tools/options/do not scna these files or locations

[Dave and Rosanna]

regarding this area in the tools/options page, does it only pertain
to the "scan", or does it affect actions taken during real time protection?

How does the tools/options/allowed items get propogated?

Has MS suspended the functionality that lets users add programs of there
choice
to this area? If this is not so, how are items added there?

 

[Dave and Rosanna]

I've seen that if the scan finds something one of the options is "always
allow". OK - that's great. What happens if it finds something via one
of the real time alerts?
Is "always allow" an option then too?

Does joining up to Spynet allow more in terms of permissible responses?
Thanks for any info.

Dave

 

[Bill Sanderson]

I have to say that I'm sufficiently out of touch that I'm not sure.

One way to find out:

Go here:

http://www.eicar.org/

and click on the rectangle in the upper right corner "Anti-Malware Testfile"

Scroll down in the resulting page to see the content of the file, and a
variety of test files to download--they are all identical except for name,
and perhaps--packing, for the zip version.

You will need to turn off WIndows Defender and your antivirus to put these
files in place.

Once the files are in place, please turn these anti-malware apps back on!

You could send yourself such a file via email, perhaps--to see what happens
if you try to open it or save it to disk.

This file is absolutely safe--but all antivirus and I would assume most
antispyware apps will alarm on detection.

 

[Dave and Rosanna]

I have to say that I'm sufficiently out of touch that I'm not sure.

One way to find out:

Go here:

http://www.eicar.org/

and click on the rectangle in the upper right corner "Anti-Malware
Testfile"

Scroll down in the resulting page to see the content of the file, and a
variety of test files to download--they are all identical except for name,
and perhaps--packing, for the zip version.

You will need to turn off WIndows Defender and your antivirus to put these
files in place.

Once the files are in place, please turn these anti-malware apps back on!

You could send yourself such a file via email, perhaps--to see what
happens if you try to open it or save it to disk.

This file is absolutely safe--but all antivirus and I would assume most
antispyware apps will alarm on detection.

Bill,
did as you siggested. When WD was turned back on and I tried to "open" the
txt file,
it was detected immediately, and the only options were "remove all" or
"ignore" -
Since ignore would allow it to run, why not offer "allways allow" ?

This is something about the philosophy of the product I don't understand.
Didn't (doesn't ?) Microsoft trust the users to do this, or is this
something that only Spynet members can do ?

Perhaps I'll join Spynet and retry - I'll post back later.

Dave

PS Bill, if you received an email of this too, my apologies, I'm new to the
Outlook/News interface
and I goofed.

 

[Bill Sanderson]

No problem--the email is munged (pretty transparently, I think) so
accident's like that don't get received.

I don't think joining Spynet makes a difference. It does, however, in two
other areas:

1) there's a risk that some data sent to Microsoft will contain
PII--personally indentifying information. Microsoft pledges to protect that
information and not make any use of it to contact you.
2) you will get notifications of some events that at lower levels are just
recorded in the event logs. These may be confusing to some. You can turn
on the alerts via Options settings without joining Spynet at all, though.

Windows Defender does not allow you to choose to remove an arbitrary bit of
code you might wish to remove--typical candidates might be itunes helper, or
quicktime helper code--some folks like to kill those, but they come back
when you actually use quicktime, for example. I don't know all the
reasoning behind this, but I'm sure that Microsoft wants to be on solid
ground about things they remove--this is an anti-malware tool, not a tool to
manipulate startup location contents--there are lots of other tools for that
already.