Windows 10: Windows Defender Obfuscated Logs

Is it possible to de-obfuscate / read the following log files?C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\Resource\SystemI am running into 2 scenarios where Defender is a Using a enough CPU on a hyper-v host that it briefly affects the VM performanceb Locking an entire hard-drive not OS drive for an extended period while it reads the entire MFT, we know it is because we caught it in the act doing it sequentially with procmon.Claire

:)

 

Obfuscator

Hi, I recently installed 'StatCounter' into my web-site and straight away 'Windows Defender' alerted me to a threat..Virtools:JS/obfuscator which it quarantined. does any one in the Community know if StatCounter poses a threat..regards Dave G

 

VirTool:Win32/Obfuscator

If you are not using Windows Defender did you seek advice from your antivirus provider (AVG, Kaspersky, McAfee, Norton, etc)?

https://www.microsoft.com/en-us/wds...-description?Name=VirTool:Win32/Obfuscator.XZ
As you can see the Safety Scanner should have resolved the issue.

Where was the file found? Can you send a copy of the file to VirusTotal for analysis?
https://www.virustotal.com/



Other scanners that you might help you resolve this issue are listed in
List of Malware Removal Tools



Have you reviewed and followed the recommended steps in

https://malwaretips.com/blogs/virtool-win32-obfuscator-xz-removal/ to include resetting your browsers?



Check your startup menu – see if you’ve got some programs that do not need to be running at startup.



See
https://support.microsoft.com/en-us/help/4002019/windows-10-improve-pc-performance



Regards…



http://blog.emsisoft.com/2015/01/27/top-10-ways-pups-sneak-onto-your-computer-and-how-to-avoid-them/

 

Windows Defender pegs CPU at 100% utilization when scanning obfuscated .NET applications

When launching obfuscated .NET applications Windows Defender pegs the CPU at 100% utilization and takes between 10 and 30 seconds to scan the file before the application is launched. The un-obfuscated version of the application loads in 1 second. This problem
did not exist until recently. I'm assuming an update was made to Windows Defender that is causing this problem. Other antivirus programs like Symantec Endpoint Protection do not exhibit this behavior when launching the obfuscated .NET code.

I tested running on a fresh install of Windows 10 Version 1703 (OS Build 15063.138) and it does not exhibit the problem. Using that same machine I applied all Microsoft patches bringing the version up to Version 1703 (OS Build 15063.540) and the problem
appeared.

Steps to reproduce:

Create a console application with the following code

using System;

namespace test

{

class Program

{

static void Main(string[] args)

{

Console.WriteLine("Hello World!!!");

Console.WriteLine("Press any key to continue...");

Console.ReadKey();

}

}

}

Compile and run the application. You will see it launches immediately.

Download ConfuserEx v.1.0.0 from Github Releases · yck1509/ConfuserEx

Launch confuserex.exe

Drag the console app onto the Project screen

Click the settings tab

Click <Global settings>

Click the Plus icon on the right

Click the Edit icon on the right

Change the preset from None to Normal

Click DoneClick the Protect tab

Click the Protect! button

When the green finished message appears close confuserex

Navigate to the Confused directory under the bin\release directory in the project and run the application. It now takes 10-30 seconds for the application to load and Windows Defender pegs the CPU at 100%

As stated above this did not happen on previous builds of Windows 10.

If I exclude the executable from Windows Defender scans the app launches immediately but this is not an option for me as the application I wrote can be run from a network drive, USB drive or the local machine. The path to the executable is not known before
it is launched.

Is there any way to fix this?

Thanks,

Scott