stapp Posted March 27, 2020 Report Share Posted March 27, 2020 Win 10 1909 with all updates. Updated beta enabled 10048 to 10065 without issue. Did a malware scan and again Defender caught eicar first (debug logs and screenie attached) There is no trace of eicar on machine now even though I selected for Defender to allow it. Can confirm that right-click delete now works on EEK folder using Win10 Downloaded and installed EEK again. I noticed in Forensics that it says ''detect pups has been changed to enabled'' It didn't ask me about that!! Logs.zip Link to comment Share on other sites More sharing options...
Frank H Posted March 27, 2020 Report Share Posted March 27, 2020 if you test this again with defender disabled eek will detect eicar. Realtime protection (like Windef, EAM etc) usually use mini filter drivers. EEK doesn't use a file system mini filter to do file I/O. It just opens a file. And ANY file system mini filter gets to check out the file first.This is why Defender and other realtime protection always detect files first. Link to comment Share on other sites More sharing options...
stapp Posted March 27, 2020 Author Report Share Posted March 27, 2020 20 minutes ago, Frank H said: if you test this again with defender disabled eek will detect eicar. Realtime protection (like Windef, EAM etc) usually use mini filter drivers. EEK doesn't use a file system mini filter to do file I/O. It just opens a file. And ANY file system mini filter gets to check out the file first.This is why Defender and other realtime protection always detect files first. Thanks for the explanation Frank. Link to comment Share on other sites More sharing options...
stapp Posted April 1, 2020 Author Report Share Posted April 1, 2020 Frank I just did some more scans to troubleshoot this https://support.emsisoft.com/topic/33034-emsisoft-emergency-kit-prevents-usb-from-ejecting/ and EEK caught eicar this time even though Defender is turned on. In fact I did 3 scans and each time EEK won the race So how did that happen if Defender is supposed to catch it first ? Link to comment Share on other sites More sharing options...
Frank H Posted April 1, 2020 Report Share Posted April 1, 2020 didn't you tell Defender to ignore that file ? maybe you could check the defender exclusions list. Link to comment Share on other sites More sharing options...
stapp Posted April 1, 2020 Author Report Share Posted April 1, 2020 39 minutes ago, Frank H said: didn't you tell Defender to ignore that file ? maybe you could check the defender exclusions list. Ah yes I did I forgot about that as I had downloaded and run a new version of EEK to test the usb thing. Link to comment Share on other sites More sharing options...
Recommended Posts