Q&A EEK Files Detected as Malware by Microsoft Defender

blackice

Level 32
Verified
Apr 1, 2019
2,172
I have used Emsisoft Emergency Kit a lot in the past. I may not use it as a common 3rd party scanner for now in combination with Microsoft Defender. Any time I run an update and scan Defender deletes some of the signatures during the scan. Emsisoft has confirmed it's a false positive on Defender's part, but I don't know what effect this is having on the scan for EEK. Just a heads up to anyone using it. Interestingly it is the first Real Time block I've ever seen from Defender. Apparently they changed something and made it more sensitive.

CaptureTrojan.PNG
 
Last edited by a moderator:

plat1098

Level 24
Verified
Sep 13, 2018
1,333
Is it this thread you're referring to? That was already in December 2020 and it's still happening. Hmmm. Well it wouldn't do much good to log into there only to say, "hey, here's another Trojan notification from Defender after running EEK" b/c the rep maintains it's on Microsoft's end.

If I was using EEK presently, this would turn me right off. I mean: who needs this? Would it be worth submitting a false-positive report to Microsoft? Probably someone already did. :unsure::whistle::coffee: Annoying, imo.
 

blackice

Level 32
Verified
Apr 1, 2019
2,172
Is it this thread you're referring to? That was already in December 2020 and it's still happening. Hmmm. Well it wouldn't do much good to log into there only to say, "hey, here's another Trojan notification from Defender after running EEK" b/c the rep maintains it's on Microsoft's end.

If I was using EEK presently, this would turn me right off. I mean: who needs this? Would it be worth submitting a false-positive report to Microsoft? Probably someone already did. :unsure::whistle::coffee: Annoying, imo.
Good find. I guess that’s around when I built my new computer and hadn’t loaded all my second opinion scanners yet. EEK is going to come off my machines running MD for now. It was super unnerving to get the Trojan warning, now knowing what it is it is just annoying and doesn’t instill confidence.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,288
Interesting report, even if of course EEK is no malware. That's way too far fetched, but if it constant happens, it wouldn't hurt to send Emsisoft a new report about it. I just read the linked one from member @plat1098 and that case is 100% solved as the culprit was adwcleaner.

I personal have zero issues with EEK, and other then it's updates can be somewhat slow and some parts of the UI could be improved, I'm not gonna throw it out the system. Also makes me extra happy I use another AV ( not Microsoft Defender and not Emsisoft btw :p ) as my default.
 

blackice

Level 32
Verified
Apr 1, 2019
2,172
Interesting report, even if of course EEK is no malware. That's way too far fetched, but if it constant happens, it wouldn't hurt to send Emsisoft a new report about it. I just read the linked one from member @plat1098 and that case is 100% solved as the culprit was adwcleaner.

I personal have zero issues with EEK, and other then it's updates can be somewhat slow and some parts of the UI could be improved, I'm not gonna throw it out the system. Also makes me extra happy I use another AV ( not Microsoft Defender and not Emsisoft btw :p ) as my default.
It’s the strangest thing. I can run a scan and watch files pop into their temp folder and almost every time 2 of them are detected by Microsoft Defender. Kind of interesting watching it happen in real time. According to Emsisoft they use that temp folder to unload the updated Bitdefender signatures. Definitely put my mind at ease about it being something else.

Upon rereading their reply they say that is during the update, but I get the detection during a scan. So, maybe I need to revisit with Emsisoft. In fact I just realized both times I left the EEK ‘installer’ in my downloads folder. I think it’s possibly Defender detecting Emsisoft scanning it’s own install file. Similar to the thread @plat1098 found.
 
Top