Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="Andy Ful" data-source="post: 935120" data-attributes="member: 32260"><p>Because, the AMSI-paired ML still blocks the script I resubmitted it to Microsoft and asked to remove the Trojan:VBS/Mountsi.A!ml (AMSI-paired ML) detection. After several hours this detection was removed, but the script is now blocked by Trojan:O97M/Mountsi.D! (another AMSI-paired ML detection).</p><p></p><p>Anyway, some interesting conclusions can be made:</p><ol> <li data-xf-list-type="ol">Submitting the script to Microsoft can rather quickly remove the Defender antimalware detection. The same can be done locally by excluding the script via Security Center.</li> <li data-xf-list-type="ol">The procedure from point 1 cannot automatically remove the detections made by AMSI-paired ML and ASR rules.</li> <li data-xf-list-type="ol">In some cases removing one of AMSI-paired ML detections does not remove other AMSI-paired ML detections.</li> <li data-xf-list-type="ol">ASR exclusions do not remove non-ASR detections.</li> </ol></blockquote><p></p>
[QUOTE="Andy Ful, post: 935120, member: 32260"] Because, the AMSI-paired ML still blocks the script I resubmitted it to Microsoft and asked to remove the Trojan:VBS/Mountsi.A!ml (AMSI-paired ML) detection. After several hours this detection was removed, but the script is now blocked by Trojan:O97M/Mountsi.D! (another AMSI-paired ML detection). Anyway, some interesting conclusions can be made: [LIST=1] [*]Submitting the script to Microsoft can rather quickly remove the Defender antimalware detection. The same can be done locally by excluding the script via Security Center. [*]The procedure from point 1 cannot automatically remove the detections made by AMSI-paired ML and ASR rules. [*]In some cases removing one of AMSI-paired ML detections does not remove other AMSI-paired ML detections. [*]ASR exclusions do not remove non-ASR detections. [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
