Solved False Windows Defender download blocks?


bobkn

bobkn

Well-known member
Pro User
VIP
Local time
3:29 AM
Posts
3,147
Location
Danbury, CT, USA
OS
Windows 11 26100.3025
I'm on 24H2 26100.3902. (I'm not an insider - updated with an ISO from UUPDump.net.)

I appear to be getting spurious download blocks. An example:

www.hwinfo.com

Free Download HWiNFO Sofware | Installer & Portable for Windows, DOS

Start to analyze your hardware right now! HWiNFO has available as an Installer and Portable version for Windows (32/64-bit) and Portable version for DOS.
www.hwinfo.com www.hwinfo.com

The download of version 824 is OK.

It's not the only block I've seen.

The AV detection occurs in both Edge and Chrome browsers.

Is this a feature, a bug, or sudden widespread infections on previously safe sites?
 

My Computers

System One System Two

  • OS
    Windows 11 26100.3025
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Amd Threadripper 7970X
    Motherboard
    Gigabyte TRX50 Aero D
    Memory
    128GB (4 X 32) G.Skill DDR5 6400 (RDIMM)
    Graphics Card(s)
    Gigabyte RTX 4090 OC
    Sound Card
    none (USB to speakers), Realtek
    Monitor(s) Displays
    Philips 27E1N8900 OLED
    Screen Resolution
    3840 X 2160 @ 60Hz
    Hard Drives
    Crucial T700 2TB M.2 NVME SSD
    WD 4TB Blue SATA SSD
    Seagate 18TB IronWolf Pro
    PSU
    BeQuiet! Straight Power 12 1500W
    Case
    Lian Li 011 Dynamic Evo XL
    Cooling
    SilverStone Technology XE360-TR5, with 3 Phanteks T30 fans
    Keyboard
    Logitech K120 (wired)
    Mouse
    Logitech M500s (wired)
    Internet Speed
    2000/300 Mbps (down/up)
  • Operating System
    windows 11 26100.3025
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Intel I9-13900K
    Motherboard
    Asus RoG Strix Z690-E
    Memory
    64GB G.Skill DDR5-6000
    Graphics card(s)
    Gigabyte RTX 3090 ti
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Asus PA329C
    Screen Resolution
    3840 X 2160 @60Hz
    Hard Drives
    WDC SN850 1TB
    8TB Seagate Ironwolf
    4TB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 1300 GT
    Case
    Lian Li 011 Dynamic Evo
    Cooling
    Corsair iCUE H150i ELITE CAPELLIX Liquid CPU Cooler
    Mouse
    Logitech M500s (wired)
    Keyboard
    Logitech K120 (wired)
Both browsers use a reputation service to check downloaded binaries for malicious flagged content. For example Google owns Virus Total. These services are not flawless so it's possible it's one of the following
  • a truly malicious file
  • a false positive
  • a dual-use binary (meaning it can be used for good or commonly used by threat actors)
  • other
 

My Computer

System One

  • OS
    Windows 11
Just for fun, I disabled the Windows security protections and downloaded the file. I re-enabled the protections immediately after.

Defender deleted the file almost immediately. I didn't get time to do a Malwarebytes scan on it.
 

My Computers

System One System Two

  • OS
    Windows 11 26100.3025
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Amd Threadripper 7970X
    Motherboard
    Gigabyte TRX50 Aero D
    Memory
    128GB (4 X 32) G.Skill DDR5 6400 (RDIMM)
    Graphics Card(s)
    Gigabyte RTX 4090 OC
    Sound Card
    none (USB to speakers), Realtek
    Monitor(s) Displays
    Philips 27E1N8900 OLED
    Screen Resolution
    3840 X 2160 @ 60Hz
    Hard Drives
    Crucial T700 2TB M.2 NVME SSD
    WD 4TB Blue SATA SSD
    Seagate 18TB IronWolf Pro
    PSU
    BeQuiet! Straight Power 12 1500W
    Case
    Lian Li 011 Dynamic Evo XL
    Cooling
    SilverStone Technology XE360-TR5, with 3 Phanteks T30 fans
    Keyboard
    Logitech K120 (wired)
    Mouse
    Logitech M500s (wired)
    Internet Speed
    2000/300 Mbps (down/up)
  • Operating System
    windows 11 26100.3025
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Intel I9-13900K
    Motherboard
    Asus RoG Strix Z690-E
    Memory
    64GB G.Skill DDR5-6000
    Graphics card(s)
    Gigabyte RTX 3090 ti
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Asus PA329C
    Screen Resolution
    3840 X 2160 @60Hz
    Hard Drives
    WDC SN850 1TB
    8TB Seagate Ironwolf
    4TB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 1300 GT
    Case
    Lian Li 011 Dynamic Evo
    Cooling
    Corsair iCUE H150i ELITE CAPELLIX Liquid CPU Cooler
    Mouse
    Logitech M500s (wired)
    Keyboard
    Logitech K120 (wired)
bobkn said:
Defender deleted the file almost immediately. I
Click to expand...
Does "Protection history" say what it detected?

I downloaded the portable beta version from SourceForge, checked it with VirusTotal, which was flagged, most likely heuristically, by a vendor, but the rest was green, including "Microsoft." Window defender didn't delete what I downloaded.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex Micro 5000
    CPU
    Intel Core i5-12500T
    Motherboard
    Dell 03V7GF
    Memory
    2 x 8GB DDR4 SO-DIMM 3200
    Graphics Card(s)
    Intel UHD Graphics 770
    Sound Card
    Intel Alder Lake-S PCH - cAVS (Audio, Voice, Speech)
    Internet Speed
    500/1,000 Mbps
    Browser
    Firefox ESR
    Antivirus
    Windows defender. One-time free scanners: ESET, Sophos
You must log in or register to reply here.

Similar threads

Windows Defender Scheduled Scan
Replies
13
Views
963
echo2446
echo2446
Solved How do I restore Windows Defender?
2 3 4
Replies
68
Views
2K
Anixx
A
Solved Windows Defender Says I Have Incompatible Drivers
Replies
15
Views
649
andrew129260
andrew129260
why does DISM restore superprefech and windows defender?
Replies
11
Views
1K
Porthos
Porthos
Windows defender is temporarily disabled but is still working
Replies
1
Views
355
glda19
G

Latest Support Threads

Latest Tutorials

Back
Top Bottom