Question
Issue: How to fix Windows Defender sees a legitimate file as virus?
Hello. Windows Defender sees a PowerShell script as virus. I created it myself, so it is obvious the script is not malicious. Is there any way to fix this problem? Thanks in advance.
Solved Answer
Windows Defender, now known as Microsoft Defender, is a security app for personal computers with Windows operating systems.[1] This program can protect devices from spyware, viruses, malware, PUPs, other intruders. While security solutions provided by Microsoft, especially Windows Security Essentials, were considered low-grade protection, the current state of Windows Defender competes well with third-party options, making it an attractive choice for many.
However, just like any other application, it has bugs that can be encountered in some cases. Previously, we observed issues like the app closing games abruptly, identifying the same threat repeatedly, or returning errors such as 0x8050800c or 0x800106ba. Windows Defender mistaking legitimate files as malicious is yet another issue that multiple users have reported on various IT forums and message boards.
While some users said that Windows Defender sees a legitimate file as a virus when downloading them from somewhere, some cases related to user-created scripts with PowerShell. These are utilized to automate certain processes within the Windows environment and are essentially harmless. Nonetheless, since the operating system can not detect a valid signature for it, Windows Defender might see PowerShell file as virus.
The issue with Windows Defender sees a legitimate file as the virus can be triggered by incompatible programs, files, or corruption of data, applications, or system settings. Even though PowerShell scripts[2] created by users themselves are truly harmless, some files downloaded from unknown sources might actually be malicious, so it is important to take caution.
Hence, it might be difficult to fix Windows Defender sees a legitimate file as a virus issue. For example, it was reported that the security software was flagging various harmless files as Trojan:Win32/Bluteal.B!rfn, which is originally used to detect CPU miners. This uncertainty raises questions and frustrates people the most.
You should ensure that there are no particular malware[3] programs that could lead to Windows Defender seeing a legitimate file as a virus or another virus detection alerts from the system security provider. While Defender is a relatively effective app, it has some bugs, so you should take update issues and the problems with a program itself into consideration.
How to fix Windows Defender sees a legitimate file as virus
You can fix Windows Defender sees a legitimate file as virus and various false positive detections by running an alternative anti-malware tool that checks for security issues, finds malware, and clears infections if needed. Also, programs like RestoroMac Washing Machine X9 can help with compatibility or system corruption issues. You might find problems with not compatible files or applications that lead to issues with other programs, functions, and even systems' performance.
Do not speed to conclusions that indicated files are malicious, consider a few methods from the list below instead. File or folder exclusions might be the best method to avoid the reappearance of the Windows Defender sees a legitimate file as virus issue.
Fix 1. Scan the system from Safe Mode to fix Windows Defender sees a legitimate file as virus
- You can remove any malware properly via this mode, so press Win and R keys to open Run box.
- Then enter msconfig there.
- System Configuration window appears.
- Switch to the boot tab and click on Safe Boot option.
- Choose Network option and save changes.
- Restart the computer.
Fix 2. Add an exclusion to Windows Security
- Go to Start menu and choose Settings.
- Then select Update & Security.
- Select Windows Security and then Virus & threat protection.
- There, choose Manage settings.
- Then find Exclusions where you can select Add or remove the particular exclusion.
- Choose to Add an exclusion and select specific files, folders, or file types, processes for the exclusion.
Fix 3. Check for Windows Defender updates to fix Windows Defender sees a legitimate file as virus
- Go to Settings.
- Find Update & Security and then find Windows Update to click on Check for updates.
- If new updates are available, you will find them listed under the Definition Update for Windows Defender and can install them.
Bonus: how to deal with Windows Defender sees PowerShell file as virus
The best way to fix the problem is by adding the file in question to the exclusion list, as we explained in solution number two. However, when dealing with some files, especially with PowerShell scripts, the issue remains even after excluding it from being detected. In such a case, you have to access the Windows Defender protection history and restore the file first. Here's how to do it:
- Open Windows Security and select Virus & Threat protection.
- Pick Protection history.
- In here, you will find a list of all the threats that have been blocked recently.
- Find the entry based on the time/date and click on it.
- In the bottom-right, click on Actions.
- From the drop-down menu, select Allow.
- Now add the file to exclusions as explained above.
Repair your Errors automatically
ugetfix.com team is trying to do its best to help users find the best solutions for eliminating their errors. If you don't want to struggle with manual repair techniques, please use the automatic software. All recommended products have been tested and approved by our professionals. Tools that you can use to fix your error are listed bellow:
Access geo-restricted video content with a VPN
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
Don’t pay ransomware authors – use alternative data recovery options
Malware attacks, particularly ransomware, are by far the biggest danger to your pictures, videos, work, or school files. Since cybercriminals use a robust encryption algorithm to lock data, it can no longer be used until a ransom in bitcoin is paid. Instead of paying hackers, you should first try to use alternative recovery methods that could help you to retrieve at least some portion of the lost data. Otherwise, you could also lose your money, along with the files. One of the best tools that could restore at least some of the encrypted files – Data Recovery Pro.
- ^ Microsoft Defender. Wikipedia. The free encyclopedia.
- ^ Defender sees powershell file as virus. Tenforums. Windows community forum.
- ^ Roger A. Grimes. 9 types of malware and how to recognize them. CSOonline. IT and cyber security news and analysis.