Hi. This is a topic about my recently growing frustration with Microsoft. Right now I am having huge trust-issues with Microsoft and Windows Defender. (Newest Version, but in windows 10 pro 1803) I was just copying my collection of tools, that has been sitting in a folder for month, mind you, to a different location. Unfortunately WD decided that it won't let you copy files around that it decided are "unsafe". (Entirely PUPs or false positives) These files include i.e. the collection of programs coming with Nirsoft Tools Package and the Configure Defender utility. Many programs of tools collection and the Configure Defender were blocked from copying and then thrown into quarantine. There is no way to allow the files in the prompt that comes up when copying. "Try again" does nothing, skipping them just throws them in quarantine: I can only get the files back when I look into the Defender page and restore the files from the, sometimes very interestingly worded, results: Except Configure Defender, these are all tools from the Nirsoft Tool Package. One is even declared a Trojan: Well, I'm never going to use this one anyway, so I'll delete it just to be safe. But for anyone interested, here is the VirusTotal result for it: ~ Removed VirusTotal Results as per Policy ~ My issues (with WD): - They are all false positives - No way to stop WD detecting PUPs - No way to deny deletion and mark them as safe (on the fly. I know I can go and set exclusions BEFOREhand) - WD never asked about them before copying even though it says it does regular scans (One even today) - I can even visit the folder with all the FPs in it and do file-operations - still no alarm (Well, it is potentially not a sign of low security...) - The incredibly condescending nature of all of it - Oh, and BTW, the best thing is: I can't add Configure Defender to the exclusions list because IT CONTAINS POTENTIALLY HARMFUL SOFTWARE!! And, while it says that, it has already thrown that file in quarantine. HA! I can swear there is a Microsoft employee standing behind, putting his hand on my shoulder, saying: "No, my child! That is not for you." THIS IS RIDICULOUS! ------------------------ You know what makes this even more funny? I recently had a remote assistance session with Microsoft Support. To be honest, it was really weird issue, but still. The support was pathetic: Even the "escalation team" that has been called by the first support guy; took over, tried two things, and then was just saying: "You have changed group policies? You have to do a reset" (He meant an in-place upgrade) How can I be treated contemptuous by people who have no clue themselves?! I don't even know how to react to this... I guess I really have to leave Windows and start using Linux Mint. I'm a grown-up, after all! ... The longer I stay a customer of Microsoft the more I feel like a child.
There is likely a workaround to keep Windows Defender from sucking in your old files for the shredder. As an avid fierce malware tester I ran into WD scraping up a ton of mine, but they are bad so it's understandable it was doing it's job, and doing it well. However it also grabbed a whole lot of my old Windows 98 & Windows XP customization files as well, and that didn't sit well. Freelance useful apps like DeskHedron 3-D, WinFlip, RunMe Launcher and others were scooped up like toys. The solution was knocking out WD on Windows 10 temporarily while sorting out correct settings-placements as well as setting an exclusion for them. It worked for me. They're left alone now. Don't sour out too soon. Yeah it's frustrating but YOU have to control YOUR machine, not them.
I'm not sure about the others but for Configure Defender I would download the latest version from Github. Microsoft flagged Configure Defender because they weren't happy that there was an option to disable the real-time protection. To be fair I do see Microsoft's point, but its still a safe program that was created by a great developer. The developer Andy ful has since removed this option from Configure Defender and released an updated copy. Microsoft was happy with the update and removed the detection for the latest version. If you haven't already I would submit the files to Microsoft and see what they say.
Another new thing (for me) I recently discovered when copying some of my own collection of audio/video files (I do a lot of flash editing), while transferring over to Windows 10 from an older version of Windows. After sending the xxx amount of Gb data over to 10, when I restarted Win 10, discovered that their permissions policy is been greatly enhanced too. There was not a single file that landed to disk in spite of the fact that it tricks you into thinking you made the transfer onto 10 complete when externally tethered. I call that some clever protections enhancement and was really no big deal for me but did make for a What Happen? moment.
This is normal for Windows Defender. It does not have hash matching to speak of so it has to scan the entire file. If it was to do that each time a file is accessed it would produce a huge system overhead (not that it already isn't doing that on a smaller scale) and make the system almost unusable. So Windows Defender instead just monitors I/O writes and relies on heuristics and other layers (such as SmartScreen and behavioral analysis) to make up for the missing on access scan. That's why the files weren't detected when you accessed the folder. As soon as you moved them, bam. They would also have been detected if you ran the apps - tried to load them into memory. This is how it always was with WD, and sadly still is. As for the 'regular scans', I have never used WD so I may be wrong here, but I doubt it scans all files on schedule. Perhaps some 'sensitive areas' or similar, that looks like something Microsoft would do. Actually, dialuppass is a password decryption utility and as such could be classified as a Trojan, and is most likely detected by heuristics/behavioral layer. As it should be IMO. Those who do not get why this should be have no business around dialuppass. Whitelisting forensic utilities just so the average Joe doesn't get seizures when running them through an AV is a bad practice. Enhanced in what way? That should not be happening. NTFS file system should retain all permissions on file copy.
This isn't the only issue I have with Windows 10. Just look at any error message: "Oops, something went wrong.", "Unexpected Error", "Try again later", "Please wait while we are working on it", blah blah blah ... Most error messages, including those with an error code like 0x80000000, are totally useless! Most of the time you have to manually search the event manager to find out what is even wrong - but you have to search by experience because you have no information. Then you have to google the error message and HOPE someone has written something about it. But most of the time the answers are not working or are for a different error. Microsoft doesn't even have a public list, if any at all, of all of those error and what causes them. It's hilarious! The last BSODs I had were caused by an nVidia driver, but were shown to be coming from the Intel graphics driver. And I didn't get any information - except the name of the .sys driver file in the BSOD itself, which I have to make a picture of using my PHONE - because even in the event manager you can't any information anymore. There isn't even the name of the driver! Nothing! Not even a third-party program that usually lets you view information about BSODs could help... Then there's the issue that Microsoft makes all the settings for you. That isn't possible anymore! They routinely revert all changes you've made in the next update. Then sometimes you need a third-party programs in order to change something that should be in the control manager. Because most of the time they use some obscure, undocumented method to change stuff. Just that's why there even is a "Configure Defender" program! (Not necessarily related) For example, there is no button to click in order to deactivate IPv6 system-wide. It's an important thing for some people! They call this version "pro" just because you can change stuff using the group policy editor. But if you did and you ask for support and they find out that you did, that's no more support for you. Reset or die. They don't have a simple powershell script that reverts to default settings! I asked the "escalation team". I'm pretty sure nobody in the support does even know about powershell. Or they are not allowed to use it. Ye, you know, seriously: I think they are not allowed because if they "damage" anything it is their, or Microsofts, responsibility to fix it. So it is easier less costly to just say: "hey, do a reset, I don't care." (They did not say it in this words, of course) TL : DR - Error messages and BSODs are mostly utterly devoid of ANY information - Also no information about error codes online from an official source - They decide which settings your machine has to have - Barest minimum of settings available, but only because they got sued. (Privacy settings) - Helpless support for a reason (money) - You sometimes NEED third-party applications to control the OS you paid for
I kind of knew that. But I expected that when I go in a folder full of malware, that it does scan the whole folder. Because why else is opening a folder with big, nested installation files so utterly slow? Or is it just the downloads folder that is being checked upon OPENING? It does make sense. But it is horrible that it has to be so condescending that not let the user decide what to do with the file upon detection! Pretty much all other anti-malware programs have a corresponding setting in their options. "Don't let the user decide!" (anything) must be Microsofts actual slogan.
I found this - https://docs.microsoft.com/en-us/wi...ally-unwanted-apps-windows-defender-antivirus So it appears that you are right, Windows Defender does scan certain folders on access and downloads folder is one of them. But AFAIK it does not scan all files on access, which would indeed explain why your utilities got quarantined only when you moved them. Also, installation files (exe, msi, etc.) are usually self-extracting archives. Most AVs use 'unpackers' to scan inside archives. This may be the reason it takes so long to access that folder, it has to unpack the installers (at least the ones it can) first.
This is so true and such a childish response they use to what should be a logical reply back of returning some sort of logical readable and findable area of the issue. That silly crap they use "We" are working on it etc. is so lame it borders on a kids game response. But that's all as far as they have come after all these years on those built in canned replies made into Windows.
It was very weird issue, so I thought: "Hey, maybe I can save a few MORE hours of googling if I just ask them?". It was the third and last time I thought that. The issue is: I can't download or update in the Store, and, if I create a new user account (admin or not), using it, I can't WRITE in certain fields with keyboard or on-screen keyboard. (The Search field, some stuff that open when you try to login with your microsoft account) All that only because I want to watch Netflix movies in 1080p. (You can't with Chrome or anything, and Edge gave an error). So, I need the Netflix app to see in 1080p. It already takes an hour to find out how you google this issue... But I ignore it and continue to watch movies in 960x540 even though I pay for HD...
No. I tried everything. With a Chrome extension I can get series in 1080p, but not the big movies. (Like Thor: Ragnorok.) They appear to be fixed at under HD for my account by Netflix... Maximum for them is 960x540 with a super low bitrate: about 750 Kbps Did you know there are key-combinations you can press on Netflix site to change what you receive? (CTRL+ALT+SHIFT+S to set, and D to display) Anyway, I asked elsewhere. Let's not make this thread about Netflix.
