Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="LaurentG" data-source="post: 935557" data-attributes="member: 91050"><p>Yes, you're right, I just did the test and I have the same.</p><p>This is very strange.... and make me even more doubtful than before on accuracy of AMSI-based detections of MSDefender....</p><p></p><p>I don't remember exactly why I'm using <strong>"Msxml2.ServerXMLHTTP" </strong>rather than <strong>"WinHTTP.WinHTTPRequest.5.1"</strong></p><p>As far as I remember, in the past, my scripts that dowloaded files from Internet were using <strong>"Msxml2.XMLHTTP" </strong>(not <strong>server</strong>XMLHTTP...) , and some other were using<strong> "WinHTTP.WinHTTPRequest.5.1"</strong>. But I got some problems (I don't remember at all which ones). And it is on some forums that I found it was preferable to use "Msxml2.ServerXMLHTTP". Indeed, this solved al my issues..... until this script (but at this time, I was not using MSDefender, but AVAST, as antivirus).</p><p>And to be honest, I do not have any idea on the difference between these various solutions Msxml2.ServerXMLHTTP/ Msxml2.XMLHTTP / WinHTTP.WinHTTPRequest.5.1</p><p></p><p>Anyway, if I didn't have found a solution to have my script working, your test could be one. But since it's OK splitting the script in two sub-scripts...</p><p>Moreover, this kind of solution could help, but wouldn't be the answer to the initial question I ask with this thread :<strong> How to prevent efficiently Defender from considering a given VBS script as containing a threat ?</strong></p><p></p><p>We've seen that <strong>there is no solution</strong> for threats detected by AMSI-based models... except maybe to send a request of "False positive" to MS.... provided MS give a really positive answer to the question you sent them yesterday....</p><p>I'm looking forward to getting MS answer....</p></blockquote><p></p>
[QUOTE="LaurentG, post: 935557, member: 91050"] Yes, you're right, I just did the test and I have the same. This is very strange.... and make me even more doubtful than before on accuracy of AMSI-based detections of MSDefender.... I don't remember exactly why I'm using [B]"Msxml2.ServerXMLHTTP" [/B]rather than [B]"WinHTTP.WinHTTPRequest.5.1"[/B] As far as I remember, in the past, my scripts that dowloaded files from Internet were using [B]"Msxml2.XMLHTTP" [/B](not [B]server[/B]XMLHTTP...) , and some other were using[B] "WinHTTP.WinHTTPRequest.5.1"[/B]. But I got some problems (I don't remember at all which ones). And it is on some forums that I found it was preferable to use "Msxml2.ServerXMLHTTP". Indeed, this solved al my issues..... until this script (but at this time, I was not using MSDefender, but AVAST, as antivirus). And to be honest, I do not have any idea on the difference between these various solutions Msxml2.ServerXMLHTTP/ Msxml2.XMLHTTP / WinHTTP.WinHTTPRequest.5.1[B][/B] Anyway, if I didn't have found a solution to have my script working, your test could be one. But since it's OK splitting the script in two sub-scripts... Moreover, this kind of solution could help, but wouldn't be the answer to the initial question I ask with this thread :[B] How to prevent efficiently Defender from considering a given VBS script as containing a threat ?[/B] We've seen that [B]there is no solution[/B] for threats detected by AMSI-based models... except maybe to send a request of "False positive" to MS.... provided MS give a really positive answer to the question you sent them yesterday.... I'm looking forward to getting MS answer.... [/QUOTE]
Insert quotes…
Verification
Post reply
Top
