Win10 Windows Defender wrong blocking .exe as trojan

%3CLINGO-SUB%20id%3D%22lingo-sub-1934603%22%20slang%3D%22en-US%22%3EWin10%20Windows%20Defender%20wrong%20blocking%20.exe%20as%20trojan%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1934603%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20created%20a%20.exe%20which%20is%20downloaded%20from%20a%20web%20site%20and%20even%20if%20it%20is%20well%20signed%20Windows%20Defender%20is%20blocking%20it%20as%20a%20virus%20%2F%20trojan.%20This%20.exe%20is%20just%20a%20new%20version%20of%20a%20software%20which%20lives%20in%20our%20web%20site%20for%20several%20years%20ago.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20i%20contact%20MS%20support%20to%20check%20that%20it%20is%20not%20a%20threat%20and%26nbsp%3B%20whitelist%20it%3F%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1937754%22%20slang%3D%22en-US%22%3ERe%3A%20Win10%20Windows%20Defender%20wrong%20blocking%20.exe%20as%20trojan%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1937754%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F882811%22%20target%3D%22_blank%22%3E%40torresc12%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20the%20name%20of%20the%20malware%3F%3C%2FP%3E%3CP%3EYou%20may%20try%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fwdsi%2Ffilesubmission%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESubmit%20a%20file%20for%20malware%20analysis%20-%20Microsoft%20Security%20Intelligence%3C%2FA%3E%26nbsp%3Band%20make%20sure%20select%20this%20file%20is%20safe%20and%20under%20comment%2C%20add%20details.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1939951%22%20slang%3D%22en-US%22%3ERe%3A%20Win10%20Windows%20Defender%20wrong%20blocking%20.exe%20as%20trojan%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1939951%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20very%20much%20for%20your%20answer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20name%20of%20the%20software%20is%20%22t2ws.exe%22.%3C%2FP%3E%3CP%3EIn%20fact%20I%20already%20uploaded%20it%20to%20MS%20Security%20Intelligence%2C%20but%20their%20answer%20was%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3CEM%3E%3CSTRONG%3EAnalyst%20comments%3A%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%3CDIV%20class%3D%22c-content-toggle%22%3E%3CP%20class%3D%22%22%3E%3CEM%3EThe%20submitted%20files%20do%20not%20meet%20our%20criteria%20for%20detection.%20No%20detection%20will%20be%20added%20for%20these%20files%3C%2FEM%3E.%22%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3EIt%20is%20detected%20as%20a%20Trojan%3AMSIL%2FMasslogger.VN!MTB%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3EBut%20this%20is%20a%20software%20which%20is%20in%20placed%20on%20our%20web%20site%20for%20years%2C%20this%20is%20just%20a%20new%20version%20and%20our%20users%20are%20ok%20with%20it.%20It%20is%20a%20wrong%20Trojan%20detection%20by%20MS.%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3EHow%20could%20I%20progress%20on%20that%3F%3C%2FP%3E%3CP%20class%3D%22%22%3EThanks!%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello,

 

We created a .exe which is downloaded from a web site and even if it is well signed Windows Defender is blocking it as a virus / trojan. This .exe is just a new version of a software which lives in our web site for several years ago. 

 

How can i contact MS support to check that it is not a threat and  whitelist it?

Thanks!

6 Replies

@torresc12 

What is the name of the malware?

You may try Submit a file for malware analysis - Microsoft Security Intelligence and make sure select this file is safe and under comment, add details.

Hello @Reza_Ameri-Archived ,

 

Thanks very much for your answer.

 

The name of the software is "t2ws.exe".

In fact I already uploaded it to MS Security Intelligence, but their answer was:

 

"Analyst comments:

The submitted files do not meet our criteria for detection. No detection will be added for these files."

 

It is detected as a Trojan:MSIL/Masslogger.VN!MTB

 

But this is a software which is in placed on our web site for years, this is just a new version and our users are ok with it. It is a wrong Trojan detection by MS.

 

How could I progress on that?

Thanks!

 

@torresc12 

Try update Windows Defender and run scan again and see whether it is still being detected?

If yes, try contact Microsoft Support.

@Reza_Ameri-Archived Thanks for your reply!

 

In fact after the update it is the same scenario: Windows defender blocks it as a troyan

 

What do you mean by Microsoft Support? There are many... it's difficult to contact the right team

 

@torresc12 

You could contact Microsoft Support using Contact Us - Microsoft Support and share your issue so supper agent could direct you to the right team.

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE