Windows 10: Windows Defender keeps identifying and removing this threat over and over:...

Every few minutes this gets flagged, Windows Defender quarantines it and then it comes back again.


It says:

AFFECTED ITEMS:

file: C:\Users\[USERNAME]\AppData\Local\Apple Inc\CloudKit\iCloudDrive\MMCS\tmpm-0x0000000000000001


and

file: C:\Users\[USERNAME]\AppData\Local\Apple Inc\CloudKit\iCloudDrive\MMCS\tmpm-0x0000000000000002


Is this a real threat? How do I get rid of it? Offline scan did not help.


Thank you

:)

 

Threats identified by Windows Defender not removed

Hi, my OS is Windows 10 Pro 64bit Version 2004 Build 19041.450. After performing a full scan of my SSD, Windows Defender identified a number of threats such as APP:CDisplayEx_BundleInstaller, PUA:Win32/Vtools, PUA:Win32/InstallCore, PUA:Win32/SystemChecker, PUA:Win32/PiriformBundler. I will appreciate your comments or suggestions for removal them. Many thanks.

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

WINDOWS DEFENDER IS NOT REMOVING THREATS

Hi lelouch.lamperouge,

Sorry if that didn't work.

Is the threat listed on your Quarantined Items? If yes, please try the following.

1: Open Windows Defender Security Center from the system tray area.

2: Click “Virus & threat protection”.

3: Open Protection History.

4: Click filters, select ‘Quarantined Items’

5: Select the threat and click Remove.

I hope this helps. Feel free to ask back any questions and keep me posted.