Windows Defender False Positives?

Topic

New Reply

Hey Y’all,

Yesterday I got this:

Actually I got 3 of them. They are all shortcut files that I created. I scanned again with Defender and got the same thing. I scanned with Malwarebytes Premium and no issues.

So I tried a scan with Defender offline and it all went away. Go figure.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

cmptrgy

Reply | Quote

Replies

I also have false positives on Process Hacker, which I have restored, restored and restored again.  I think that WD has given up.

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

Can’t tell for sure, but it might be a false positive (bitstream scanning of a container format or the content of an object file being incorrectly flagged as a virus).

Reply | Quote

I also get false positives on Process Hacker on occasion and have to restore it from quarantine, then all is well once more.  Malwarebytes 4.04 doesn’t see it as a threat.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I uninstalled Process Hacker for just now, more trouble than it’s worth.

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

Windows Defender has been giving us a rash of false positives recently. Starting about a month ago December 2020, typically emailed attachments that are encrypted zips with a variety of contents (source code, text files, exes, dlls) These have been getting tagged as threats and are quarantined. We can get them back by restoring them from quarantine, but false positives are very bad. They lead people to believe that Windows Defender is not finding real threats – like the proverbial boy who cried wolf.

Some of these encrypted zips are sent to everyone in the company – and only a few machines will tag the zip as malware.  The rest are perfectly fine with the file. In the case of  files sent to only one person, they can be independently retrieved from the email server and submitted to VirusTotal – and nothing else sees the file as malware.

Better yet, any available update to the definitions will typically cause the offending encrypted zip to be allowed/passed as safe.

It seems that Microsoft Defender has become unstable. Are they looking for shorter contiguous chunks of the files for the signatures? Anyone have any idea what is going on?

We’ve been sending each other encrypted zips for decades, and using Windows Defender for at least 5, maybe 10 years.   What has happened?

Deuxbits

 

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

Reply | Quote