Windows 10: Windows Secutity False-positive?

Hi,Could really use some help and insights I have been using the Lantern VPN servicegetlanetrn.org since I am in mainland China.Today as I was browsing online, the Windows Security notification popped up signaling a Threat Quarantined. the specifics are as follow:My particular predicament at the time was that without the VPN I couldn't have accessed REAL Internet since I was looking for answers and the Chinese Internet proved yet again, pathetically useless so I ALLOWed it. My Win11 updater has updated the latest virus database as per 2/16, and I have never had any previous encounters

:)

 

False positive for desktop shortcut scanner.lnk

The 1.239.488.0 virus / spyware definition update that rolled out about 24 hours ago appears to be producing a false positive for any shortcut placed on the desktop called "Scanner.lnk". I can consistently replicate a false positive for Trojan:Win32/FakeSysdef
with the following steps.

• Create a shortcut to an exe file.
• Place the shortcut on the desktop.
• Name the shortcut "Scanner".
• Run "Quick Scan".

I don't get the same result by directly scanning the file, nor by uploading the file to www.virustotal.com, so it would appear this is as a result of a heuristic rather than a file content analysis. I also don't get the same result with a shortcut that links
to a website.

Can anyone else replicate? How can we go about getting the Windows Defender team to reconsider this heuristic? It's a bit heavy-handed.

 

defender false positive

Hi Bob,

To better assist you, kindly verify the following:

• Where did you submit the file about Windows Defender being false positive?
• Right after the recent Windows 10 update, your Zara Radio stopped working?
• Regarding the 404 error, what application were you using when you got that error?

Let us know.

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis