Windows 10: Windows defender flagging excel doc as a virus. Microsoft Security Intelligence has removed...

A very important excel do with vba and macros is being flagged by windows defender as a virus. We submitted to microsoft - they scanned the document and said they removed the detection. We have run all updates on our windows 10 computers but we still cannot use the file. Our company cannot run without this document - it has been working for several months until there was an Office 365 update on March 17, 2020. Have had no luck contacting MS to get help and our Office 365 "partner" that MS is telling us to contact is unwilling to send out tech's or help us at this time due to COVID.


Please help!

:)

 

Software, NOT a virus, being flagged and removed by Defender

An old game that worked fine yesterday is suddenly being flagged and removed by Defender.

What do I do if Defender has a problem with software I know is legit?

Will Microsoft take reports on this and make changes to Defender?

The only way it could be Malware is if there's a tricky virus that can insert itself into this software, even as I download it fresh from the website. Is that even possible?

The game in question is a Kingdom for Keflings:

A Kingdom for Keflings!

***Post moved by the moderator to the appropriate forum category.***

 

Use Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph

Hi,



Thank you for writing to Microsoft Community Forums.



In order to enable trust for executables based on classifications in the ISG, the
Enabled:Intelligent Security Graph authorization option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the
Enabled:Invalidate EAs on Reboot option to invalidate the cached ISG results on reboot to force rechecking of applications against the ISG.



Since the ISG relies on identifying executables as being known good, there are cases where it may classify legitimate executables as unknown, leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate
trusted in the WDAC policy or by deployment through a WDAC managed installer. Typically, this is due to an installer or application using a dynamic file as part of execution. These files do not tend to
build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG.



Modern apps are not supported with the ISG heuristic and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business. It is straightforward to authorize modern apps with
signer rules in the WDAC policy.



Enabled:Intelligent Security Graph Authorization -> Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG).



Enabled:Invalidate EAs on Reboot -> When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically
re-validate the reputation for files that were authorized by the ISG.



For more information, you may refer the below articles.

• Use
  Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph.
  
• Deploy Windows
  Defender Application Control policy rules and file rules.
  
• Use
  signed policies to protect Windows Defender Application Control against tampering.
  

If you still have questions, then I suggest you to post your query in
IT Pro TechNet Forums, where we have support
professionals who are well equipped with the knowledge on Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph.



Please feel free to contact us back, in case you have any other questions/issues with Windows in future.

 

Windows Defender Not On

Hi,



Welcome to Microsoft Community. Your interest in Windows 10 is much appreciated.



I would suggest you to try the below methods and check:

Method 1:

I would suggest you to run virus scan to make sure the computer is free from virus.

The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove virus, spyware, and other malicious software. It works with your existing antivirus software.

Microsoft Safety Scanner Download - Windows security



Method 2:

Turn the Defender on. Follow the below steps:

• In search, type Defender.
• Now make the option ON by moving the slider accordingly.

Method 3: Run the SFC.

Follow the below steps:

• Open Command Prompt.

• Select “Run as Administrator”.
• Type “sfc /scannow” without quotes and hit
  Enter.

Now check for the issue.



Keep us posted if you face any issues on windows in future. We will be glad to help you.