How to fix Windows Defender sees a legitimate file as virus?

Question

Issue: How to fix Windows Defender sees a legitimate file as virus?

Hello. Windows Defender sees a PowerShell script as virus. I created it myself, so it is obvious the script is not malicious. Is there any way to fix this problem? Thanks in advance.

Solved Answer

Windows Defender, now known as Microsoft Defender, is a security app for personal computers with Windows operating systems.[1] This program can protect devices from spyware, viruses, malware, PUPs, other intruders. While security solutions provided by Microsoft, especially Windows Security Essentials, were considered low-grade protection, the current state of Windows Defender competes well with third-party options, making it an attractive choice for many.

However, just like any other application, it has bugs that can be encountered in some cases. Previously, we observed issues like the app closing games abruptly, identifying the same threat repeatedly, or returning errors such as 0x8050800c or 0x800106ba. Windows Defender mistaking legitimate files as malicious is yet another issue that multiple users have reported on various IT forums and message boards.

While some users said that Windows Defender sees a legitimate file as a virus when downloading them from somewhere, some cases related to user-created scripts with PowerShell. These are utilized to automate certain processes within the Windows environment and are essentially harmless. Nonetheless, since the operating system can not detect a valid signature for it, Windows Defender might see PowerShell file as virus.

The issue with Windows Defender sees a legitimate file as the virus can be triggered by incompatible programs, files, or corruption of data, applications, or system settings. Even though PowerShell scripts[2] created by users themselves are truly harmless, some files downloaded from unknown sources might actually be malicious, so it is important to take caution.

Windows Defender sees a legitimate file as virus issue

Hence, it might be difficult to fix Windows Defender sees a legitimate file as a virus issue. For example, it was reported that the security software was flagging various harmless files as Trojan:Win32/Bluteal.B!rfn, which is originally used to detect CPU miners. This uncertainty raises questions and frustrates people the most.

You should ensure that there are no particular malware[3] programs that could lead to Windows Defender seeing a legitimate file as a virus or another virus detection alerts from the system security provider. While Defender is a relatively effective app, it has some bugs, so you should take update issues and the problems with a program itself into consideration.

How to fix Windows Defender sees a legitimate file as virus

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

You can fix Windows Defender sees a legitimate file as virus and various false positive detections by running an alternative anti-malware tool that checks for security issues, finds malware, and clears infections if needed. Also, programs like ReimageMac Washing Machine X9 can help with compatibility or system corruption issues. You might find problems with not compatible files or applications that lead to issues with other programs, functions, and even systems' performance.

Do not speed to conclusions that indicated files are malicious, consider a few methods from the list below instead. File or folder exclusions might be the best method to avoid the reappearance of the Windows Defender sees a legitimate file as virus issue.

Fix 1. Scan the system from Safe Mode to fix Windows Defender sees a legitimate file as virus

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.
  • You can remove any malware properly via this mode, so press Win and R keys to open Run box.
    Run box for direct commands
  • Then enter msconfig there.
  • System Configuration window appears.
  • Switch to the boot tab and click on Safe Boot option.
    Boot options
  • Choose Network option and save changes.
  • Restart the computer.

Fix 2. Add an exclusion to Windows Security

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.
  • Go to Start menu and choose Settings.
  • Then select Update & Security.
  • Select Windows Security and then Virus & threat protection.
    Virus & protection feature on Defender
  • There, choose Manage settings.
  • Then find Exclusions where you can select Add or remove the particular exclusion.
    Virus protection
  • Choose to Add an exclusion and select specific files, folders, or file types, processes for the exclusion.
    Choosing the exclusion by type, folder or particular file

Fix 3. Check for Windows Defender updates to fix Windows Defender sees a legitimate file as virus

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.
  • Go to Settings.
  • Find Update & Security and then find Windows Update to click on Check for updates.
  • If new updates are available, you will find them listed under the Definition Update for Windows Defender and can install them.

Bonus: how to deal with Windows Defender sees PowerShell file as virus

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

The best way to fix the problem is by adding the file in question to the exclusion list, as we explained in solution number two. However, when dealing with some files, especially with PowerShell scripts, the issue remains even after excluding it from being detected. In such a case, you have to access the Windows Defender protection history and restore the file first. Here's how to do it:

  • Open Windows Security and select Virus & Threat protection.
  • Pick Protection history.Access Windows Defender protection history
  • In here, you will find a list of all the threats that have been blocked recently.
  • Find the entry based on the time/date and click on it.
  • In the bottom-right, click on Actions.
  • From the drop-down menu, select Allow.Allow the file to be used
  • Now add the file to exclusions as explained above.

Repair your Errors automatically

ugetfix.com team is trying to do its best to help users find the best solutions for eliminating their errors. If you don't want to struggle with manual repair techniques, please use the automatic software. All recommended products have been tested and approved by our professionals. Tools that you can use to fix your error are listed bellow:

Offer
do it now!
Download Fix
  Happiness
Guarantee
do it now!
Download Fix
  Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
Still having problems?
If you failed to fix your error using Reimage, reach our support team for help. Please, let us know all details that you think we should know about your problem.
Reimage - a patented specialized Windows repair program. It will diagnose your damaged PC. It will scan all System Files, DLLs and Registry Keys that have been damaged by security threats.Reimage - a patented specialized Mac OS X repair program. It will diagnose your damaged computer. It will scan all System Files and Registry Keys that have been damaged by security threats.
This patented repair process uses a database of 25 million components that can replace any damaged or missing file on user's computer.
To repair damaged system, you have to purchase the licensed version of Reimage malware removal tool.

Access geo-restricted video content with a VPN

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

Don’t pay ransomware authors – use alternative data recovery options

Malware attacks, particularly ransomware, are by far the biggest danger to your pictures, videos, work, or school files. Since cybercriminals use a robust encryption algorithm to lock data, it can no longer be used until a ransom in bitcoin is paid. Instead of paying hackers, you should first try to use alternative recovery methods that could help you to retrieve at least some portion of the lost data. Otherwise, you could also lose your money, along with the files. One of the best tools that could restore at least some of the encrypted files –  Data Recovery Pro.

About the author
Jake Doe
Jake Doe - Computer technology geek

Jake Doe is the news editor at UGetFix. Since he met Ugnius Kiguolis in 2003, they both launched several projects that spread awareness about cybercrimes, malware, and other computer-related problems.

Contact Jake Doe
About the company Esolutions

References

What you can add more about the problem: "How to fix Windows Defender sees a legitimate file as virus?"