Maurice Naggar Posted July 5, 2020 ID:1392247 Share Posted July 5, 2020 I had notes about Smart Screen / Windows Defender. When it displays the block message screen Click on the MORE INFO spot and click "Run Anyway" to over-ride that and allow it to proceed. The tool is safe. Smartscreen is overly sensitive. Link to post Share on other sites More sharing options...
Stevep47 Posted July 5, 2020 Author ID:1392251 Share Posted July 5, 2020 I didn't get as far as seeing the displays that you show here Maurice, as Defender would not even allow the app to be downloaded onto my PC. I'll disable SmartScreen and try again. Link to post Share on other sites More sharing options...
Stevep47 Posted July 5, 2020 Author ID:1392252 Share Posted July 5, 2020 Nope! Still wont let me download it! Image shows bottom left corner of my screen after trying again with SmartScreen turned off. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 5, 2020 ID:1392256 Share Posted July 5, 2020 It looks like Windows Defender has falsely grabbed it as a "virus". That is a false positive. Where is that exe file now? Can you click on the triple dot ... to look for some option to override ? Link to post Share on other sites More sharing options...
Stevep47 Posted July 5, 2020 Author ID:1392274 Share Posted July 5, 2020 The "SecurityCheck.exe" file is not on my PC anywhere. I searched "This PC" for "SecurityCheck" with File Explorer, but it only found my "SecurityCheckDownloadProblem05july2020.jpg" file from about and hour ago. The only option offered by the three dots is "copy download link" - I tried pasting this into a new EDGE tab, but again the download was blocked. Stumped! Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 5, 2020 ID:1392278 Share Posted July 5, 2020 Lets have you go into Windows' Settings then to “Virus & threat protection”. then to look for ‘Protection History’ We want to look for some entry about "SecurityCheck" If you see the SecurityCheck is in quarantine, see if you could use the Restore option to get it out of there. . IF no joy or you do not see it there, it is either a situation of once more, disabling ( temporarily ) a setting, or else, we scratch the idea of trying to use the SecurityCheck. This tool is safe. I very much regret that you have run into these false positives. Link to post Share on other sites More sharing options...
Stevep47 Posted July 5, 2020 Author ID:1392315 Share Posted July 5, 2020 Example of "Protection History" entry for this app is shown below AND that the "Action" to "Allow" is available if wanted, so that's what I've done, with the result also shown below. I'll now try to download the app again, see what happens and let you know. Regards, Steve Link to post Share on other sites More sharing options...
Stevep47 Posted July 5, 2020 Author ID:1392316 Share Posted July 5, 2020 But despite all of that and with SmartScreen off, it still got blocked, but for a different threat detected, a Trojan - Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 5, 2020 ID:1392320 Share Posted July 5, 2020 (edited) This is way to much involved. However, do you see that Action button at the bottom ? Does it allow you to restore it and then use it ?? Use the ALLOW button that is offered when you click on Actions. Edited July 6, 2020 by Maurice Naggar Link to post Share on other sites More sharing options...
Stevep47 Posted July 6, 2020 Author ID:1392396 Share Posted July 6, 2020 Hi Maurice, I'm afraid I'm not comfortable to use the "Allow" on this last threat detected, as it seems to me that its the Trojan I'm allowing and not necessarily the app itself - and once I've allowed a Trojan, or a PUA in the case of the previous "Allow" I did, how can I cancel that at a future time? ALSO, I ran another Defender Full Scan overnight that has now found yet another "Potentially Unwanted Software" as shown below. I have now quarantined this and Protection History is showing as "App Blocked". Regards, Steve Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 6, 2020 ID:1392417 Share Posted July 6, 2020 Hi Steve. We can just scratch the entire suggestion to run the SecurityCheck tool. Lets forgo that. Though I must say that the tool is safe. I have used it on my own system, As have countless folks. On this last finding by the Windows Defender: note that it is on the Cache area of the EDGE browser. Go into Edge. Delete all Cache files. You can do that from the icon-menu of Edge, Or use the shortcut keys to bring out the Option to Delete. SHIFT + CTRL +Delete keys. ( Tick the 4 boxes like these >>> Press Clear button ) Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 6, 2020 ID:1392433 Share Posted July 6, 2020 After clearing the EDGE cache & history, etc as above ^^^^ then lets do what follows to clear out / remove all threats found by Windows Defender. Start a Elevated Powershell command prompt-window. On the Windows taskbar, on the Search box, type in powershell Wait and look for the results list. Click on the line that shows Powershell with "Run as Administrator". Then you will see the Powershell window. Into that, we want to Copy & Paste remove-mpthreat tap Enter key. Close the powershell window. Link to post Share on other sites More sharing options...
Stevep47 Posted July 6, 2020 Author ID:1392451 Share Posted July 6, 2020 Ok Maurice, My version of EDGE came up with a different display than the one you've shown above, but I think I've done what you asked for - images below. I've also run the Powershell command you gave. Regards, Steve Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 6, 2020 ID:1392455 Share Posted July 6, 2020 Allright. Thanks. The Edge cache & history is cleared. Very good. ( though you did not need to delete cookies. But that is ok) The Windows Defender will have dealt with all recent prior threats. That is like having a fresh slate. Link to post Share on other sites More sharing options...
Stevep47 Posted July 7, 2020 Author ID:1392642 Share Posted July 7, 2020 Thank you Maurice, I'll run daily Defender Full Scans for a few days, see what arises (last night's was clear) and let you know. Regards, Steve Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2020 ID:1392732 Share Posted July 7, 2020 You should only do the Full scan one time. It is not necessary to do it more than that. The Windows Task schedule will have one daily scheduled scan for Windows Defender. I do not believe your system currently has any threats. And alas, the prior attempts to run independent scanners ( like ESET Online scanner or DrWeb were halted by over-zealousness by Windows Defender). Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2020 ID:1392735 Share Posted July 7, 2020 PS. After-thought. The system ought to be able to run the Microsoft Safety Scanner without complaint. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. Link to post Share on other sites More sharing options...
Stevep47 Posted July 8, 2020 Author ID:1392887 Share Posted July 8, 2020 Ok Maurice, I've run Microsoft Security Scanner and it has come back all clear for viruses, spyware and PUA, although when I look at the log file I see lots of "->Scan ERROR: resource process:" entries. Does this mean that some files didn't actually get scanned? Also, I see that the log file now includes a previous scan that I did, with similar Scan ERROR entries. Regards, Steve msert.log Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted July 8, 2020 Solution ID:1392908 Share Posted July 8, 2020 No infection found as part of the extended scan Results Summary: ---------------- No infection found. Microsoft Safety Scanner Finished On Wed Jul 08 12:13:59 2020 That is a fine result. The notations & exception lines are normal and do not mean there is any need for concern. These are peculiar to this tool. Seen all th e time. This system and this scan is fine. Link to post Share on other sites More sharing options...
Stevep47 Posted July 9, 2020 Author ID:1393136 Share Posted July 9, 2020 Thank you Maurice, I'll let you know if I have any further problems. Best regards, Steve Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 13, 2020 ID:1394169 Share Posted July 13, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts