I need help. Windows 11 has a virus called Windows Defender Anti-virus

Yup, I'm being sarcastic because that's all I got left right now. Taking a hammer to this computer is looking more likely.

A virus is software that does something you don't want it to do right? Like delete files?

Windows defender keeps deleting files on me that I do NOT want deleted. Keeps registering them as Malicious software.. It's actually parental control software I purchased to keep my child safe and monitor her internet activities. I have added the file to the windows antivirus exceptions list and it still keeps deleting it. I've added the entire directory, and it still keeps deleting it.

Now it has done it again.. Windows antivirus is itself a virus. I need to restore the file and it won't let me. I click the restore option and it does nothing. Now I'm trying to restore it manually. I've googled how to do it and nothing works. Specifically, all these instructions tell me to execute a command. I open windows powershell (admin) and copy/paste the command and edit the file name.
%ProgramFiles%\Windows Defender\MpCmdRun.exe -Restore -Name MyFile.exe

But when I try to run that file, it says:
The module '%ProgramFiles%' could not be loaded. For more information, run 'Import-Module
%ProgramFiles%'.

I've tried a half dozen websites, none work.

I did have one bit of success.. I was able to run a command that listed files under quarantine to make sure MyFile.exe was there, and it was.

Help please.

You should run that in a command prompt, not PowerShell, and wrap it in quotes.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -Name MyFile.exe

I don't know what procedure you used for the exclusions. I suggest
Add or Remove Exclusions for Microsoft Defender - ElevenForumTutorials


Denis

pseymour said:

You should run that in a command prompt, not PowerShell, and wrap it in quotes.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -Name MyFile.exe

Click to expand...

Thank you.
I think I finally got a new response. I didn't know there was a difference between powershell and a dos prompt.. they look the same.

When entering the command, it returns:
DNS Server not authorized for zone.

The file is on the USB drive connected to my router.

When I enter this:
cd "%ProgramFiles%\Windows Defender"
Then this:
MpCmdRun.exe -Restore -ListAll

The file in question is clearly listed.. But when trying to restore it using your suggestion, it returns DNS server not authorized for zone

Running the ListAll command, this is what it returns.

ThreatName = Trojan:Win32/Kepavll!rfn
file:\\192.168.1.1\sda1\ASUS USB\SpyAgent15UpgradeInstall\SpyAgent15Upgrade.exe quarantined at Tue, November 18, 2025 10:47:10 PM (UTC)

FYI: SpyAgent is software created by SpyTech.. Here's the link to their website:

I post the FYI because anything with the word "spy" in its name sounds horrible. I use this to monitor my kid's computer and she knows its there. I looked at other parental control software but they all force the use of cloud based systems and I wanted to stay away from anything cloud based.

But windows security hates this software and will absolutely NOT allow it no matter what exclusions I put in.

Now I need to figure out how to get this file back..

Murby said:

Windows defender keeps deleting files on me that I do NOT want deleted. Keeps registering them as Malicious software.

I've tried a half dozen websites, none work.

Click to expand...

What was tried.

Which ran Farbar?

Please post some links.

zbook said:

What was tried.

Which ran Farbar?

Please post some links.

Click to expand...

I tried recovering the file using the Restore option in Windows antivirus, that did nothing.

Then tried various commands using windows power shell and CMD (dos prompt). Finally got it to work, but it said it couldn't recover the file due to an error.

It has become clear that Window's Defender / Antivirus is itself a virus. It is doing things I don't want done to my PC and not allowing me to undo the changes. Isn't that the definition of a virus?

Consider temporarily using a third party AV software to see if you have a better computer environment:

ESET
Malwarebytes
etc.

A lot these so-called trojans are false positives. They imitate real malware but don't infect your PC.

I can't remember the last time I saw an actual virus, but every day I hear about another legitimate application that windows defender won't allow people to run.

@Murby You might want to read this about Spytech's data breach: US spyware maker Spytech's data breach exposes surveillance of over 10,000 devices globally - Business & Human Rights Resource Centre

Uninstall the program and all traces of it Using Hitman Pro. HitmanPro and HitmanPro.Alert. Advanced Malware Scanning, Detection and Removal Tools. (free for 30 days)

After doing the above, run another full scan with Windows Defender.

Jacee said:

@Murby You might want to read this about Spytech's data breach: US spyware maker Spytech's data breach exposes surveillance of over 10,000 devices globally - Business & Human Rights Resource Centre

Uninstall the program and all traces of it Using Hitman Pro. HitmanPro and HitmanPro.Alert. Advanced Malware Scanning, Detection and Removal Tools. (free for 30 days)

After doing the above, run another full scan with Windows Defender.

Click to expand...

I read about that before I purchased the software.. The breach was on their servers using their cloud service. Their software can send reports to their servers where you can view it from anywhere.. So like, if you're a business owner on vacation or a business trip, you can just log into their servers to see what your employee is doing on their computer..

You know how some people are anti-this or anti-that in today's political world? Well.. I'm anti-cloud services.. I won't back anything up to a cloud service, or purchase any product that requires an internet connection for the product to "phone home" sort-to-speak.

For example: I installed a whole house energy monitor. It's a mini computer that uses current clamps on all my breakers.. Go ahead, shop around.. You're going to be hard pressed to find one that doesn't send all your data to the company that sold it to you.. in fact, it's required for the devices to work.

I'll engineer and build one myself before I send my energy data to another party.. Seriously, I think anyone who does that sort of thing has a screw loose in their head.
So I use one called IoTaWatt.. No internet required, and in fact my firewall is set to block it if it does try to go outside.

And don't even get me started on the phone apps that are required to use so many products these days.. 90% of all security cameras are off the market for me because they require you to install an app on your phone to make them work. Have you ever read the user agreement for an app??? WTF?? You're basically allowing them to spy on you..

Jeez.. Back in the 1960's, if the government told everyone they wanted us all to wear tracking collars so they knew where we were at at all times, the citizens of this country would have exercised their 2nd amendment rights in an extreme way, and there would be no more government. Now look in your pocket..

People see how far our technology has come.. and most are amazed by it even though they only see the bottom half of what we humans can actually do these days... What most people don't understand is that our behavioral and psychological technology has come just as far... Most never even see 5% of the understanding we've gained in that respect.

People never stop to ask themselves why they're building all these data centers? My neighbor thought it was so they could store all your personal data like your address, phone, job, taxes, what you purchase, etc.. For crying out loud, they could store all that data for all 350 million people on a single desktop PC or two..
Nope, what they store includes that stuff, but that's only about 0.01% of it. They record your mouse movements, how long you look at a webpage, where you go, how fast you drive, your route, how fast you brake, what radio stations you listen to, who you text, who calls you, who you call, how long you talk.. etc etc.
When you purchase a new vehicle today, read the user agreements for all the apps installed in the vehicle.. It's only about 500 pages.. and even your sex life is on the table if they get access to it through those apps.

You've heard of the FBI building profiles on criminals? That's amateur hour compared to what these data centers do on every American.

Enough ranting.. got carried away.

The spytech software is one of the few that do not require an internet connection other than to download the software when you purchase it. It can use the internet if you allow it, but I have all those options turned off. Their software is confined to my home network and the usage logs stay here at home.

On the subject of my little rant.. Here's a short story: Guy bought a new vehicle, and every day when he came home, his cat would run in front of the car as it's way of greeting him.. The sensor on the front of the vehicle would record the cat as a "near collision" each time it happened. The car then reported that data to his insurance company.. Turns out, he was paying around $1300 per year more than he should have because of all those "near collision" events. I think I found that from the ACLU.

Murby said:

I'm anti-cloud

Click to expand...