Advice Request Configure Defender

[ForgottenSeer 69673]

I have had this file in my downloads folder for weeks and today after an insider update, Cylance decided to quarinteen it.

 

[JiSingh12]

Will most likely be fine, i just ran "ConfigureDefender_x64.exe" version 1.0.1.1, through VirusTotal and Cylance and 99% of other detection results come up clean. However, if you go on VirusTotal and put that same file from your downloads through, then you will know.
May have to recover it from Quarantine, but never used Cylance so cant say.

 

[Eddie Morra]

Report the false positive to Cylance and they should fix it for you.

i just ran "ConfigureDefender_x64.exe" version 1.0.1.1, through VirusTotal and Cylance and 99% of other detection results come up clean.

This confirms that the Cylance engine integrated within the consumer products is not identical to the one shared with VirusTotal.

 

[JiSingh12]

This confirms that the Cylance engine integrated within the consumer products is not identical to the one shared with VirusTotal.

Possibly. Not sure. VirusTotal states that "Malware signatures are updated frequently by VirusTotal as they are distributed by antivirus companies, this ensures that our service uses the latest signature sets.".

 

[In2an3_PpG]

From VirusTotal:
A given antivirus in VirusTotal detects a file and its equivalent commercial version does not

VirusTotal antivirus solutions sometimes are not exactly the same as the public commercial versions. Very often, antivirus companies parametrize their engines specifically for VirusTotal (stronger heuristics, cloud interaction, inclusion of beta signatures, etc.). Therefore, sometimes the antivirus solution in VirusTotal will not behave exactly the same as the equivalent public commercial version of the given product.

Why do not you include statistics comparing antivirus performance?


At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:

• VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioural analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
• In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
• Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.

These are just three examples illustrating why using VirusTotal for antivirus testing is a bad idea, you can read more about VirusTotal and antivirus comparatives in our blog.