Recommended Posts

Win 10 1909  with all updates.

Updated beta enabled 10048 to 10065 without issue.

Did a malware scan and again Defender caught eicar first (debug logs and screenie attached) There is no trace of eicar on machine now even though I selected for Defender to allow it.2043100445_Annotation2020-03-27061011.jpg.d29f879040e76c08d7426508d3639ab4.jpg
Download Image

Can confirm that right-click delete now works on EEK folder using Win10 :thumbs:

Downloaded and installed EEK again. I noticed in Forensics that it says ''detect pups has been changed to enabled'' It didn't ask me about that!!

 

Logs.zip

Share this post


Link to post
Share on other sites

if you test this again with defender disabled eek will detect eicar.

Realtime protection (like Windef, EAM etc) usually use mini filter drivers.

EEK doesn't use a file system mini filter to do file I/O. It just opens a file. 
And ANY file system mini filter gets to check out the file first.This is why Defender and other realtime protection always detect files first.

 

Share this post


Link to post
Share on other sites
20 minutes ago, Frank H said:

if you test this again with defender disabled eek will detect eicar.

Realtime protection (like Windef, EAM etc) usually use mini filter drivers.

EEK doesn't use a file system mini filter to do file I/O. It just opens a file. 
And ANY file system mini filter gets to check out the file first.This is why Defender and other realtime protection always detect files first.

 

Thanks for the explanation Frank.

Share this post


Link to post
Share on other sites

didn't you tell Defender to ignore that file ? maybe you could check the defender exclusions list.

Share this post


Link to post
Share on other sites
39 minutes ago, Frank H said:

didn't you tell Defender to ignore that file ? maybe you could check the defender exclusions list.

Ah yes I did :)

I forgot about that as I had downloaded and run a new version of EEK to test the usb thing.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.