News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Windows Defender Inconsistencies

    Posted on DrBonzo Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 8.1 Questions: Win 8.1 (and Win 8) Windows Defender Inconsistencies

    Viewing 6 reply threads
    • Author
      Posts
      • #2314183
        DrBonzo
        AskWoody Plus

        For a friend, I’m setting up a Win 8.1 Pro 64 bit laptop purchased from Dell Refurbished. I’ve installed Opera, Firefox, Gimp and about 100 games from Big Fish. All the preceding software is up to date, as is Windows 8.1 (through October with what used to be called Group A).

        When I do either a quick or full scan with Windows Defender I get a yellow triangle/exclamation point with the statement that preliminary results indicate the presence of malware or other potentially unwanted software and that I can review the affected files at the end of the scan. But, at the end of the scan, the triangle/exclamation point and message all disappear and at the top of the Defender Dialog box I get a green check mark, a statement of the number of files scanned and that my computer is being protected. The History box is empty. Well OK, its probably nothing, but…

        … in an effort to determine what files weren’t “liked”, I did a bunch of custom scans to try and narrow down where the file(s) is(are). No matter what custom scan I try I never get the triangle/exclamation point/warning message, and when the scan is done I get the green check mark, a statement of the number of files scanned, a statement that my computer is being protected, AND a statement that no infected files were found. This last statement never showed up after a quick or full scan (although it always shows up on my own 8.1 computer when I do a quick or full scan and nothing is found). The other interesting thing is that after I do a custom scan on the C: drive, the reported number of files scanned is smaller (by about 25000) than the number reported for a full scan.

        So, my questions are, is the occurrence of the triangle/exclamation point/warning statement of any significance? If so, how do I find the suspected file? Also, shouldn’t the number of files scanned be the same for a custom scan of C: as for a full scan?

        I’ve run the Microsoft Safety Scanner (downloaded from this link https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download) and everything comes up completely clean.

        I’ve also rum Malwarebytes Free, which also came up totally clean, but interestingly, said it only scanned about 280,000 files (as opposed to more than 600,000 files for a full scan or custom C: scan with Defender).

        I’d appreciate any insight into what’s going on, particularly on whether this is worth pursuing and/or how likely it is that something is infected. This laptop is a gift, and while I suspect it will not be heavily used for internet surfing, I’d really like to get this right.

        Thanks.

      • #2314263
        Paul T
        AskWoody MVP

        I don’t get that issue with Defender in my W8.1 Home box. No suggestions either.  🙁

        cheers, Paul

        1 user thanked author for this post.
      • #2314268
        DrBonzo
        AskWoody Plus

        I remember seeing the same symptoms once on a Windows 7 computer with Microsoft Security Essentials. It was a Dell laptop and while I’m not absolutely sure of this, I think it happened after a Dell Update update, or perhaps some other Dell software update. I ran the MS Safety Scanner, which came up clean. By staring at the MSE window and watching the scan progress I was able to determine that when the scan encountered svchost, the yellow triangle/exclamation point/statement of possible presence of malware was triggered only to disappear at the end of the scan. I searched the hard drive for svchost, found about 15 instances of it, and scanned each one individually each of them coming back clean. My recollection is that the symptoms stopped showing up after maybe a month, but again, I’m not too sure about that

        Unfortunately, on the 8.1 computer Defender doesn’t show file names as it scans so I can’t see what file(s) are triggering the triangle/exclamation point/warning. I did search the hard drive for svchost and custom scanned each, and they all come back clean. Of course, I have no way of knowing whether svchost is triggering the symptoms on the present 8.1 computer.

        The only Dell software I can find on the computer is Dell Backup and Recovery, and that hasn’t been updated to the best of my knowledge. So it seems to me that something about installing Gimp or one (or more) of the Big Fish games must be triggering the symptoms (I’m thinking Opera and Firefox likely aren’t the culprit or it would have been reported by somebody.) I suppose I could uninstall Gimp and the Big Fish games, but I’d sure rather not do all that.

      • #2314270
        Chris Greaves
        AskWoody Plus

        Hi.

        Some 15 years ago my password-protected Word2003/VBA utility library “UW.dot” would cause McAfee to vomit on one particular system

        I knew that the code was clean, my colleague knew and trusted me, but we could not get UW.dot installed on his machine.

        UW.dot was issued and installed successfully on the machines of all my clients across North America.

        At that time I figured that one or more bytes in the password-protected tokenised UW.dot just happened to beat the odds and look like a virus signature – to McAfee on Tim’s system!

        Cheers

        Chris

        "Almost works" means it doesn’t work.

        1 user thanked author for this post.
      • #2314289
        doriel
        AskWoody Lounger

        When I do either a quick or full scan with Windows Defender I get a yellow triangle/exclamation point with the statement that preliminary results indicate the presence of malware or other potentially unwanted software and that I can review the affected files at the end of the scan

        Can you post file paths and names? Type of threat (for example HackTool:Win32/Keygen, or Trojan:Win32/CryptInject!ml)?

        You can upload suspected file to http://www.virustotal.com and it will run through series of tests to be sure.

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        1 user thanked author for this post.
        • #2314290
          doriel
          AskWoody Lounger

          Oh sorry. I see that list is empty. I misread your post. This is hard to troubleshoot. I suggest to install some free AV and then remove it. Maybe the issue will disappear. Also make sure all updates are installed.

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          1 user thanked author for this post.
          • #2314291
            DrBonzo
            AskWoody Plus

            I downloaded and installed Malwarebytes Free, ran a scan, and it came up clean. I turned it off but haven’t uninstalled it yet.

            The virus definitions for Defender are up to date, but I haven’t checked to see if Defender itself is up to date. I just assumed it was but I’ll check to make sure.

            1 user thanked author for this post.
      • #2314307
        SB9K
        AskWoody Lounger

        I’ve been getting the exact same behavior lately. My gaming rig was built by me with off the shelf parts, so maybe that at least rules out a Dell-specific issue.

        I had assumed it was because I had added Blackbird (which I use to kill known telemetry) in “Excluded files and locations”, as Windows Defender definitely flags it as unwanted software. But as a test, I deleted all traces of Blackbird, removed the exclusion, and ran the scan again. Still the same behavior.

        And then I found what seems like an actually useful explanation on the Microsoft Answers forum. So with other scanners not finding an issue, I’ve decided not to worry about it.

        Gaming Rig: Win 8.1 Pro - Group A + Blackbird
        Work Desktop: Ubuntu 20.04 LTS (+ Win 8.1 VM, "just in case")
        Notebook (guinea pig): Whatever flavor of Linux I tried last
        File Server: TurnKey Linux
        • This reply was modified 1 month, 3 weeks ago by SB9K.
        2 users thanked author for this post.
      • #2314429
        Elly
        AskWoody MVP

        Malware can be sneaky…

        I like to run through MajorGeeks Malware Removal… it uses multiple tools, but steps you through a specific sequence of steps in running them… just in case?

        Non-techy Win 10 Pro and Linux Mint experimenter

        1 user thanked author for this post.
    Viewing 6 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Windows Defender Inconsistencies

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

?
This website collects data via Google Analytics. Click here to opt in. Click here to opt out.
×