Windows 10: Windows Defender Threat History & Actions

Hi,


Hope someone can help clear this up for me.


Defender found and stopped something it defined as potentially unwanted software: Win32/Unwaders.C!ml


The threat was apparently quarantined and all the details were there such as threat severity, recommended actions etc.


What I do not understand is why there is an Allow button next to this. What function does it serve and why would I want to allow it anyway?


I find no option to remove or take any other action except to clear history.


Thanks in advance,


Mark

:)

 

Windows Defender Reports Malware, Taking Care of it, No Further Action Required, Yet History is Empty

Windows Defender running on Windows 10 Pro x64 pops up a message (lower right corner of screen) that it detected malware, that it is taking care of the threat and that no further action is required. When I open the Defender UI and click on the History tab
and view All detected items, the list is empty.

Isn't this a bug in Defender? Either there was no malware and it should not have reported that there was, or there was malware and it should be in the list of detected items.

 

Windows defender false positive - forced to allow threat


Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

'windows defender successfully took action on 1 threat'

I get a notification that 'windows defender successfully took action on 1 threat' but I am not able to see what the problem or threat was that it took action on. Advice?