to be or not be or allowed or not allowed

[Guest]

Hello Microsoft,

Why is it that some of your services and running programs as windows
defender beta2 marks them as delivered by the operation system still not been
recognized as an allowed product. Does Microsoft overlooked something of its
own operating system. A mistake can be made with third party software, but
overseen your own running services in the classifying process is like a
butcher who does not know what he is selling to his customers.

 

[Guest]

Hello Microsoft,

With other words how trustfull is windows defender beta2 in classifying and
intercepting of spyware and other malware with the first message in mind.

 

[Joe Faulhaber[MSFT]]

Hi Jan,

Many processes that start with binaries that ship with the OS load 3rd party
code. This is probably what causes your confusion. For example, Internet
Explorer ships with the operating system, but if it loads code that Windows
Defender hasn't recognized, it gets marked as Not Yet Classified. It's
possible to get all processes on the system loaded with Not classified or
threat classification, actually.

Which processes are you looking at, specifically?


Which processes/files are you seeing as marked as un

 

[Guest]

Hi Joe,

I can give more examples of this windows defender beta2 behaviour.
I saw this also in previous betas.
Am i grazy. Give your light on this topic
They are all digtally signed by microsoft as you can see.

examples taken with the help of the process explorer that comes with windows
defender beta2.

example 1

File Name: svchost.exe
Display Name: Microsoft Generic Host Process for Win32 Services
Description: Generic Host Process for Win32 Services
Publisher: Microsoft Corporation
Digitally Signed By: Microsoft Windows Verification Intermediate PCA
File Type: Toepassing
Auto Start: No
File Path: C:\WINDOWS\system32\svchost.exe
File Size: 14336 Bytes
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Installed: 1-1-2005 10:12:30
Process ID: 1456
User Name: NT AUTHORITY\Netwerkservice
Services: Remote Procedure Call (RPC)
Classification: Not yet classified
Ships With OS: Yes
SpyNet Voting: Not Available

example 2

File Name: svchost.exe
Display Name: Microsoft Generic Host Process for Win32 Services
Description: Generic Host Process for Win32 Services
Publisher: Microsoft Corporation
Digitally Signed By: Microsoft Windows Verification Intermediate PCA
File Type: Toepassing
Auto Start: No
File Path: C:\WINDOWS\system32\svchost.exe
File Size: 14336 Bytes
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Installed: 1-1-2005 10:12:30
Process ID: 592
User Name: NT AUTHORITY\Lokale service
Services: TCP/IP NetBIOS Helper, SSDP Discovery-service, WebClient
Classification: Not yet classified
Ships With OS: Yes
SpyNet Voting: Not Available


example 3


File Name: svchost.exe
Display Name: Microsoft Generic Host Process for Win32 Services
Description: Generic Host Process for Win32 Services
Publisher: Microsoft Corporation
Digitally Signed By: Microsoft Windows Verification Intermediate PCA
File Type: Toepassing
Auto Start: No
File Path: C:\WINDOWS\system32\svchost.exe
File Size: 14336 Bytes
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Installed: 1-1-2005 10:12:30
Process ID: 424
User Name: NT AUTHORITY\Netwerkservice
Services: DNS Client
Classification: Not yet classified
Ships With OS: Yes
SpyNet Voting: Not Available

With regards,
Jan

 

[Guest]

Hello Microsoft,

Knock, knock, Is there somebody out their.

If i'am making the wrong conclusions then display the underlying source
code of the item loaded which could not been classified.
Otherwise this information says nothing and can better been removed as an
option
in windows defender. inaccurate information will misleading customers,
especially
home users. Windows Defender beta2 behaves as Bill Gates glasses.

With regards,
Jan