Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="LaurentG" data-source="post: 935988" data-attributes="member: 91050"><p>Hi Andy,</p><p></p><p>I just did the test, and I confirm it's OK now, at least for this script.</p><p></p><p>To be very specific :</p><p>- In the<strong> exact script </strong>you uploaded to Microsoft, MS Defender do not detect any more any threat (neither TrojanDownloader:HTML/Adodb.gen!A nor Trojan:VBS/Mountsi.A!ml.), and this without any exclusion / whitelisting defined.</p><p></p><p>- In "similar" scripts obtained by slight modifications of the "original" script</p><p> - MS Defender continue to detect TrojanDownloader:HTML/Adodb.gen!A, but, as it was already the case before, this detection can be bypassed with Folder (or file) exclusion.</p><p> - MS Defender <strong>do not detect any more</strong> Trojan:VBS/Mountsi.A!ml. <strong>even if there is no exclusion defined</strong></p><p></p><p>This means that fix provided by MS with the <em>new security intelligence update version 1.333.1190.0.</em> (and above) enhances AMSI-based detections and avoids (at least) <strong>THIS </strong>specific "false positive" detection.</p><p></p><p>Nevertheless, the remaining question is : <strong>what would happen if AMSI-based threat was still detected</strong> ? <strong>And what will happen when such a detection will occur "erroneously" for a completely different script ?</strong> Will it be possible to "exclude it" for these scripts only ? </p><p>Let me remind you that this was the initial issue I raised with this thread : <u><strong>Ability to exclude A GIVEN SCRIPT from AMSI-based detection without excluding ALL AMSI-based detection.</strong></u></p><p></p><p>And since these scripts are no more detected with AMSI-based detections, <u><strong><u>we still cannot answer definitely to this question.</u></strong></u></p><p></p><p>Nevethless, there is at least one question we've been answered : <strong>It's now clear that you have very good relationship with Microsoft <img class="smilie smilie--emoji" loading="lazy" alt="😄" title="Grinning face with smiling eyes :smile:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f604.png" data-shortname=":smile:" /></strong></p></blockquote><p></p>
[QUOTE="LaurentG, post: 935988, member: 91050"] Hi Andy, I just did the test, and I confirm it's OK now, at least for this script. To be very specific : - In the[B] exact script [/B]you uploaded to Microsoft, MS Defender do not detect any more any threat (neither TrojanDownloader:HTML/Adodb.gen!A nor Trojan:VBS/Mountsi.A!ml.), and this without any exclusion / whitelisting defined. - In "similar" scripts obtained by slight modifications of the "original" script - MS Defender continue to detect TrojanDownloader:HTML/Adodb.gen!A, but, as it was already the case before, this detection can be bypassed with Folder (or file) exclusion. - MS Defender [B]do not detect any more[/B] Trojan:VBS/Mountsi.A!ml. [B]even if there is no exclusion defined[/B] This means that fix provided by MS with the [I]new security intelligence update version 1.333.1190.0.[/I] (and above) enhances AMSI-based detections and avoids (at least) [B]THIS [/B]specific "false positive" detection. Nevertheless, the remaining question is : [B]what would happen if AMSI-based threat was still detected[/B] ? [B]And what will happen when such a detection will occur "erroneously" for a completely different script ?[/B] Will it be possible to "exclude it" for these scripts only ? Let me remind you that this was the initial issue I raised with this thread : [U][B]Ability to exclude A GIVEN SCRIPT from AMSI-based detection without excluding ALL AMSI-based detection.[/B][/U] And since these scripts are no more detected with AMSI-based detections, [U][B][U]we still cannot answer definitely to this question.[/U][/B][/U] Nevethless, there is at least one question we've been answered : [B]It's now clear that you have very good relationship with Microsoft 😄[/B] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
