Windows Defender - strange behaviour

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
agatha
Normal user
Normal user
Posts: 49
Joined: 2015-10-30 11:13

Windows Defender - strange behaviour

Post by agatha » 2020-02-04 17:42

Hello together,

I noticed a strange behaviour when using Windows Defender as external scanner.

When I use this command line: "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "%FILE%" -disableremediation"
and "return value" 2
it generally works fine. Malware is detected, it ist quite fast and - so I thought - a good addition to ClamAV.

But: In some cases attachements are detected as clean and seconds later wrongly as malware. Eg. I send "attachementxy.txt" and nothing happens. Few seconds later, this mail ist forwarded an the attachement is dedected as malware. Or a mail is sent and detected as malware, only seconds later exactly the same mail is sent from and to the same persons and the same conditions an nothing happens.

Maybe if Defender can not scan the file it is marked as malware? Does someone else have similar experiences?

Regards
Agatha

User avatar
SorenR
Senior user
Senior user
Posts: 3707
Joined: 2006-08-21 15:38
Location: Denmark

Re: Windows Defender - strange behaviour

Post by SorenR » 2020-02-04 20:42

SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

agatha
Normal user
Normal user
Posts: 49
Joined: 2015-10-30 11:13

Re: Windows Defender - strange behaviour

Post by agatha » 2020-02-05 10:31

Yes, obviously I did not search the topics good enough. Mea maxima culpa.

OK, then it is by design and for this purpose not usable.

Thank you!

Post Reply