Windows Defender has Gone Power Mad

  • Thread starter Thread starter Miss Chief
  • Start date Start date

Miss Chief

It is getting to the point where I have had to exclude one of my main download directories, which kind of defeats the purpose of having anti-virus (don't worry I only did this temporarily until I found a better solution, granted not a lot better but a bit better as I will detail below).

Defender is not only quarantining epub files about programming and network security (books, it thinks books about computer security are a threat, well it isn't wrong, cause it is under serious threat of being replaced if it keeps on like this), it won't let me un-quarantine/allow them, they aren't even in the vault which is located at C:\ProgramData\Microsoft\Windows Defender\LocalCopy if anyone else having this issue, stumbles across this post, not that it will help cause apparently books are so very dangerous they can't just be quarantined, all trace of them must be destroyed (burned if you will). Now perhaps I could understand why it was confused/concerned about the books, I mean they did have scary words in the title like 'Metasploit' or 'Pen-Test'.

However, it is also now claiming that Zortam software (zmms24.exe) is Trojan:Win32/Spursint.F!cl which I assure you it isn't, I have been using this software for years, having now finally disabled automatic remediation and then been able to download and keep the file, I have run and installed it and it is not a Trojan, Malware, Virus or anything nefarious, it is MP3 tagging software and yes the ebooks are just ebooks about programming, network security, pen-testing, etc.

Should anyone else want to know how to disable the jealous and controlling (I would say borderline abusive) automatic remediation you need to run Command/PowerShell as Admin and input the following:

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f

Should you find life a little dull and want to experience some excitement and frustration at some future point you can turn on Automatic Remediation again with the following:

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /f

You may also want to change the retention time on quarantined items, since it seems to be quarantining innocent files, to extend the retention indefinitely input the following command:

Set-MpPreference -QuarantinePurgeItemsAfterDelay 0

I found this little summary on the 'threat' page, which incidentally, had absolutely no info about the threat, other than it's name, which I already had from Event Viewer (if you want to retrieve your own logs for Windows Defender they are in: Event Viewer > Applications and Service Logs > Microsoft > Windows > Windows Defender > Operational) but it did at least offer me some light amusement...


Windows Defender Antivirus uses the cloud and artificial intelligence powered by next-gen machine learning technologies to rapidly deliver protection against new and emerging malware.

This detection, made possible by cloud-based machine learning, defends against multiple types of emerging malware that perform various malicious actions on your PC.


Well I think it either needs a little more oversight, perhaps a teacher could assign some homework to nudge it back on course, or perhaps Elon Musk isn't paranoid from his recent experimentation with weed and he's actually right and AI is out to destroy us all... I mean destroying the masses access to knowledge must be pretty high up the list for overlord dictators.


For those who are bound to ask I'm using: Windows 10 Pro 64bit, fresh install on a formatted HDD which has no other anti-virus application now or ever and has no virus/malware etc (unless you count One Drive... that thing is harder to get rid of than McAffe and I never thought I would say that, well technically you can get rid of it but it just keeps coming back, like the clap, ;) when there's an update or you use Office or you weren't looking for 5 minutes, alas though that is a rant for another day and another thread ;)

I didn't really post this looking for answers... I am seriously hoping I have resolved it now, was more to share my woes and help others having similar issues, however, if some kind soul has a better solution to this issue please do share :)

Continue reading...