Okay. I selected DENY and then ran a WinDef Scan and got the False Positive
again (I am glad I did not select PERMIT!). Then I got the WinUpdate notice
that there were 5 updates ready. I selected 4 and left the WinDef 1.53.228.0
unchecked. After the 4 other updates were installed, configured, and after
the Restart, I installed the WinDef Update .228.0 with an automatic Restore
Point (so is would have a separate RS from the other 4 updates, in case there
were problems with WinDef update). After a Scan, the .228.0 update removed
the False Positive inherent within 1.53.256.0.
The irony is I was having trouble accessing the Internet with similar
results stated in the False Positive Host error. Coincidence!
In the future, instead of jumping to click on CLEAN, I am going to click on
IGNORE or simply close WinDef (as I most often do not use it except to keep
it updated since I use Norton IS), check here first to get info, and then go
from there.
Lesson Learned: False Positives Happen with MS Windows Defender.
Thanks go to Tim who posted on the Announcements section of this Newsgroup
for spotting the False Positive.
"RonKa" wrote:
> From info in the Announcements Section, this appears to be a False Positive.
> I performed the CLEAN and now I am left with the choice to PERMIT or DENY the
> ACTION. On the Review Changes to your computer settings line of WD it
> states: "Permit changes only if you trust the program or the software
> publisher. (And Importantly) Windows Defender can't undo changes you
> permit."
>
> Detected changes: Removed: 127.0.0.1 localhost
>
> Therefore, I am not sure what to do first. Permit or Deny or update with
> the WD fix (update) out today.
>
> Question to those who understand the CLEAN function: Should I DENY the
> change?
>
> I just ran 'Norton IS' for 1h10 minutes and it did not find a problem.
>
> Buck: I suggest that you hang tight and do not perform the CLEAN.
>
>
> "Buck" wrote:
>
> > Please help. Defender is telling us that our Hosts file is a possible Hijack
> > situation:
> >
> > SettingsModifier:Win32/PossibleHostsFileHijack
> >
> > Defender suggests the action "Clean". No idea what to do. Windows Help file
> > has no reference to an action named "Clean", there are no results when
> > searching for "clean" at the Defender forums at MS, and there is no mention
> > of an action named "Clean" anywhere in Defender documentation at MS. But
> > clicking on actions reveals only the following 4 choices: Clean, Ignore,
> > Remove, Quarantine
> >
> > Resources File is listed as:
> > c:\windows\system32\drivers\etc\hosts
> >
> > There is no other information listed on the Scan Results page.
> >
> > What does "Clean" mean and is this a real threat?
> >
|
Similar Threads
