Page 1 of 1

Windows Defender - strange behaviour

Posted: 2020-02-04 17:42
by agatha
Hello together,

I noticed a strange behaviour when using Windows Defender as external scanner.

When I use this command line: "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "%FILE%" -disableremediation"
and "return value" 2
it generally works fine. Malware is detected, it ist quite fast and - so I thought - a good addition to ClamAV.

But: In some cases attachements are detected as clean and seconds later wrongly as malware. Eg. I send "attachementxy.txt" and nothing happens. Few seconds later, this mail ist forwarded an the attachement is dedected as malware. Or a mail is sent and detected as malware, only seconds later exactly the same mail is sent from and to the same persons and the same conditions an nothing happens.

Maybe if Defender can not scan the file it is marked as malware? Does someone else have similar experiences?

Regards
Agatha

Re: Windows Defender - strange behaviour

Posted: 2020-02-04 20:42
by SorenR

Re: Windows Defender - strange behaviour

Posted: 2020-02-05 10:31
by agatha
Yes, obviously I did not search the topics good enough. Mea maxima culpa.

OK, then it is by design and for this purpose not usable.

Thank you!