Jump to content

VirTool:Win32/DefenderTamperingRestore


Recommended Posts

This has been picked up and only by MSERT.

No additional threats found and MSERT has advised:

Extended Scan Removal Results

Start 'remove' for regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware

----------------

Operation succeeded !

Has anyone seen this and dealt with it? More for my own peace of mind than anything.

System in question does use third party protection which picked nothing up along with scans by Malware Bytes and Adaware as second opinions.

Feel that the key would be changed if 3rd party protection is present and likely a false positive from the Microsoft Security Scanner but want to be sure.

 

Link to post
Share on other sites

So in this scenario why would only Microsoft Security Scanner detect an issue with that registry key? False positive?

Reading the link would suggest it can pose a risk but it's not a cast iron indication there is actually any risk?

MBAM and others found nothing on numerous previous scans on the system and given its seemingly a standard registry key on all systems for Windows Defender one might expect the value to be changed if using 3rd party protection.

Link to post
Share on other sites

  • Root Admin

"DisableAntiSpyware" with Dword = 1, is identified as "VirTool:Win32/DefenderTampering Restore".

The Safety Scanner found this threat in your Registry at Hkey_Local_Machine\Software\Microsoft\Windows Defender.

It is commonly used by malware or "other" antivirus programs to disable Windows Defender.

There is no threat to your system. Microsoft simply reenabled the setting back to default.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.