NTLite instantly deleted by Windows Defender for virus

[rokoyato]

As the title say, apparently there a known virus in the installer, maybe a false positive

 

[Kasual]

maybe a false positive

It is.

 

[Clanger]

Bloody defender, its happened to me before andi lost stuff
A program that deletes your stuff is a virus. Defender is a virus then.
I remove it on a lite image and disable it sharpish on a default install before it can do its vile work.

 

[nuhi]

Cannot confirm this, also after submitting to Microsoft they detect no malware.

Did you update your Definitions?

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run “MpCmdRun.exe -SignatureUpdate”

You can do it manually here, from this site.

 

[Saaglem]

Looks like a port injection trojan right outside the firewall. Routers keeps cash of most downloads for quicker reference, I suspect port cash is infected or it's DNS cash is corrupted. I might be wrong

 

[nuhi]

Looks like a port injection trojan right outside the firewall. Routers keeps cash of most downloads for quicker reference, I suspect port cash is infected or it's DNS cash is corrupted. I might be wrong

No need to complicate false negative reports, it just means this tool uses similar hacking protections like that malware did and lazy/broad scanning is the cause.
Anyway, it should be fixed with latest definitions, maybe next one, if I understood their reply correctly.

Thanks.

 

[videobruce]

I would figure M$ just flagged the program for spite.

 

[Clanger]

I would figure M$ just flagged the program for spite.

Spoiler