Solved False Windows Defender download blocks?


bobkn

bobkn

Well-known member
Pro User
VIP
Local time
11:25 AM
Posts
3,896
Location
Danbury, CT, USA
OS
Windows 11 26200.8728
I'm on 24H2 26100.3902. (I'm not an insider - updated with an ISO from UUPDump.net.)

I appear to be getting spurious download blocks. An example:

www.hwinfo.com

Free Download HWiNFO Sofware | Installer & Portable for Windows, DOS

Start to analyze your hardware right now! HWiNFO has available as an Installer and Portable version for Windows (32/64-bit) and Portable version for DOS.
www.hwinfo.com www.hwinfo.com

The download of version 824 is OK.

It's not the only block I've seen.

The AV detection occurs in both Edge and Chrome browsers.

Is this a feature, a bug, or sudden widespread infections on previously safe sites?
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 26200.8728Amd Threadripper 7970X128GB (4 X 32) G.Skill DDR5 6400 (RDIMM)Gigabyte RTX 4090 OC
    OS
    Windows 11 26200.8728
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Amd Threadripper 7970X
    Motherboard
    Gigabyte TRX50 Aero D Rev. 1.0
    Memory
    128GB (4 X 32) G.Skill DDR5 6400 (RDIMM)
    Graphics Card(s)
    Gigabyte RTX 4090 OC
    Sound Card
    none (USB to speakers), Realtek
    Monitor(s) Displays
    Innocn 32" OLED
    Screen Resolution
    3840 X 2160 @ 60Hz
    Hard Drives
    Crucial T700 2TB M.2 NVME SSD
    WD 4TB Blue SATA SSD
    Seagate 18TB IronWolf Pro
    PSU
    BeQuiet! Straight Power 12 1500W
    Case
    Lian Li 011 Dynamic Evo XL
    Cooling
    SilverStone Technology XE360-TR5, with 3 Phanteks T30 fans
    Keyboard
    Cherry KC 500 MX LP (mechanical)
    Mouse
    Logitech M500s (wired)
    Internet Speed
    2000/250 Mbps (down/up)
    Other Info
    xFinity gateway

  • At a glance

    windows 11 26200.8728Intel I9-13900K64GB G.Skill DDR5-6000Gigabyte RTX 3090 ti
    Operating System
    windows 11 26200.8728
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Intel I9-13900K
    Motherboard
    Asus RoG Strix Z690-E
    Memory
    64GB G.Skill DDR5-6000
    Graphics card(s)
    Gigabyte RTX 3090 ti
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Philips 27E1N8900 27" OLED
    Screen Resolution
    3840 X 2160 @60Hz
    Hard Drives
    WDC SN850 1TB
    8TB Seagate Ironwolf
    4TB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 1300 GT
    Case
    Lian Li 011 Dynamic Evo
    Cooling
    Corsair iCUE H150i ELITE CAPELLIX Liquid CPU Cooler
    Keyboard
    Cherry Streaming (wired)
    Mouse
    Logitech M500s (wired)
Both browsers use a reputation service to check downloaded binaries for malicious flagged content. For example Google owns Virus Total. These services are not flawless so it's possible it's one of the following
  • a truly malicious file
  • a false positive
  • a dual-use binary (meaning it can be used for good or commonly used by threat actors)
  • other
 

My Computer My Computer

At a glance

Linux Mint
OS
Linux Mint
Computer type
Laptop
Manufacturer/Model
System76 Lemur Pro
Just for fun, I disabled the Windows security protections and downloaded the file. I re-enabled the protections immediately after.

Defender deleted the file almost immediately. I didn't get time to do a Malwarebytes scan on it.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 26200.8728Amd Threadripper 7970X128GB (4 X 32) G.Skill DDR5 6400 (RDIMM)Gigabyte RTX 4090 OC
    OS
    Windows 11 26200.8728
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Amd Threadripper 7970X
    Motherboard
    Gigabyte TRX50 Aero D Rev. 1.0
    Memory
    128GB (4 X 32) G.Skill DDR5 6400 (RDIMM)
    Graphics Card(s)
    Gigabyte RTX 4090 OC
    Sound Card
    none (USB to speakers), Realtek
    Monitor(s) Displays
    Innocn 32" OLED
    Screen Resolution
    3840 X 2160 @ 60Hz
    Hard Drives
    Crucial T700 2TB M.2 NVME SSD
    WD 4TB Blue SATA SSD
    Seagate 18TB IronWolf Pro
    PSU
    BeQuiet! Straight Power 12 1500W
    Case
    Lian Li 011 Dynamic Evo XL
    Cooling
    SilverStone Technology XE360-TR5, with 3 Phanteks T30 fans
    Keyboard
    Cherry KC 500 MX LP (mechanical)
    Mouse
    Logitech M500s (wired)
    Internet Speed
    2000/250 Mbps (down/up)
    Other Info
    xFinity gateway

  • At a glance

    windows 11 26200.8728Intel I9-13900K64GB G.Skill DDR5-6000Gigabyte RTX 3090 ti
    Operating System
    windows 11 26200.8728
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Intel I9-13900K
    Motherboard
    Asus RoG Strix Z690-E
    Memory
    64GB G.Skill DDR5-6000
    Graphics card(s)
    Gigabyte RTX 3090 ti
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Philips 27E1N8900 27" OLED
    Screen Resolution
    3840 X 2160 @60Hz
    Hard Drives
    WDC SN850 1TB
    8TB Seagate Ironwolf
    4TB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 1300 GT
    Case
    Lian Li 011 Dynamic Evo
    Cooling
    Corsair iCUE H150i ELITE CAPELLIX Liquid CPU Cooler
    Keyboard
    Cherry Streaming (wired)
    Mouse
    Logitech M500s (wired)
bobkn said:
Defender deleted the file almost immediately. I
Click to expand...
Does "Protection history" say what it detected?

I downloaded the portable beta version from SourceForge, checked it with VirusTotal, which was flagged, most likely heuristically, by a vendor, but the rest was green, including "Microsoft." Window defender didn't delete what I downloaded.
 

My Computer My Computer

At a glance

Windows 11 Pro 25H2
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom