AvScan icon indicating copy to clipboard operation
AvScan copied to clipboard

Published 20 hours ago verified publisher icon yolofy

Windows Defender result always return as ThreatFound

Open maxchu92 opened this issue 6 years ago • 3 comments

I m running on default windows defender with the windows version of Microsoft Windows [Version 10.0.17763.316]. I am not sure why, whatever file i scan, it was always ThreatFound even if the file is safe.

maxchu92 avatar Feb 20 '19 07:02 maxchu92

What is the output of the following command?

C:\Program Files\Windows Defender\MpCmdRun.exe -Scan -ScanType 3 -File "<fileName>" -DisableRemediation

yolofy avatar Feb 20 '19 14:02 yolofy

OUTPUT: MpEnsureProcessMitigationPolicy: hr = 0x1 Starting RunCommandScan. WARN: Product/Feature disabled MpCmdRun: End Time: ‎Fri ‎Feb ‎22 ‎2019 15:34:17

Found the problem. Turns out my Windows Defender was disabled as another antivirus was not fully disabled while i was doing the test. But the code should throw error stating that the antivirus is disabled instead of ThreatFound. Thank you.

maxchu92 avatar Feb 22 '19 07:02 maxchu92

I've also noticed that the exit code is not reliable or useful. I capture the standardOutput from running the process and see if my target file is named. Can also get the name of the virus this way too.

glittle avatar Feb 26 '20 21:02 glittle