Return to Level1Techs.com

Windows Defender just nuked my LG installation

UPDATE: Microsoft says that they have now removed the detection from the latest malware definitions.

It seems like Windows Defender just got an update that mistakes Looking Glass host (reported version: B2-rc4-0-g969effedde) for a “Wacatac” trojan or something. I’ve had the current version of LG installed for some time so this is quite clearly a Windows Defender false positive.

So beware when installing Windows updates! You might want to allowlist LG before this happens to you too.

3 Likes

If you could then please report it to MS.

Done.

It seems their system detects this as bunch of different trojans.

Silly question but how do I whitelist things in Defender again?

1 Like

For win10

Open windows security --> virus and threat protection --> virus and threat protection manage settings --> Exclusions --> add an exclusion

Or in powershell Add-MpPreference -ExclusionPath "C:\path\to\file\or\folder"
You may need tamper protection off depending on win10 version.

1 Like

occasionally you need to reboot for exclusions to be completely recognized as well; when adding new exclusions. I haven’t had defender ever drop an exclusion once it was accepted

Windows can be fun. Or defender is just special.

2 Likes

Yay! Microsoft replied and apparently they have now removed the detection from the latest malware definitions :slight_smile:

I never could have guessed that they’d actually do something about this.

5 Likes

How did you report? Glad they listened.

They have a site where you can submit samples for analysis:
https://www.microsoft.com/en-us/wdsi/filesubmission

3 Likes

I have reported this to MS over and over and over again, they say they remove it, but people still report it on versions that they removed it for. It’s an absolute joke.

1 Like

I would not wonder if they have automated the whole process for cost reasons or outsourced that to some 3rd world country, and the only way to override the systems detection is for a larger number of people to report this until the machine learning system has enough data for it to make the correct predictions.

Their algo is likely something like this

if (!microsoftApp || !onAppStore || endsInExe)
  inventVirusDetecion();
5 Likes

Part of it is they want you to authenticode sign your binaries, with a (normally) $100+ a year cert, or a couple of times that if you want the EV certs.

No way I am setting up code signing for a beta product… maybe when it gets to 1.0.

2 Likes

I though exactly the same. I am totally not in the Microsoft ecosystem but if you have a stable version, how hard would it be to put that in the MS Store. Since I also firmly believe everything in there gets and immediate exception from the MS Defender.

It is a racket. For a while, there were three companies that could create the certs, and one of them was at least partially owned by Microsoft.

moot point until LG hits 1.0, and even then it likely woudn’t be accepted as it wants elevated system access, etc.

Doesn’t surprise me in the least.

I wanted to proactively create an exclusion for LG. I am using B2-rc4 (with the installer file). Can you give me more specific instructions here how I would create an exclusion for that? I am not even sure if I need to create an exclusion for a file and if so which one, or a process.

The default install folder is C:\Program Files\Looking Glass (host). I hope just adding an exclusion for that folder would be fine. I have never had Looking Glass trigger windows defender at all, not even if I scan the binary specifically, so someone else would have to make sure it works.

1 Like

I should have come up with a simple solution like that myself! In my defense it is quite late :tired_face:. Thank you. I wanted to avoid not being able to use my VM when I need it. Windows has the habit of refusing to work when you really, really need it.