Windows Store blocked

[Parkinsond]

Windows Store blocked by Defender ASR rule "block executable files from running unless they meet a prevalence, age, or trusted list criteria" on Windows 11 25H2. Windows Store version appears to be 22508.1401.9.0.

 

[Andy Ful]

View attachment 292039

Such examples can show that ASR rules are not perfect.
However, this guy was very "lucky" to get such a block. He was one of the first 1,000 users to try the new Winstore.App.exe.
Such a block can also happen due to some delay in Defender updates.

 

[Parkinsond]

Such examples can show that ASR rules are not perfect.
However, this guy was very "lucky" to get such a block. He was one of the first 1,000 users to try the new Winstore.App.exe.
Such a block can also happen due to some delay in Defender updates.

I have no MS store, but when I used to have, I never faced such a scenario with this ASR rule.

 

[simmerskool]

View attachment 292039

There is an issue with new MS Store app, DeepInstinct blocked 4 MS store files on my system as a dropper threat:
... C:\Program Files\WindowsApps\Microsoft.WindowsStore_22512.1401.5.0_x64__[deleted]\store.exe
... C:\Program Files\WindowsApps\Microsoft.WindowsStore_22512.1401.5.0_x64__[deleted]\WinStore.App.exe
... C:\Program Files\WindowsApps\Microsoft.WindowsStore_22512.1401.5.0_x64__[deleted]\StoreMcpServer.exe
... C:\Program Files\WindowsApps\Microsoft.WindowsStore_22512.1401.5.0_x64__[deleted]\StoreDesktopExtension.exe

more info from DeepInstinct about this:
"This week, Microsoft pushed Windows Update changes that impacted several of our customers, as well as customers of other security vendors, where certain Windows Store components were flagged as false positives. The resulting impact in these cases is that the Windows Store does not function as expected. Microsoft also released additional changes this week, including a DLL update, which has had a similar effect across multiple security platforms but did not affect Deep Instinct customers.
The affected Windows Store executables contain malicious characteristics such as obfuscation and anti-analysis techniques, resulting in a High severity threat classification. We identified this prior to any customer support tickets being opened by our proactive logging. As this appeared to be a threat distributed from Microsoft, our Threat Research team were required to put it through our malware analysis platforms to be confident in adding it to our Global Allow List.
Until Deep Instinct receives clarity from Microsoft, as a possible mitigation, customers may consider excluding the following directory:
C:\Program Files\WindowsApps\*
Implementing this exclusion may reduce the likelihood of similar false positives from future Windows updates affecting the same components. The decision to apply this exclusion remains entirely at the customer’s discretion and should be evaluated based on the customer’s own security requirements and risk tolerance."

 

[Kongo]

There is an issue with new MS Store app, DeepInstinct blocked 4 MS store files on my system as a dropper threat:
... C:\Program Files\WindowsApps\Microsoft.WindowsStore_22512.1401.5.0_x64__[deleted]\store.exe
... C:\Program Files\WindowsApps\Microsoft.WindowsStore_22512.1401.5.0_x64__[deleted]\WinStore.App.exe
... C:\Program Files\WindowsApps\Microsoft.WindowsStore_22512.1401.5.0_x64__[deleted]\StoreMcpServer.exe
... C:\Program Files\WindowsApps\Microsoft.WindowsStore_22512.1401.5.0_x64__[deleted]\StoreDesktopExtension.exe

more info from DeepInstinct about this:
"This week, Microsoft pushed Windows Update changes that impacted several of our customers, as well as customers of other security vendors, where certain Windows Store components were flagged as false positives. The resulting impact in these cases is that the Windows Store does not function as expected. Microsoft also released additional changes this week, including a DLL update, which has had a similar effect across multiple security platforms but did not affect Deep Instinct customers.
The affected Windows Store executables contain malicious characteristics such as obfuscation and anti-analysis techniques, resulting in a High severity threat classification. We identified this prior to any customer support tickets being opened by our proactive logging. As this appeared to be a threat distributed from Microsoft, our Threat Research team were required to put it through our malware analysis platforms to be confident in adding it to our Global Allow List.
Until Deep Instinct receives clarity from Microsoft, as a possible mitigation, customers may consider excluding the following directory:
C:\Program Files\WindowsApps\*
Implementing this exclusion may reduce the likelihood of similar false positives from future Windows updates affecting the same components. The decision to apply this exclusion remains entirely at the customer’s discretion and should be evaluated based on the customer’s own security requirements and risk tolerance."

happened to me too. Seems to be fixed now tho.