Windows Defender File Warning vs. Process Warning

Boris_yo

Limp Gawd
Joined
Oct 22, 2011
Messages
220
I have a legit tool that Windows Defender identifies as "Trojan:Win32/Vigorf.A" and it happens with other legit files. Some are identified as PUA.
This Reddit commenter says that there is no need to worry as long as Windows Defender detects file. When it detects process is when there
is case one should be worried:

reddit-file-process-defender.jpg


I gather that all this time I was worried about legit files and removed some of them could have been better spent allowing them on device as long
as they did not create a running process that Windows Defender can pick up?
 

GotNoRice

[H]F Junkie
Joined
Jul 11, 2001
Messages
11,240
Yes, Microsoft actively uses Windows Defender to hunt for files that have nothing to do with malware or viruses but are simply a threat to people paying hundreds of dollars for office. I've even had it identify old no-cd cracks from 20+ years ago.
 

pendragon1

Extremely [H]
Joined
Oct 7, 2000
Messages
42,784
lol yeah it does that on all sorts of "warez" stuff. magic jelly bean keyfinder still gets flagged. make a folder and mark it safe in security settings and keep it all in there. thats what i do.
oh and the difference that post mention is "process" means the file is running and active. so if its a real virus that is a prob.
ps: defender is now windows security, it caused some confusion in another thread...
 

Boris_yo

Limp Gawd
Joined
Oct 22, 2011
Messages
220
Yes, Microsoft actively uses Windows Defender to hunt for files that have nothing to do with malware or viruses but are simply a threat to people paying hundreds of dollars for office.
They to lump all false positives together even if they are false positives just to make sure people don't crack Microsoft Office?
 

Boris_yo

Limp Gawd
Joined
Oct 22, 2011
Messages
220
make a folder and mark it safe in security settings and keep it all in there. thats what i do.
oh and the difference that post mention is "process" means the file is running and active. so if its a real virus that is a prob.
ps: defender is now windows security, it caused some confusion in another thread...
Making a new folder and moving there files is not always an option. I also tried excluding folder from scanning but it seems that eventually Windows starts peeking there. At least that's what happened with files that I excluded. Why is it not consistent with my rules?

So should I exclude process if I know author claims it to be safe? What to do if it happens to be a true positive after I exclude it? Would Windows Security pick up its running process?
 

pendragon1

Extremely [H]
Joined
Oct 7, 2000
Messages
42,784
Making a new folder and moving there files is not always an option. I also tried excluding folder from scanning but it seems that eventually Windows starts peeking there. At least that's what happened with files that I excluded. Why is it not consistent with my rules?

So should I exclude process if I know author claims it to be safe? What to do if it happens to be a true positive after I exclude it? Would Windows Security pick up its running process?
ok whatever, mark the folder safe.
if you know that it is safe, just excluded it however you want.
 

Boris_yo

Limp Gawd
Joined
Oct 22, 2011
Messages
220
You can scan your file at virustotal.com
Most of the time I get mixed results. It's not the file that I am concerned about that I have excluded from scan and ran but a process it can create, assuming file was "poisoned" on the server without developer's knowledge.
 
Top