I have a problem with Defender : it considers a safe script (I know it's safe, I wrote it myself !) as a threat, and I cannot efficiently bypass its "protection" !
This script is downloading a jpeg file from a Web site (this jpeg file is updated once a minute on the web site, it's a WebCam), and launches an external command (jhead.exe) on the resulting file (thanks to WshShell.run command) to set it some EXIF parameters.
First of all, I'm obliged to create a "Defender exception" to the script itself (or to its containing folder), otherwise the script do not even start, because Defender blocks its loading, considering a TrojanDownloader:HTML/Adodb.gen!A threat.
I could also mark this threat as "authorized", but even without doing so, if an exception is defined, the script is not analysed at its loading, and starts.
But at run time, despite the fact that the script is set as an exception, when it comes to the line WshShell.run to launch the jhead.exe command, Defender detects this time the threat Trojan:VBS/Mountsi.A!ml
And I'm obliged to mark this threat as authorized if I want to have this line of the script running (and EXIF data set on the jpeg file).
But I DO NOT WANT to accept this threat in "any circumstances". I ONLY want to that Defender DO NOT consider (falsely) that it is present in my script (where it is NOT).
If I mark it as "Authorized", it won't be any more catched by defender in case another script (I wouldn't have written myself) would actually contain it... and then I wouldn't be any more protected against this threat in a malicious script !
To have defined an exception on this specific script should be enough (and safe).... but it is not enough, and the only solution is NOT safe !
Of course, I can guarantee that the problem is NOT in the jhead.exe, that is 100% safe (and never detected by Defender, nor any other Antivirus), and that I'm using for years without any problem. (Jhead homeage: Exif Jpeg header manipulation tool )
Moreover, I can add also that I have several other scripts I wrote in the past, that are on the same way launching the same jhead.exe command, and that are not considered neither as containing the TrojanDownloader:HTML/Adodb.gen!A when they are loaded, nor running the Trojan:VBS/Mountsi.A!ml when they are run...
I tried also to reorganize a little bit my code, but this didn't solve the issue.
So my question is : Is there a mean to tell Defender : "this script, I'm sure, is safe, let it run", without being obliged to open risk in authorizing a given threat evrywhere ad everytime.
I recently switched from Avast to Defender, on the advice of several other forums that explained it was a lot better, and that Avast was at the origin of a lot of issues...
But I never had such an issue with Avast : when it raises a "false positive", it's enough to create an exception on the .exe or the .vbs and eveything goes well....
Except if there is a solution in Defender to my problem, I think I'll go back soon to Avast....
This script is downloading a jpeg file from a Web site (this jpeg file is updated once a minute on the web site, it's a WebCam), and launches an external command (jhead.exe) on the resulting file (thanks to WshShell.run command) to set it some EXIF parameters.
First of all, I'm obliged to create a "Defender exception" to the script itself (or to its containing folder), otherwise the script do not even start, because Defender blocks its loading, considering a TrojanDownloader:HTML/Adodb.gen!A threat.
I could also mark this threat as "authorized", but even without doing so, if an exception is defined, the script is not analysed at its loading, and starts.
But at run time, despite the fact that the script is set as an exception, when it comes to the line WshShell.run to launch the jhead.exe command, Defender detects this time the threat Trojan:VBS/Mountsi.A!ml
And I'm obliged to mark this threat as authorized if I want to have this line of the script running (and EXIF data set on the jpeg file).
But I DO NOT WANT to accept this threat in "any circumstances". I ONLY want to that Defender DO NOT consider (falsely) that it is present in my script (where it is NOT).
If I mark it as "Authorized", it won't be any more catched by defender in case another script (I wouldn't have written myself) would actually contain it... and then I wouldn't be any more protected against this threat in a malicious script !
To have defined an exception on this specific script should be enough (and safe).... but it is not enough, and the only solution is NOT safe !
Of course, I can guarantee that the problem is NOT in the jhead.exe, that is 100% safe (and never detected by Defender, nor any other Antivirus), and that I'm using for years without any problem. (Jhead homeage: Exif Jpeg header manipulation tool )
Moreover, I can add also that I have several other scripts I wrote in the past, that are on the same way launching the same jhead.exe command, and that are not considered neither as containing the TrojanDownloader:HTML/Adodb.gen!A when they are loaded, nor running the Trojan:VBS/Mountsi.A!ml when they are run...
I tried also to reorganize a little bit my code, but this didn't solve the issue.
So my question is : Is there a mean to tell Defender : "this script, I'm sure, is safe, let it run", without being obliged to open risk in authorizing a given threat evrywhere ad everytime.
I recently switched from Avast to Defender, on the advice of several other forums that explained it was a lot better, and that Avast was at the origin of a lot of issues...
But I never had such an issue with Avast : when it raises a "false positive", it's enough to create an exception on the .exe or the .vbs and eveything goes well....
Except if there is a solution in Defender to my problem, I think I'll go back soon to Avast....