How to prevent efficiently Defender from considering a given VBS script as containing a threat

LaurentG

New Member
Local time
12:50 AM
Posts
19
Location
Briançon / France
Thread starter
I have a problem with Defender : it considers a safe script (I know it's safe, I wrote it myself !) as a threat, and I cannot efficiently bypass its "protection" !

This script is downloading a jpeg file from a Web site (this jpeg file is updated once a minute on the web site, it's a WebCam), and launches an external command (jhead.exe) on the resulting file (thanks to WshShell.run command) to set it some EXIF parameters.

First of all, I'm obliged to create a "Defender exception" to the script itself (or to its containing folder), otherwise the script do not even start, because Defender blocks its loading, considering a TrojanDownloader:HTML/Adodb.gen!A threat.
I could also mark this threat as "authorized", but even without doing so, if an exception is defined, the script is not analysed at its loading, and starts.

But at run time, despite the fact that the script is set as an exception, when it comes to the line WshShell.run to launch the jhead.exe command, Defender detects this time the threat Trojan:VBS/Mountsi.A!ml
And I'm obliged to mark this threat as authorized if I want to have this line of the script running (and EXIF data set on the jpeg file).
But I DO NOT WANT to accept this threat in "any circumstances". I ONLY want to that Defender DO NOT consider (falsely) that it is present in my script (where it is NOT).
If I mark it as "Authorized", it won't be any more catched by defender in case another script (I wouldn't have written myself) would actually contain it... and then I wouldn't be any more protected against this threat in a malicious script !

To have defined an exception on this specific script should be enough (and safe).... but it is not enough, and the only solution is NOT safe !

Of course, I can guarantee that the problem is NOT in the jhead.exe, that is 100% safe (and never detected by Defender, nor any other Antivirus), and that I'm using for years without any problem. (Jhead homeage: Exif Jpeg header manipulation tool )
Moreover, I can add also that I have several other scripts I wrote in the past, that are on the same way launching the same jhead.exe command, and that are not considered neither as containing the TrojanDownloader:HTML/Adodb.gen!A when they are loaded, nor running the Trojan:VBS/Mountsi.A!ml when they are run...
I tried also to reorganize a little bit my code, but this didn't solve the issue.

So my question is : Is there a mean to tell Defender : "this script, I'm sure, is safe, let it run", without being obliged to open risk in authorizing a given threat evrywhere ad everytime.

I recently switched from Avast to Defender, on the advice of several other forums that explained it was a lot better, and that Avast was at the origin of a lot of issues...
But I never had such an issue with Avast : when it raises a "false positive", it's enough to create an exception on the .exe or the .vbs and eveything goes well....

Except if there is a solution in Defender to my problem, I think I'll go back soon to Avast....
 

My Computer

System One

  • Operating System
    W10

FreeBooter

Active Member
Member
VIP
Local time
1:50 AM
Posts
266
Location
Turkey
Try disabling Smart Screen to see problem resolves.
 

My Computer

System One

  • Operating System
    Windows 10 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte Technology Co., Ltd.
    CPU
    QuadCore Intel Core i5-6600
    Motherboard
    Gigabyte GA-Z170M-D3H
    Memory
    Corsair Vengeance LPX CMK8GX4M1A2666C16
    Graphics Card(s)
    Sapphire Radeon R9 380
    Sound Card
    Realtek ALC892
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Hard Drives
    Sata SSD
    Internet Speed
    25Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender

TairikuOkami

Brony
Member
VIP
Local time
12:50 AM
Posts
42
Location
Trnava
To put it simply, you can not. This is one of the reasons, I had to disable Defender.
You can put the file to exceptions, but Defender can treat each line as a new treat.
 

My Computer

System One

  • Operating System
    Windows 10 Home Dev 21H1 x64
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 with Noctua NH-U12S (07/2019)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1H5 (07/2019)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16 (07/2019)
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC (08/2019)
    Sound Card
    Creative Sound Blaster Z (11/2016)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/2019) 1920×1080@75Hz + FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/2019)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/2016)
    Case
    Lian Li PC-7NB + 3x Noctua NF-S12A FLX@700rpm (11/2016)
    Keyboard
    HP Pavilion Wireless Keyboard 600 (05/2021)
    Mouse
    HP Wireless Silent 280M Mouse (05/2021)
    Internet Speed
    300/30 Mbps via RouterOS (05/2021) + TCP Optimizer
    Browser
    Microsoft Edge
    Antivirus
    Panda Free
    Other Info
    Headphones: Sennheiser RS170 (09/2010) + ow.ly/g6QL303Wv7d

TairikuOkami

Brony
Member
VIP
Local time
12:50 AM
Posts
42
Location
Trnava

My Computer

System One

  • Operating System
    Windows 10 Home Dev 21H1 x64
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 with Noctua NH-U12S (07/2019)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1H5 (07/2019)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16 (07/2019)
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC (08/2019)
    Sound Card
    Creative Sound Blaster Z (11/2016)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/2019) 1920×1080@75Hz + FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/2019)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/2016)
    Case
    Lian Li PC-7NB + 3x Noctua NF-S12A FLX@700rpm (11/2016)
    Keyboard
    HP Pavilion Wireless Keyboard 600 (05/2021)
    Mouse
    HP Wireless Silent 280M Mouse (05/2021)
    Internet Speed
    300/30 Mbps via RouterOS (05/2021) + TCP Optimizer
    Browser
    Microsoft Edge
    Antivirus
    Panda Free
    Other Info
    Headphones: Sennheiser RS170 (09/2010) + ow.ly/g6QL303Wv7d

johngalt

Well-known member
WQ Insider
Member
VIP
Local time
6:50 PM
Posts
620
Location
3rd Rock
To put it simply, you can not. This is one of the reasons, I had to disable Defender.
You can put the file to exceptions, but Defender can treat each line as a new treat.
Probably because, as @TairikuOkami replied before, you really cannot.

I'm curious, though - did you copy parts of the script from somewhere else or fully write it from scratch? It's astounding that a simple script downloading a file every minute would be tagged as 2 different vulnerabilities, once from a general scan and once from the script's actions.

It might not be a bad idea to post the script here in a codebox / attachment if you don't mind us perusing the code - otherwise, you may need to try another method to accomplish what you're trying to do. And speaking of - have you considered using a Download manager with scheduling abilities to try to accomplish the same thing?
 

My Computer

System One

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    The Beast Model A (homebrew)
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen @ 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM (Old storage)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler + Air (3 * 140mm fans from case)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 Wireless Laser Mouse(shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
    Browser
    Nightly|Chrome|Canary|Edge+ (Chromium) (in all 4 flavors)
    Antivirus
    Windows Defender + MB 4

LaurentG

New Member
Local time
12:50 AM
Posts
19
Location
Briançon / France
Thread starter
I'm curious, though - did you copy parts of the script from somewhere else or fully write it from scratch? It's astounding that a simple script downloading a file every minute would be tagged as 2 different vulnerabilities, once from a general scan and once from the script's actions.
100% home made from scratch !
You can find also attached the previous version of the same : The only difference between both is that the old version didn't launch jhead to add EXIF data.
And this previous version has NEVER been considered as a threat by Defender !!!!

You can find it in attachment. There is nothing "private" in it, you can play with it as much as you want. Sorry, but comments are in french...
You can seee also in the script the run of "jhead.exe" (already mentioned, available here : Exif Jpeg header manipulation tool )
and "sticky.exe" : It's a (very good IMHO) program of Sticky Notes, you can find here : Stickies

And FYI, the script do not download "every minute" : There is no schedule in it, but the script is scheduled (actually once a day) thanks to Windows Task Scheduler.
 

My Computer

System One

  • Operating System
    W10

z3r010

Administrator
Staff member
Local time
11:50 PM
Posts
798
Location
Worsley, England
Unable to upload them.
Also unable to post them in a quote...
How do you want I send them to you ?
I've just checked and something in them was triggering the forum firewall making it think there was an injection attack - it should be fixed now.
 

My Computers

System One System Two

  • Operating System
    Windows 10 Workstation
    Computer type
    PC/Desktop
    Manufacturer/Model
    doofenshmirtz evil incorporated
    CPU
    Intel Core i9 7960X
    Motherboard
    Asus ROG STRIX X299-E Gaming
    Memory
    32GB (4x8GB) Corsair DDR4 Vengeance RGB Pro 3200
    Graphics Card(s)
    2x EVGA RTX2080 XC Ultra 8G
    Sound Card
    Sound BlasterX Katana
    Monitor(s) Displays
    3 x27" Dell U2714H & 1x 34" Dell U3415W
    Hard Drives
    512GB SAMSUNG M.2 NVME 960 PRO
    PSU
    Corsair 850 Watt RM850x
    Case
    Core P5 Thermaltake
    Cooling
    EK Water
    Keyboard
    Surface Ergonomic
    Mouse
    Logitech MX Master 2S
    Internet Speed
    300/50Mb/s
    Browser
    Chrome
    Antivirus
    Windows Defender, Malwarebytes Pro
  • Operating System
    Windows 10 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft
    CPU
    1.9GHz Intel Core i5-4300U (dual-core, 3MB cache, up to 2.9GHz with Turbo Boost)
    Memory
    4GB
    Graphics card(s)
    Intel HD Graphics 4400
    Monitor(s) Displays
    12" Multi Touch
    Screen Resolution
    2160 x 144
    Hard Drives
    128GB
    Other Info
    fsadf

johngalt

Well-known member
WQ Insider
Member
VIP
Local time
6:50 PM
Posts
620
Location
3rd Rock
Well, that clears things up a bit. It seems that the addition of the calls to load jhead and stickies (one, or the other, of both) is triggering AV - for whatever reason. I've got the scripts now, and though I don't know French, even without using any translation and just looking at the script, I've already figured out most of it lol. You documentation skills are far above many programmers, thank you for that!

I'm not a programmer, per se, but I can read and understand scripting OK, so I'll take a look - but if anyone else also wants ot delve in that can help, please, help us get this this script working without triggering Defender!

Correction - the new script will not Download, Defender is screaming about the same vulnerability that you listed. I'll DL to a file that Defender isn't monitoring so I can see the script contents.
 

My Computer

System One

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    The Beast Model A (homebrew)
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen @ 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM (Old storage)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler + Air (3 * 140mm fans from case)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 Wireless Laser Mouse(shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
    Browser
    Nightly|Chrome|Canary|Edge+ (Chromium) (in all 4 flavors)
    Antivirus
    Windows Defender + MB 4

johngalt

Well-known member
WQ Insider
Member
VIP
Local time
6:50 PM
Posts
620
Location
3rd Rock
Lol that didn't work either.

Try this:

In your reply, click the Code button in the reply editor (the one that has an icon that looks like this: </> and copy and paste the script code between DE] and [/iC - so the text will be here.


As noted below, probably not a good idea, even if the above attached .txt file doesn't cause issues with virus scanning....

I cannot DL it at all, I've tried direct DL, direct open, nothing....
 
Last edited:

My Computer

System One

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    The Beast Model A (homebrew)
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen @ 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM (Old storage)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler + Air (3 * 140mm fans from case)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 Wireless Laser Mouse(shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
    Browser
    Nightly|Chrome|Canary|Edge+ (Chromium) (in all 4 flavors)
    Antivirus
    Windows Defender + MB 4

TairikuOkami

Brony
Member
VIP
Local time
12:50 AM
Posts
42
Location
Trnava
In your reply, click the Code button in the reply editor (the one that has an icon that looks like this: </> and copy and paste the script code between DE] and [/iC - so the text will be here.
A great idea, how to get this forum blacklisted. 😅


Scripts are peculiar thing, antivirus engine looks for a malware like behavior, this script uses vbscript to download a file, that is only what 99% malware does, thus the reason, it is called as such by multiple heuristic engines. My script even got blocked from github by a robot multiple times, because of something similar. I was unbanned, but the robot blocked it again, Defender works the same way, you can submit the file, but the next signature update might flag it again.
 
Last edited:

My Computer

System One

  • Operating System
    Windows 10 Home Dev 21H1 x64
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 with Noctua NH-U12S (07/2019)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1H5 (07/2019)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16 (07/2019)
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC (08/2019)
    Sound Card
    Creative Sound Blaster Z (11/2016)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/2019) 1920×1080@75Hz + FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/2019)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/2016)
    Case
    Lian Li PC-7NB + 3x Noctua NF-S12A FLX@700rpm (11/2016)
    Keyboard
    HP Pavilion Wireless Keyboard 600 (05/2021)
    Mouse
    HP Wireless Silent 280M Mouse (05/2021)
    Internet Speed
    300/30 Mbps via RouterOS (05/2021) + TCP Optimizer
    Browser
    Microsoft Edge
    Antivirus
    Panda Free
    Other Info
    Headphones: Sennheiser RS170 (09/2010) + ow.ly/g6QL303Wv7d

johngalt

Well-known member
WQ Insider
Member
VIP
Local time
6:50 PM
Posts
620
Location
3rd Rock
That makes sense lol. I should have thought that through.

I'll edit my post.
 

My Computer

System One

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    The Beast Model A (homebrew)
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen @ 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM (Old storage)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler + Air (3 * 140mm fans from case)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 Wireless Laser Mouse(shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
    Browser
    Nightly|Chrome|Canary|Edge+ (Chromium) (in all 4 flavors)
    Antivirus
    Windows Defender + MB 4

LaurentG

New Member
Local time
12:50 AM
Posts
19
Location
Briançon / France
Thread starter
Hi all,

I have eventually split my script in two scripts : I have now a sub-script that is ONLY in charge to download the file.
It accepts two parameters : the URL, and the filepath to create, and sends a not null Rc in case of any error.

Now the "main" script do not anymore download itself anything, but only
- define the different parameters
- runs the sub-script
- depending on the Rc runs jhead or sticky and log file creation

With this architecture, Defender doesn't see any more any threat, neither at load of the scripts, not at their run time.... while what is actually run is EXACTLY the same than in previous situation with only one script ! : Same actions, in the same order.

So for me, the problem is now closed... but means that Defender is clearly not "smart" at all : for exactly the same global process, either consider it as safe, or block it in such a way that user cannot efficiently and securely un-block it....
I keep it right now (since I've found a tricky workaround), but at next problem, I think I'll remove it and go back to Avast...

Thank you to all people who participate in this thread for your participation, your advices, etc...
 

My Computer

System One

  • Operating System
    W10

johngalt

Well-known member
WQ Insider
Member
VIP
Local time
6:50 PM
Posts
620
Location
3rd Rock
If you look at the VirusTotal link provided by Tairiku, though, you'll see it's not just Defender:

Ikarus Trojan-Downloader.HTML.Adodb
McAfee-GW-Edition BehavesLike.VBS.Dropper.zp
Microsoft TrojanDownloader:HTML/Adodb.gen!A
NANO-Antivirus Trojan.Script.Vbs-heuristic.druvzi
Rising Trojan.DL.Script.VBS.Agent.xjc (CLASSIC)
Symantec ISB.Downloader!gen60
Yandex HTML.Psyme.Gen

Under details, you'll see:

Code:
Basic Properties
MD5    2fd1b569ade90252d51f5ec7a2cb0339
SHA-1    4ced0aa2319ace5557e5d696e580e0f6b0dce374
SHA-256    6f3555298f326bc1c0de37e4f86c9c2e6643360b4af2b658f302f9f1cbdaaf4e
Vhash    38c01633bac98981023e08ab1eb84869
SSDEEP    96:23JPhM9oFagKbaFy1XAlFWlIP8JfZlv11rek2ew4:SJ5M91Tge9xJ1n
TLSH    T19061941FF6178A53A3A251B3B672E805F256DB08106DF1082ED4C1AA1A05D7DB6E44F7
File type    VBA
Magic    Lisp/Scheme program text
File size    3.21 KB (3289 bytes)
History
First Submission    2021-03-14 17:07:29
Last Submission    2021-03-14 17:07:29
Last Analysis    2021-03-16 19:32:32
Names
GetPSPphoto.vbs

I'm assuming the last one is from when Tairiku submitted it to VT (today's date) - but the 2 before that from 2 days ago may be from your computer (reported by Defender) or somewhere else, because I believ ethat is before you attempted to post them here....

At least you have the fix now lol. GL!
 

My Computer

System One

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    The Beast Model A (homebrew)
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen @ 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM (Old storage)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler + Air (3 * 140mm fans from case)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 Wireless Laser Mouse(shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
    Browser
    Nightly|Chrome|Canary|Edge+ (Chromium) (in all 4 flavors)
    Antivirus
    Windows Defender + MB 4

LaurentG

New Member
Local time
12:50 AM
Posts
19
Location
Briançon / France
Thread starter
If you look at the VirusTotal link provided by Tairiku, though, you'll see it's not just Defender:

Yes, you're right.
But nevertheless, two remarks
1) Defender is not the only one, but remains very few to see a threat : 4 / 52, and major AV like Kaspersky, Avast don't see it
2) What actually I reproach to Defender is not to detect a threat : All AV may have "false positive". This is OK

But the MAJOR problem with Defender is that we are NOT able to exclude a specific script without excluding the corresponding threat everywhere / everytime. Because this lead to have an un-acceptable choice : either to be blocked, or to put his Pc at risk.

While with AVAST (at least, maybe others also), once a script or an exe has been "excluded", it is really no more monitored at all.
Exclusion is under user's responsibility, but when user did it, his choice is respected by AV.
And I consider it's mandatory to let user to have the "last word". Even if Defender was "perfect", I want to be able to have the final decision, and not let it to a soft.

PS : BTW, today, as we can see in TotalVirus, it is no more detected as TrojanDownloader:HTML/Adodb.gen!A by Microsoft, but nevertheless still as Trojan:VBS/Mountsi.A!ml at run time
 
Last edited:

My Computer

System One

  • Operating System
    W10
Top