Jump to content
qwerty123

Windows Defender False Positives of Immunet Temp Files

Recommended Posts

You may be interested to know that Windows Defender is detecting some immunet temp files as Trojan: JS/Foretype.A!ml

This started happening 2 days ago, and has happened daily to me since.

Their "more info" link, if useful: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aJS%2fForetype.A!ml&threatid=2147724342&enterprise=0

Edit: Uh, pasting images to your forum is terrible, they lose a ton of quality in the process, practically unreadable. Here: https://imgur.com/15VhZ3Y

 

image.thumb.png.2c2fa6b71725e0e5497e79237f116111.png

Edited by qwerty123
  • Like 1

Share this post


Link to post
Share on other sites

Great idea to include some screenshots qwerty123, much appreciated!

Those are defiantly ClamAV update files being quarantined.

Have you created an exclusion rule for Immunet's "entire Program Files folder" with Windows Defender yet? If not, give that a try.

If you're using Win 10 & you're not sure how to create custom exclusion rules with WD here's a URL that may be helpful. https://www.windowscentral.com/how-exclude-files-and-folders-windows-defender-antivirus-scans

Share this post


Link to post
Share on other sites

I would like to know the folder location that Immunet uses for quarantined files so that I can add that folder as an exclusion for other scan programs. Win 7 64bit Immunet 6.5.0

The reason is that I run an unattended overnight batch doing back ups and other housekeeping and then on different nights runs scans using Immunet, Windows Defender, or AdAware. I would like to place each scanners quarantine folder as an exclusion in the other scanners.

Edited by ebloch
system problem

Share this post


Link to post
Share on other sites

Hello ebloch,

Actually it has always been recommended that you create a exception/exclusion/allow rule for Immunet's "entire Program Files folder" with any compatible security software you run along side of Immunet. Doing this will, of course, also keep the quarantine files from being scanned by your other programs.

Also, you should create an Exclusion rule with Immunet for the entire Program Files folder for AdAware, Windows Defender is excluded by default. Adding these exclusion rules to all the programs involved can really help to avoid any current or future conflicts!

Cheers, Ritchie...

Share this post


Link to post
Share on other sites

I understand what you are suggesting but if a "bad operator" installs Immunet on his machine he knows this info and should be able to then deposit his payload someplace in that folder and it is then safe from scanning. That is also the problem Nirsoft and any other program that uses "hacking" like programs.

For Nirsoft's programs I installed them on a USB stick and only placed the few apps I call from my batch on my HD and add them as exclusions.

Share this post


Link to post
Share on other sites

The quarantined file directory really shouldn't be manipulated in any way. That could cause undesirable consequences!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...