Recently, in Windows 10 Fall Creators Update , I tried to download the file and failed, attempts to download the file with - Google chrome, Microsoft Edge and Mozilla Firefox failed because they all blocked the download of the file due to a virus that was found during the security check.
- Chrome displays a message "Error - Virus Detected"
- Microsoft Edge "[Filename] contained a virus and was removed"
- Firefox just refused to start downloading.
Quick check showed that the built-in security tool, Windows Defender Antivirus, was actually responsible for blocking the download of the file on the computer.
V in this case I was sure it was false alarm and the following paragraphs describe how I tried to upload the file to the system.
First what I did was run Windows Defender Security Center to learn more about this threat.
Open the menu "Start" by pressing the key with Windows logo, and start typing on the keyboard- Defender, in the displayed results, select the item Windows Defender Security Center.
Windows 10 virus and threat protection
V Windows Defender Security Center, click on the hamburger icon in the left upper corner to display the names of the menu sections next to the icons and select "Protection against viruses and threats".
Then press with right side per link "Scan log"... Windows Defender may be telling you that no current threats... It may look puzzling at first, but the Defender software will only show you threats that require user intervention.
Since the downloaded file has been automatically quarantined, no further action user, which, in turn, means that in fact, there are no current threats.
After clicking the link "View the full magazine", you will see a list of quarantined threats. If you're lucky, you may see the name of the virus detected by Windows Defender when it scans the download file. In the log list, the name of the downloaded file is not specified, but the date may be sufficient to find the failed download.
Clicking on the log line displays a link to restore the file or delete it. Details displays the file name, but this may not be sufficient for identification desired file as Windows Defender may display a temporary name.
If user interaction is required, you will be prompted with Options for action:
- Delete- Permanently delete the file from the system
- Quarantine- The file is moved to the Quarantine folder, access to the file is blocked.
- Allow on device- The file, in our case, will be restored in the Downloads folder and you can access it
V current version Windows Defender Security Center there are many problems in this regard. I have already mentioned the lack of details of the file to be locked, but this is just one of the problems you may encounter.
The second is the fact that the Center Windows security limits the current threats on this page to five. To view complete list you have to press "View the full log", all items saved in quarantine will be shown, but you will immediately notice that there are no buttons for deleting or restoring files there.
What you can try, if you are sure that the downloaded file is safe, is to clear history, Disable protection and retry the download.
Turn off "Real-time protection" and download the file again. Disabling system security is generally not recommended, but sometimes you have no choice but to do so. So you can disable this option for a short time, after which it will be automatically re-enabled.
Go to section "Protection against viruses and threats" → to disable "Real-time protection" and re-download the file, this time the download will complete successfully.
Add the file you just downloaded to List of exclusions You will find this setting on the Virus & Threat Protection Settings page. "Protection against viruses and threats" → "Protection against viruses and other threats" → (you cannot do this until it is loaded) and re-enable the Real-Time Protection module.
Output: The whole process of unlocking files that are blocked by Windows Defender, but which you want to download, is not very simple and somewhat confusingly complex. Why doesn't the user have the option to delete or restore files in the full scan log, why does it take multiple jumps to learn more about the threat, and why there are sometimes no threats in the main interface when locking the file - which you want to recover?
Good day.
I think many users have encountered similar warnings windows defender(as in Fig. 1), which installs and protects Windows automatically, immediately after its installation.
In this article, I would like to highlight what you can do to stop seeing these messages again. In this regard, Windows Defender is flexible enough and makes it easy to add even "potentially" dangerous software to trusted programs... So…
Rice. 1. Windows 10 Defender message about the detection of potentially dangerous programs.
As a rule, such a message always catches the user by surprise:
- the user either knows about this "gray" file and does not want to delete it, as it is needed (but the defender begins to "pester" with such messages ...);
- either the user does not know what was found viral file and what to do with it. Many generally begin to install all sorts of antiviruses and check the computer up and down.
Consider the procedure in both cases.
How to add a program to the whitelist so that there are no defender warnings
If you are using Windows 10, then it will not be difficult to view all the notifications and find the one you need - just click on the icon next to the clock ("Action Center", as in Fig. 2) and go to the desired error.
If you do not have a notification center, then you can open the defender's messages (warnings) in the panel Windows management... To do this, go to the Windows Control Panel (relevant for Windows 7, 8, 10) at: Control Panel \ System and Security \ Security and Maintenance
Then, for a specific threat detected by the defender, you can select three event scenarios (see Figure 5):
- delete: the file will be deleted completely (do this if you are sure that the file is unfamiliar to you and you do not need it. By the way, in this case, it is advisable to install an antivirus with updated databases and scan the entire PC);
- quarantine: you can send suspicious files to it, with which you are not sure what to do. Later, perhaps, you may need these files;
- allow: for those files that you are sure of the quality. Often the defender marks the files of games, some specific software as suspicious (by the way, this is the option I recommend choosing if you want no more messages about the danger of a file you are familiar with).
After the user responds to all the "threats", you should see a window similar to the following - see fig. 6.
What to do if the files in the danger message are really dangerous (and unfamiliar to you)
If you don't know what to do, find out better, and then do it (and not vice versa):) ...
1) The first thing I recommend is to select the quarantine (or delete) option in the defender and click "OK". Absolute majority dangerous files and viruses are not dangerous until they are opened and run on the computer (usually, such files are launched by the user himself). Therefore, in most cases, when suspicious file will be deleted - your data on your PC will be safe.
Many users think that good antivirus- can only be obtained for money. Today there are not very bad free analogues, which sometimes give a head start to paid promoted products.
PS
Never ignore unfamiliar warnings and messages from programs that protect your files. Otherwise, there is a risk of being left without them ...
Most users know that .exe files can be potentially dangerous, but this is not the only extension to look out for in Windows. There are a number of other extensions that can harm your system or files.
Why do I need to know what types of files can be dangerous?
Knowing the file extensions that can be potentially dangerous will help you understand how safe a file sent as an attachment to e-mail letter or downloaded from the internet. Even screensaver files can pose a threat in Windows.
When you come across such extensions, be vigilant and proceed with caution. Scan these files with your antivirus, or better yet, upload them to special service type VirusTotal to check to make sure the file is safe.
I recommend that you always install an antivirus that regularly updates its databases and works in background... But knowing the information below will help you further reduce the risks of possible infection with any malware or virus.
Why are these extensions potentially dangerous?
Extensions are classified as potentially dangerous, since they can contain code or execute arbitrary commands. The .exe format can be dangerous because it is a program that can do anything. Various media files (pictures.JPG, .PNG, music.MP3) are not dangerous, as they cannot contain the code. There are cases in a special way generated media file that can exploit a vulnerability in the application through which they are usually opened, but these are rare cases and are quickly closed by developers.
Given the above, you understand how important it is to know what types of files may contain code, scripts, and other potentially dangerous content.
Programs
.exe — executable file programs. Most of all programs on Windows have this extension.
.pif- file with information about DOS programs, their launch parameters and other settings. During DOS and early versions Windows was popular and widespread file format... Such a file can be executed as .exe if it contains executable code.
.application- xml application installer using Microsoft ClickOnce technology (Windows Forms or Windows Presentation Foundation frameworks are used)
.gadget- file of a gadget, a small application running in the side Windows panels(used in Vista and Windows 7).
.msi- a program with this extension is designed to install applications using the technology Microsoft Windows Installer.
.msp- a patch file intended for any program or update from Microsoft.
.com Is an executable file in the days of MS-DOS. They were often used as DOS utilities and drivers. They can also be executed in Windows in MS-DOS emulation mode. If you receive an e-mail with a .com attachment, then it is 100% a malefactor. Delete such a letter.
.scr- an executable file of a splash program in Windows or a screensaver. Cybercriminals often disguise various Trojans and viruses under this extension. Seeing such an extension, be doubly vigilant and check the file with an antivirus or VirusTotal.
.hta- an executable file containing html-code, possibly scripts in vbscript or jscript. Is not html page which is opened by the browser and special application, it opens system utility mshta.exe (Microsoft HTML Application Host).
.cpl- Control Panel applet. All icons in the Control Panel of your Windows are files with the extension .cpl
.msc- file element Microsoft management console, MMC (Console Microsoft management). For example, Group Policy Editor or Disk Management are .msc files.
.jar- If you have Java installed, then this extension allows you to run programs in the language Java programming... And not all of these programs are useful.
Scripts
.bat – batch file... Contains a list of commands that will be executed in the specified order at startup. They first began to be used in MS-DOS. And they are still used today.
.cmd- also a batch file. Look like .bat, but appeared a little later (in Windows NT).
.vb,.vbs- script in the scripting language VBScript. When launched, the VBScript code within the file will be executed. Essentially a simple text file that you can open with Notepad and check which code will be executed.
.vbe- encrypted VBScript. Similar to .vbs or .vb, but it's hard to say what will happen when such a file is run, what instructions are hardcoded in it.
.js- script on JavaScript... Commonly used extensively on websites on the internet.
.jse- encrypted JavaScript file.
.ws, .wsf- file Windows script(Windows Script file).
.wsc, .wsh- Windows Script Component and Windows Script Host files.
.ps1 ( and .ps1xml, .ps2, .ps2xml, .psc1, .psc2)- file extensions containing instructions for Windows PowerShell.
.msh ( and. msh1, .msh2, .mshxml, .msh1xml, .msh2xml)- the Monad script file, which was later renamed to PowerShell, mentioned just above.
Shortcuts
.scf- batch file Windows explorer... Can transfer potentially dangerous commands to the Explorer for execution.
.inf – text file to autorun the contents of the disc. Previously, it was often used by virus writers to automatic start any viruses, Trojans from a CD or a flash drive. This happened especially often with flash drives.
Miscellaneous
.reg- Editor file windows registry... It contains a list of branches and registry keys that will be added or removed when the .reg file is run. Malicious reg files can delete important information from the registry, replace it with an incorrect one, or add malicious data. The contents of the .reg file can be viewed in Notepad.
Macros
.doc, .xls and .ppt- files Word documents, Excel and PowerPoint. May contain macro viruses written in VBA ( Visual basic for Applications).
.docm, .dotm, .xlsm, .xltm, .xlam, .pptm, .potm, .ppam, .ppsm- new extensions to the documents first presented in the 2007 office. The letter M at the end of the file extension indicates that the document contains macros. For example, the file .docx does not contain macros, while .docm- contains them.
This is not an exhaustive list. There are other file types, such as .PDF, which have a number of security issues. However, most of the above file types were created in order to run code or execute commands on the OS. After all, this is just a tool, and who and how will use it and for what purposes is a question that each author of the application decides for himself.
What can you add to this list?
One of the clear signs that helps to distinguish experienced user from a beginner, this is their relationship to file extensions. The first ones can tell at a glance which file is a picture, which program, and which one is better not to open at all without first checking with an antivirus. The latter usually just do not understand what in question and what these same file extensions look like. It is for them in this article that we want to highlight that necessary minimum that they will need for safe work on a Windows computer.
What are extensions?
As Wikipedia tells us, and we have absolutely no reason to argue with her on this issue, file extension Is a sequence of characters added to the file name to identify the type (format) of the file. This is one of the common ways in which a user or software the computer can determine the type of data stored in the file.
How to see them?
By default, displaying files in Windows is disabled. The logic of the developers is not entirely clear to me, except how to protect the fragile minds of users from unnecessary (from their point of view) knowledge. In return, we get the widest security hole and users who are guided only by the file names and click on everything.
To enable the display of file extensions, open Control Panel, find the icon there Folders settings... In the window that appears on the tab View uncheck the option Hide extensions for registered file types.
Does not work? Ask your advanced computer companion.
What file extensions should you be wary of?
Theoretically serviceable antivirus program with fresh databases can greatly secure your work. But any, even the most advanced antivirus can make a mistake or fail to introduce infection into its filters. That's why additional factor protection is better to include your head armed with the necessary knowledge.
If you received a file from a suspicious source, for example by mail from a stranger, then you need to pay attention to its extension and, if it is included in the list proposed by us, then it is better not to open it, but send it to VirusTotal for verification.
Programs
- .EXE - executable program file... Most Windows programs have this extension.
- .PIF- this is special file containing information for DOS programs. Although they do not contain executable code, they can be potentially dangerous.
- .APPLICATION- Application installer using Microsoft ClickOnce technology.
- .GADGET- gadget to display on the desktop in Windows Vista and 7.
- .MSI- starts the process of installing the program on your computer.
- .MSP- installation of updates for already installed programs.
- .COM- programs for MS-DOS.
- .SCR- screensaver file.
- .HTA- web application. Unlike html applications executable in your browser can be dangerous.
- .CPL- Control Panel file. All items in the control panel have this extension.
- .MSC- Microsoft Management Console file. Applications like editor group policies and Disk Management Tool have the extension .MSC.
- .JAR- executable code for the Java environment.
Scripts
- .BAT — batch file containing a sequence of commands for your computer. Originally used in MS-DOS.
- .CMD- a batch file like .BAT, but this file extension was introduced in Windows NT
- .VB,.VBS, .VBE - VBScript file. Will execute its own VBScript code at startup.
- .JS, .JSE — JavaScript file... When used on web pages, it is relatively safe when used in a web browser. However, Windows can open these files outside the browser and this is a threat.
- .WS, .WSF, .WSC, .WSH - Windows Script files.
- .PS1, .PS1XML, .PS2, .PS2XML,.PSC1, .PSC2 Is a command script for Windows PowerShell.
- .MSH, .MSH1, .MSH2, .MSHXML,.MSH1XML, .MSH2XML- command script for Monad. Monad was later renamed PowerShell.
Shortcuts
- .SCF- batch file Windows Explorer... May contain potentially dangerous commands.
- .LNK- link to start the program. May contain attributes command line that do dangerous things like deleting files without asking.
- .INF- a text file used for automatic launch from connected media. It is often used to infect from flash drives or disks.
Rest
- .REG- Windows registry file. These files contain a list of registry entries that will be added or removed if you run them. The danger is that you can remove important information from the registry, add unwanted or harmful data to it.
Office macros
- .DOC, .XLS,.PPT- the documents Microsoft Word, Excel, PowerPoint. They may contain malicious program code macro.
- .DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM,.POTM, .PPAM, .PPSM,.SLDM- new extensions office files introduced in Office 2007. The "M" at the end of the extension indicates that the document contains macros. For example, .DOCX the file contains no macros, while the file .DOCM may contain macros.
