1. False positive from Windows Defender (Phix/pw.exe)

Just for info, Windows Defender started kicking up a fuss about pw.exe, so I submitted it for analysis and got the following reply:

https://www.microsoft.com/en-us/wdsi/submission/572d7268-84cf-4b4a-a1c2-112ff2fdf043

which now gives it the all clear. Amazingly this all happened in less than 12 hours.

Regards,
Pete

new topic     » topic index » view message » categorize

2. Re: False positive from Windows Defender (Phix/pw.exe)

petelomax said...

Just for info, Windows Defender started kicking up a fuss about pw.exe, so I submitted it for analysis and got the following reply:

https://www.microsoft.com/en-us/wdsi/submission/572d7268-84cf-4b4a-a1c2-112ff2fdf043

which now gives it the all clear. Amazingly this all happened in less than 12 hours.

Regards,
Pete

I even told it (locally) that pw.exe is fine, to leave it alone. And it still was knocking it out!

The link above says I cannot view it, but I'm hopeful I won't have my program crash in the middle of the run now.

new topic     » goto parent     » topic index » view message » categorize

3. Re: False positive from Windows Defender (Phix/pw.exe)

euphoric said...

The link above says I cannot view it, but I'm hopeful I won't have my program crash in the middle of the run now.

Oh yeah, I have to sign in to see it - those new privacy laws, I guess, eh?
Anyway, all it said was:

Submission details   
pw.exe 
Submission ID: 572d7268-84cf-4b4a-a1c2-112ff2fdf043  
Status: Completed  
Submitted by: Pete Lomax 
Submitted: Jun 1, 2018 7:42:16 AM  
User Opinion: Incorrect detection 
Analyst comments: Hello , Thank you for your inquiry. We have reviewed the file and we have removed the detection. Best regards, Windows Defender Response 
 
Last rescan request: Jun 1, 2018 11:38:21 AM 
 
Showing 1 of 1 entries 
File name       Final determination     Protection      Current detection       Definition version 
pw.exe          Not malware             Cloud           No malware detected     Online 
                Not malware             Client          No malware detected     1.269.461.0 
And actually, it was less just than 4 hours, for free 'n all!

new topic     » goto parent     » topic index » view message » categorize

4. Re: False positive from Windows Defender (Phix/pw.exe)

Got another one, also promptly dealt with:

Analyst comments: 
Hello, Thank you for your inquiry. We have reviewed the file and we have removed the detection.  
Please try the following steps to clear cached detections and obtain the latest malware definitions.  
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender  
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures” The change will be available latest build. 
This new definition library will be available for users who subscribe to the automatic definition update  
mechanism, as well as users who choose to manually update their definition library.  
The latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions  
Best regards, Windows Defender Response 
 
Showing 1 of 1 entries 
File name	Final determination	Protection	Current detection	Definition version 
pw.exe  	Not malware	        Cloud           No malware detected     Online 
                                        Client	        No malware detected	1.269.1068.0 

new topic     » goto parent     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu