Windows 10: windows defender FALSE VIRUS RESULTS!

Connected external hdd scanned with wf, had a lot of viruses so I decided to wipe the entire drive, now that its fully wiped wf still says there are viruses on a none existing drive. How do I get rid of that message?


I unplugged the drive and restated the pc and the current threats message still there!!!!


stupid wf doesn't know how to detect when a drive was fully wiped?

:)

 

Windows Defender False alarm

I am getting many false alarms from Windows Defender.

When I follow up and look for details of the alarm/virus, there is nothing listed. .... so what is it picking up??

Haven't had the time to investigate fully. I havent changed any of its default settings since it installed with Win 10.

Windows Defender might be a half baked app from Microsoft??.

 

Windows defender false positive - forced to allow threat


Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

False positive for desktop shortcut scanner.lnk

The 1.239.488.0 virus / spyware definition update that rolled out about 24 hours ago appears to be producing a false positive for any shortcut placed on the desktop called "Scanner.lnk". I can consistently replicate a false positive for Trojan:Win32/FakeSysdef
with the following steps.

• Create a shortcut to an exe file.
• Place the shortcut on the desktop.
• Name the shortcut "Scanner".
• Run "Quick Scan".

I don't get the same result by directly scanning the file, nor by uploading the file to www.virustotal.com, so it would appear this is as a result of a heuristic rather than a file content analysis. I also don't get the same result with a shortcut that links
to a website.

Can anyone else replicate? How can we go about getting the Windows Defender team to reconsider this heuristic? It's a bit heavy-handed.