreme methods to switch off. This is an official Microsoft AntiVirus but comes across as a shady program. Please fix this so I can carry on with my tasks. I prefer being able to whitelist a program but the fact you cannot turn the program off is a pretty bad look.


Short version:
-Windows Defender has a whitelist bug. You're required to have the program you want to whitelist already on your computer, but if you try to download it, Windows Defender immediately terminates it.
-Windows Defender cannot be switched off. There are guides to do so, but those require going to extreme methods when the option should be within the program itself.

:)

 

defender false positive

Hi Bob,

To better assist you, kindly verify the following:

• Where did you submit the file about Windows Defender being false positive?
• Right after the recent Windows 10 update, your Zara Radio stopped working?
• Regarding the 404 error, what application were you using when you got that error?

Let us know.

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

Why does Windows Defender not understand "False Positive"?

Almost daily now, I've had to clear a "threat" from Defender's "actions needed" list on a specific program that is a false positive.

How do I make it work as expected?