gpj-high Posted November 23, 2021 ID:1489563 Share Posted November 23, 2021 Hello, Microsoft safety scanner detects this malware while Malwarebytes does not. Is it a false positive knowing that Malwrebytes would take over Microsoft Defender? Thank you for your answer. Kind regards Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2021 ID:1489564 Share Posted November 23, 2021 Hello gpj-high, I believe that is a false positive, when Malwarebytes is installed (or any other 3rd party AV) then Windows defender is turned off. It is recommended that WD is allowed to run at the same time as Malwarebytes. To enable WD to be active at the same time as Malwarebytes do the following: 1. Open Malwarebytes. 2. Select "Settings" 3. Select "Security" 4. scroll to and pull slider fully to the left for "Windows Security Center" settings... Reboot when complete.. Thank you, Kevin. Link to post Share on other sites More sharing options...
gpj-high Posted November 23, 2021 Author ID:1489566 Share Posted November 23, 2021 Hello Kevin, The "Windows Security Center" option in Malwarebytes was already activated. The VirTool:Win32/DefenderTamperingRestore malware reappears with each scan about every 2 weeks with Microsoft Safety Scanner. How can I be sure that this is a false positive? Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2021 ID:1489571 Share Posted November 23, 2021 Yes you need to turn "Windows Security Center" setting OFF Let me see the log from MSS: Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Link to post Share on other sites More sharing options...
gpj-high Posted November 23, 2021 Author ID:1489584 Share Posted November 23, 2021 Microsoft Safety Scanner v1.353, (build 1.353.1449.0) Started On Tue Nov 23 09:41:41 2021 Engine: 1.1.18800.4 Signatures: 1.353.1449.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Full Scan Results: ------------------ Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed! Action: Remove, Result: 0x00000000 regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Tue Nov 23 10:38:12 2021 Return code: 6 (0x6) Link to post Share on other sites More sharing options...
Solution kevinf80 Posted November 23, 2021 Solution ID:1489592 Share Posted November 23, 2021 Yes that is not a false positive per se, it is because Malwarebytes has turned WD off. Follow the instructions I gave previously to deregister Malwarebytes from Windows Security Center in Malwarebytes settings. After a reboot the issue should be cleared Link to post Share on other sites More sharing options...
kevinf80 Posted November 29, 2021 ID:1490364 Share Posted November 29, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts