Windows 10 Win10 Defender Antivirus Fail

  • Thread starter Thread starter Andrew B. Painter
  • Start date Start date
A

Andrew B. Painter

Guest
A few days ago, Win10's Defender Antivirus started "detecting" viruses in files that were actually older than the viruses detected. Those files (contained in MSIs inside ISOs) were there in the filesystem for most of the last year, so it was pretty irksome by all accounts. I reported false positives to MS and got the following reply:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here:
Latest security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence

Thank you for contacting Microsoft.
Click to expand...

When attempting to run these, I got the following error:

MpCmdRun: Command Line: MpCmdRun.exe -removedefinitions -dynamicsignatures
Start Time: Sat Nov 16 2019 15:41:57

MpEnsureProcessMitigationPolicy: hr = 0x1
Start: MpRemoveDefinitions(0)
ERROR: MpRollbackSignature failed with hr=80070005
MpCmdRun: End Time: Sat Nov 16 2019 15:41:57
Click to expand...

The other command (-SignatureUpdate) worked fine, but of course the cached detections won't go away.

I've tried disabling Win10 Defender Antivirus via Group Policy Editor. No joy.

I found an identical error code report somewhere on MS Forums that suggested running dism.exe to do a checkup (it found errors) and repair (it returned a claim that the image was successfully repaired) but I still get the same error with MpCmdRun.exe.

It's not system-breaking since I can just allow the detected files. It's fairly annoying to have to retain false positives in the detection history and it's even a bit dangerous considering the user of that PC is an end-user who's fairly likely to look at the history in 6-18 months and do something like Remove or Quarantine the threat, which would definitely break software they use daily.

More...
 

Similar threads

G
I submitted a false alarm for my software . What's next?
Replies
0
Views
92
GoldenBeard
G
J
MpCmdRun.exe fails with error 0x80070005
Replies
0
Views
317
JørgenJohanson
J
D
Defender not scanning mapped drive
Replies
0
Views
104
darryl681
D
S
Windows Defender Fails to Start Event 5008
Replies
0
Views
160
spartan223193
S
C
WINDOWS DEFENDER NOT WORKING - I'VE TRIED EVERYTHING
Replies
0
Views
118
CamiLuz
C
Back
Top