Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="Andy Ful" data-source="post: 935421" data-attributes="member: 32260"><p>Understand. Yes, such exclusion can decrease the scripting detection if it was done for the dangerous script, especially when used in the wild. That is why I suggested you rather split the script to avoid detection. But, as you concluded by yourself you do not think that this particular script is dangerous and it was not used in the wild (it is your own script). I submitted this script to Microsoft and the analyst also thinks so.</p><p>If you do not believe the Microsoft analyst and think that your script can be dangerous anyway, then do not exclude it.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p><p></p><p>Edit.</p><p>It is probable that the cumulative effect of excluding many different scripts could make an impact on post-execution script detection. To avoid this, one should try to submit all excluded scripts to Microsoft. After submitting, they are often used to learn Defender models to improve the detection (minimize the false-positive rate without decreasing malware detection).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 935421, member: 32260"] Understand. Yes, such exclusion can decrease the scripting detection if it was done for the dangerous script, especially when used in the wild. That is why I suggested you rather split the script to avoid detection. But, as you concluded by yourself you do not think that this particular script is dangerous and it was not used in the wild (it is your own script). I submitted this script to Microsoft and the analyst also thinks so. If you do not believe the Microsoft analyst and think that your script can be dangerous anyway, then do not exclude it.(y) Edit. It is probable that the cumulative effect of excluding many different scripts could make an impact on post-execution script detection. To avoid this, one should try to submit all excluded scripts to Microsoft. After submitting, they are often used to learn Defender models to improve the detection (minimize the false-positive rate without decreasing malware detection). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
