chat@nvda.groups.io | A false positive in Windows Defender and Microsoft Security essentials

Home Messages Hashtags

Date Date 1 - 20 of 26

A false positive in Windows Defender and Microsoft Security essentials

Gene #5780 Considering the importance of this news, Brian, do you approve me placing it on the main list? If you use Windows Defender or are using Windows 7 with Microsoft Security Essentials and are getting warnings about threats when you run Edge, Chrome, or any Chrome-based browser, don't worry about them. Microsoft introduced a false positive this morning into its virus definitions. https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-falsely-detects-win32-hivezy-in-google-chrome-electron-apps/ Gene
More All Messages By This Member
Brian Vogel #5783 At this point, Gene, no. This appears to have been stopped in its tracks at the moment, so unless there's more "flare up" not too many people are likely to encounter it in the wild. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Gene #5785 I see that the problem was corrected in a definitions update perhaps forty-five minutes ago. I manually updated but I think automatic updates occur once a day so I expect a lot of people are still seeing this behavior. I don't know why people haven't discussed this with the number of Chrome-based browsers being used and the number of people who use Windows Defender. Gene On 9/4/2022 5:44 PM, Brian Vogel wrote: toggle quoted messageShow quoted text At this point, Gene, no. This appears to have been stopped in its tracks at the moment, so unless there's more "flare up" not too many people are likely to encounter it in the wild. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Shaun Everiss #5786 Hmmm heard about this, but I never got hit with this. I was away for most of yesterday so maybe it had already been sorted. toggle quoted messageShow quoted text On 5/09/2022 10:01 am, Gene wrote: Considering the importance of this news, Brian, do you approve me placing it on the main list? If you use Windows Defender or are using Windows 7 with Microsoft Security Essentials and are getting warnings about threats when you run Edge, Chrome, or any Chrome-based browser, don't worry about them. Microsoft introduced a false positive this morning into its virus definitions. https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-falsely-detects-win32-hivezy-in-google-chrome-electron-apps/ Gene
More All Messages By This Member
Gene #5787 It began this morning. Gene toggle quoted messageShow quoted text On 9/4/2022 5:56 PM, Shaun Everiss wrote: Hmmm heard about this, but I never got hit with this. I was away for most of yesterday so maybe it had already been sorted. On 5/09/2022 10:01 am, Gene wrote: Considering the importance of this news, Brian, do you approve me placing it on the main list? If you use Windows Defender or are using Windows 7 with Microsoft Security Essentials and are getting warnings about threats when you run Edge, Chrome, or any Chrome-based browser, don't worry about them. Microsoft introduced a false positive this morning into its virus definitions. https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-falsely-detects-win32-hivezy-in-google-chrome-electron-apps/ Gene
More All Messages By This Member
Brian Vogel #5788 On Sun, Sep 4, 2022 at 06:55 PM, Gene wrote: I don't know why people haven't discussed this with the number of Chrome-based browsers being used and the number of people who use Windows Defender. - Because few people, given the size of the user base, have been hit by it. Like I said, all indications are that it was stopped in its tracks and definition update checks are, taken as a whole, utterly random around the 24 hours when the entire Windows user base is taken into account. If this had been causing a furor you can be almost certain we would have seen a post (or many) on the main group as it was being encountered "by the masses." But we didn't. I really do support the idea of warning people when it can be expected that a major dumpster fire is in the offing. This is more of a match tossed in the dumpster that burned itself out. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Brian Vogel #5789 Edited Correction: The problem was identified as being with definitions *prior* to version 1.373.1518.0, and this was supposed to have been 2 definitions after the problematic set. My computer last checked for definition updates today and is on 1.373.1524.0, so there are already several sets of definitions that supersede the problematic set and the issue does not seem to persist. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Brian Vogel #5790 Another aside, but I think an important one: this is also one of the huge benefits of OS (not just Windows, but in this case Windows) telemetry. Microsoft does get telemetry reports about detections from Windows Security, and if there's a sudden massive uptick after a definition set is released, that is a clear indication that something's off. There could be some uptick, but a sudden spate of positive detections on browsers would raise all sorts of red flags, and not about the browsers, particularly when one of them was Edge. One of the great blessings of OS telemetry is that things that once would have been bad updates unleashed on the entire user base seldom get very far at all these days. Even the ones that go pretty darned far generally don't ever come close to making it out to the entire Windows user base. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Shaun Everiss #5791 You know brian, you actually bring up a super intresting point. On a lot of the lists and software, etc I am always disabling the background data sending services. Not on everything, the new privacy guidelines in europe mean a lot of companies actually explain what and why, however for ages now especially with the china thing and the spying thing we have been told that most of this getting data without concent is bad. There are even hack tools to stop windows updating due to privacy concerns. But yeah there are times where this data is actually good for a responsable company. On 5/09/2022 11:24 am, Brian Vogel wrote: toggle quoted messageShow quoted text Another aside, but I think an important one: this is also one of the huge benefits of OS (not just Windows, but in this case Windows) telemetry. Microsoft does get telemetry reports about detections from Windows Security, and if there's a sudden massive uptick after a definition set is released, that is a clear indication that something's off. There could be some uptick, but a sudden spate of positive detections on browsers would raise all sorts of red flags, and not about the browsers, particularly when one of them was Edge. One of the great blessings of OS telemetry is that things that once would have been bad updates unleashed on the entire user base seldom get very far at all these days. Even the ones that go pretty darned far generally don't ever come close to making it out to the entire Windows user base. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Brian Vogel #5792 On Sun, Sep 4, 2022 at 10:33 PM, Shaun Everiss wrote: There are even hack tools to stop windows updating due to privacy concerns. - Which is the height of stupidity and insanity in the prevailing conditions in the cyberworld. Any individual user's largest attack surface is an unpatched OS. I just went through this again on one of the JAWS groups very recently, and it infuriates me that there is still anyone who advocates blocking Windows updates. No one ever said it better than this gentleman, now retired, who was a BSOD expert over at BleepingComputer: There really isn't a point to checking for updates and not installing them. . . It's important to install all available updates. I've been doing this since the days of DOS, and I still don't have the confidence to pick and choose among updates. There are just too many variables involved - and most people can't evaluate the full consequences of installing/not installing updates. ~ John Carrona, AKA usasma on BleepingComputer.com, http://www.carrona.org/ He gets to the meat of the matter at the end, "most people can't evaluate the full consequences of installing/not installing updates." I'm one of those "most people." The entities that created a given OS, and are tasked with maintaining it, know far better than I ever will, or could hope to. Most of us don't consult (for pay) professional subject matter experts and then blithely ignore their advice. Well, even though we're not paying for it, directly, that's what you have in Windows Update and the people behind it. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Brian's Mail list account #5793 Wonderful. I have also had to tweak defender on a laptop as it found something disagreeable about an update to ccleaner a couple of days back. I guess these are the dangers of anti virus software. Brian -- bglists@... Sent via blueyonder.(Virgin media) Please address personal E-mail to:- briang1@..., putting 'Brian Gaff' in the display name field. toggle quoted messageShow quoted text ----- Original Message ----- From: "Gene" <gsasner@...> To: <chat@nvda.groups.io> Sent: Sunday, September 04, 2022 11:01 PM Subject: [chat] A false positive in Windows Defender and Microsoft Security essentials Considering the importance of this news, Brian, do you approve me placing it on the main list? If you use Windows Defender or are using Windows 7 with Microsoft Security Essentials and are getting warnings about threats when you run Edge, Chrome, or any Chrome-based browser, don't worry about them. Microsoft introduced a false positive this morning into its virus definitions. https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-falsely-detects-win32-hivezy-in-google-chrome-electron-apps/ Gene
More All Messages By This Member
Brian's Mail list account #5794 I believe I have turned off telemetry using winaero tweak tool on windows 10, so it does make one think. Brian -- bglists@... Sent via blueyonder.(Virgin media) Please address personal E-mail to:- briang1@..., putting 'Brian Gaff' in the display name field. toggle quoted messageShow quoted text ----- Original Message ----- From: "Shaun Everiss" <sm.everiss@...> To: <chat@nvda.groups.io> Sent: Monday, September 05, 2022 3:33 AM Subject: Re: [chat] A false positive in Windows Defender and Microsoft Security essentials You know brian, you actually bring up a super intresting point. On a lot of the lists and software, etc I am always disabling the background data sending services. Not on everything, the new privacy guidelines in europe mean a lot of companies actually explain what and why, however for ages now especially with the china thing and the spying thing we have been told that most of this getting data without concent is bad. There are even hack tools to stop windows updating due to privacy concerns. But yeah there are times where this data is actually good for a responsable company. On 5/09/2022 11:24 am, Brian Vogel wrote: Another aside, but I think an important one: this is also one of the huge benefits of OS (not just Windows, but in this case Windows) telemetry. Microsoft does get telemetry reports about detections from Windows Security, and if there's a sudden massive uptick after a definition set is released, that is a clear indication that something's off. There could be some uptick, but a sudden spate of positive detections on browsers would raise all sorts of red flags, and not about the browsers, particularly when one of them was Edge. One of the great blessings of OS telemetry is that things that once would have been bad updates unleashed on the entire user base seldom get very far at all these days. Even the ones that go pretty darned far generally don't ever come close to making it out to the entire Windows user base. -- Brian -Windows 10, 64-Bit, Version 21H2, Build 19044 /Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity./ ~ Martin Luther King, Jr.
More All Messages By This Member
Brian Vogel #5796 Microsoft has clearly identified exactly what it collects at each level of telemetry. I'd never consider turning telemetry off entirely, but one of my standard actions when setting up any Windows machine is to set the level to "basic" rather than the default "everything we'd like to take" level, which can include potentially private material (not that I think they're reading this) when telemetry for Office burps is sent. All I care to send is what's needed to monitor whether the OS itself is healthy and whether newly installed updates are functioning as expected. OS telemetry in general, and your phones have it, MacOS has it, Linux has it, pretty much any modern OS has it - though some do allow it to be turned off entirely by the user - is what has saved our collective bacon from the "bad update" of yore that on rare occasion did take out the entire user base with widespread the damage. That just doesn't happen anymore, as the updates get intentionally stopped in their tracks when irregularities are detected. Someone, of course, is going to be the source of those irregularities, but the number of those someones is small compared to the past. Even the now ancient, and disastrous, Windows 10 Feature Update back in the 18XX era that wiped machines never made it out beyond a select few (and too many were in that few). In the end, though, if it hasn't become apparent to any long term computer user that having a full system image backup protocol in place, and running it on a regular cycle which is dictated by how much "new data" you'd be willing to lose without rending your garments and tearing your hair out, is essential then it never will. Computers can and do fail for a very wide variety of reasons. The best and cheapest insurance policy against losing everything is having a backup protocol in place. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Sarah k Alawami #5797 Actually, someone already did on another list. As my system auto scans and I don’t ever check that but every few months Microsoft probably updated the database already. toggle quoted messageShow quoted text From: chat@nvda.groups.io <chat@nvda.groups.io> On Behalf Of Brian Vogel Sent: Sunday, September 4, 2022 3:45 PM To: chat@nvda.groups.io Subject: Re: [chat] A false positive in Windows Defender and Microsoft Security essentials At this point, Gene, no. This appears to have been stopped in its tracks at the moment, so unless there's more "flare up" not too many people are likely to encounter it in the wild. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity. ~ Martin Luther King, Jr.
More All Messages By This Member
Brian Vogel #5798 On Tue, Sep 6, 2022 at 10:37 AM, Sarah k Alawami wrote: As my system auto scans and I don’t ever check that but every few months Microsoft probably updated the database already. - The Windows Defender definition files are typically updated at least once per day, and often more often. They were updated at least three or four times on the day this issue presented, and the issue was promptly extinguished. I have not yet heard a single firsthand report of anyone being hit by this. It's not that I doubt it happened, it did, but "the system worked" in preventing it from spreading like wildfire. The problem was identified promptly and fixed promptly. For most of the world, it was a complete non-issue since their definition update cycle was such that the corrupt definition file was never picked up for use. Not everything becomes an immense conflagration. This certainly didn't. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Gene #5799 This is a first hand report. The reason I knew about the problem was because I started getting Windows Defender warnings every time I opened a Chrome-based browser. I checked online and found out about the bad update. It may be that a lot of users didn't get the bad update but my definitions were updated somewhere between eight and nine in the morning and that update contained the problem. Gene On 9/6/2022 11:26 AM, Brian Vogel wrote: toggle quoted messageShow quoted text On Tue, Sep 6, 2022 at 10:37 AM, Sarah k Alawami wrote: As my system auto scans and I don’t ever check that but every few months Microsoft probably updated the database already. - The Windows Defender definition files are typically updated at least once per day, and often more often. They were updated at least three or four times on the day this issue presented, and the issue was promptly extinguished. I have not yet heard a single firsthand report of anyone being hit by this. It's not that I doubt it happened, it did, but "the system worked" in preventing it from spreading like wildfire. The problem was identified promptly and fixed promptly. For most of the world, it was a complete non-issue since their definition update cycle was such that the corrupt definition file was never picked up for use. Not everything becomes an immense conflagration. This certainly didn't. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Brian Vogel #5800 On Tue, Sep 6, 2022 at 01:07 PM, Gene wrote: This is a first hand report. - OK, that was not clear. That being said, is it fixed now? My point yesterday is that by the time the issue was even raised here the fix had been out for hours. If you were not one of the unfortunate few who happened to have a definitions update cycle occur when the corrupted set was what was being fetched, you would never even have known this occurred. One should only be putting warnings out about active issues. And by the time this one was brought up here it was no longer active for anyone who had not previously been hit. That means it's fixed, and does not warrant further warnings about. I really don't think I was at all unclear on that concept from the outset. At this point, all reports on this issue should be in the "historical" category. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Gene #5801 I manually updated my definitions twice that day and either in the evening or late afternoon, I don't remember, an update was provided that corrected the problem. Can Microsoft release Windows Defender updates that are installed more often than the program's usual daily update? Gene On 9/6/2022 12:39 PM, Brian Vogel wrote: toggle quoted messageShow quoted text On Tue, Sep 6, 2022 at 01:07 PM, Gene wrote: This is a first hand report. - OK, that was not clear. That being said, is it fixed now? My point yesterday is that by the time the issue was even raised here the fix had been out for hours. If you were not one of the unfortunate few who happened to have a definitions update cycle occur when the corrupted set was what was being fetched, you would never even have known this occurred. One should only be putting warnings out about active issues. And by the time this one was brought up here it was no longer active for anyone who had not previously been hit. That means it's fixed, and does not warrant further warnings about. I really don't think I was at all unclear on that concept from the outset. At this point, all reports on this issue should be in the "historical" category. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Brian Vogel #5802 On Tue, Sep 6, 2022 at 01:53 PM, Gene wrote: Can Microsoft release Windows Defender updates that are installed more often than the program's usual daily update? - Actually, it's not uncommon for multiple definition updates to be released per day. It all depends on what new detections occur "in the wild" and are confirmed, thus requiring a definition update to guard against them. It is possible to reconfigure how often Windows Updates are checked for, but not through the standard user interface. This is an admin thing. See: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus?view=o365-worldwide for additional details. You can force a manual check just by opening Windows Security, Virus and Threat Protection, then activating the "Check for Updates" link in that pane. Also, since this is handled via the regular Windows Update mechanism, you can simply open the Windows Update pane and manually trigger a check for updates. Since the default intervals have worked, quite well, for years there is no logical reason to change them due to a one-off incident, in my opinion. But it can be done if you want to dig in under the hood. Windows Defender is not consistently in the top 10 products for antivirus/security suite testing labs, often the top 5 and beating out paid competitors, because it's not set up well. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member
Gene #5803 I'm not sure what you mean by this sentence: Windows Defender is not consistently in the top 10 products for antivirus/security suite testing labs, often the top 5 and beating out paid competitors, because it's not set up well. You have praised the program before and it isn't clear if you said what you meant in this sentence. Gene On 9/6/2022 1:17 PM, Brian Vogel wrote: toggle quoted messageShow quoted text On Tue, Sep 6, 2022 at 01:53 PM, Gene wrote: Can Microsoft release Windows Defender updates that are installed more often than the program's usual daily update? - Actually, it's not uncommon for multiple definition updates to be released per day. It all depends on what new detections occur "in the wild" and are confirmed, thus requiring a definition update to guard against them. It is possible to reconfigure how often Windows Updates are checked for, but not through the standard user interface. This is an admin thing. See: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus?view=o365-worldwide for additional details. You can force a manual check just by opening Windows Security, Virus and Threat Protection, then activating the "Check for Updates" link in that pane. Also, since this is handled via the regular Windows Update mechanism, you can simply open the Windows Update pane and manually trigger a check for updates. Since the default intervals have worked, quite well, for years there is no logical reason to change them due to a one-off incident, in my opinion. But it can be done if you want to dig in under the hood. Windows Defender is not consistently in the top 10 products for antivirus/security suite testing labs, often the top 5 and beating out paid competitors, because it's not set up well. -- Brian - Windows 10, 64-Bit, Version 21H2, Build 19044 *Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity.* ~ Martin Luther King, Jr.
More All Messages By This Member

1 - 20 of 26

Previous Topic Next Topic

Home Hashtags About Features Pricing Updates Terms Help Twitter