Jump to content

Windows Defender False Positives of Immunet Temp Files


qwerty123
 Share

Recommended Posts

You may be interested to know that Windows Defender is detecting some immunet temp files as Trojan: JS/Foretype.A!ml

This started happening 2 days ago, and has happened daily to me since.

Their "more info" link, if useful: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aJS%2fForetype.A!ml&threatid=2147724342&enterprise=0

Edit: Uh, pasting images to your forum is terrible, they lose a ton of quality in the process, practically unreadable. Here: https://imgur.com/15VhZ3Y

 

image.thumb.png.2c2fa6b71725e0e5497e79237f116111.png

Edited by qwerty123
  • Like 1
Link to comment
Share on other sites

Great idea to include some screenshots qwerty123, much appreciated!

Those are defiantly ClamAV update files being quarantined.

Have you created an exclusion rule for Immunet's "entire Program Files folder" with Windows Defender yet? If not, give that a try.

If you're using Win 10 & you're not sure how to create custom exclusion rules with WD here's a URL that may be helpful. https://www.windowscentral.com/how-exclude-files-and-folders-windows-defender-antivirus-scans

Link to comment
Share on other sites

  • 1 month later...

I would like to know the folder location that Immunet uses for quarantined files so that I can add that folder as an exclusion for other scan programs. Win 7 64bit Immunet 6.5.0

The reason is that I run an unattended overnight batch doing back ups and other housekeeping and then on different nights runs scans using Immunet, Windows Defender, or AdAware. I would like to place each scanners quarantine folder as an exclusion in the other scanners.

Edited by ebloch
system problem
Link to comment
Share on other sites

Hello ebloch,

Actually it has always been recommended that you create a exception/exclusion/allow rule for Immunet's "entire Program Files folder" with any compatible security software you run along side of Immunet. Doing this will, of course, also keep the quarantine files from being scanned by your other programs.

Also, you should create an Exclusion rule with Immunet for the entire Program Files folder for AdAware, Windows Defender is excluded by default. Adding these exclusion rules to all the programs involved can really help to avoid any current or future conflicts!

Cheers, Ritchie...

Link to comment
Share on other sites

I understand what you are suggesting but if a "bad operator" installs Immunet on his machine he knows this info and should be able to then deposit his payload someplace in that folder and it is then safe from scanning. That is also the problem Nirsoft and any other program that uses "hacking" like programs.

For Nirsoft's programs I installed them on a USB stick and only placed the few apps I call from my batch on my HD and add them as exclusions.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...