Windows 10: Windows defender falsely detecting trojans in zip files

This post is the amalgamation of several weird instances on my PC, so I'll begin with where it all started. 2 days ago I was compiling a python program to an exe using the widespread PYINSTALLER module, I tried using the --onefile and --noconsole arguments, however it didn't like the second one, and I got a defender warning, saying memory integrity had been turned off. I then went and checked it out, seeing that it was caused by incompatible drivers. The drivers in question were Promethean ACTIVhdmini drivers, something that may have been on my laptop before I re-imaged it. However I couldn't

:)

 

After Full Scan with windows defender i got problem to remove Trojan:win32/Dynamer!ac

https://www.microsoft.com/security/...Name=Trojan:Win32/Dynamer!ac&ocid=-2147283291

If Windows Defender will not alleviate this problem, recommend you follow the suggestions in this free multi-step removal guide from Malwaretips.com. The removal tools/procedures are free. http://malwaretips.com/blogs/trojan-win32-dynamer-ac-removal/

But…

If none of the other tools listed in the Malwaretips guide identify any malware, you are using an HP laptop and the alleged malware detection by Windows Defender is listed as
being in the “D” Drive on the laptop then you may be seeing a “false positive” detection. Should you determine you are probably seeing a "false detection"
suggest you post back in this thread with further information.

Good luck…

 

database of malware producing false positives or false negatives

Many months ago I communicated with Malwarebytes about a trojan that was detected by Defender that was not detected by Malwarebytes. They indicated that Microsoft Defender is likely a false positive and to wait weeks or months for Microsoft to update their
database. To date the Defender continues to detect a trojan that is not detected by Malwarebytes.

Defender does not detect any malware on quick scans. However on full scans it detects this trojan that is not detected by Malwarebytes.

How does an end user determine whether one antivirus program is producing false positives or false negatives?

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis