Unwanted Flag for "TrojanDownloader:O97M/BITSAbuse.C"

  • Thread starter Thread starter Rez1458
  • Start date Start date
R

Rez1458

Guest
Unable to deal with Defender flagging BITS.


System Specs and code snip appended.


A while ago I was trying to use BITS in Excel VBA to download files from my investment service provider's database. I have weekly backups of my Excel VBA xlsm files dating back many months that are all of a sudden being flagged by Windows Defender just for having the word 'BITS Admin' in commented-out VBA lines and maybe the procedure title of BITS_Admin. As a work around, I updated my most current working VBA xlsm by changing BITS to BEEETS, just so I could run the rest of my 1000's of line of VBA for my weekly investing.


I don't want to ignore when I get a warning from Widows Defender, but since I have a constant warning icon in the system tray with all these false flags I wanted to shut them up so I could notice if something real comes along. To shut up Defender on all these false flags the only option I could see was to select "Allow on device" (other choices were Remove and Quarantine). Now, instead of allowing that specific file as I had hoped, Defender is allowing all BITS threats through. Obviously this is dangerous and unacceptable, so I undid that and am back to false flags drowning out any real malware signals.


I don't want to edit a ton of backup files from BITS to BEEETS. How to I allow certain limited cases of BITS Admin (see below) to exist in my xlsm VBA backups? In the same vein, how could I sign / authorize / set permissions / allow / etc. for my VBA xlsm so that I can legitimately run my authorized instances of BITS but not let any other instances, e.g. from bad actors, to run?


System:

Windows 10 Professional Version 10.0.18362.900

Defender Secutiry Intelligence Version 1.319.542.0 (problematic BITS detection started well before this version though)


Dell Optiplex 7040

Intel Q170 chipset

DIMM 8GB 2133, 2Rx8, 4GB DDR4, S 32 GB max

Skylake Gen6 i5-6500T, 2.5 CPU


This is the procedure Defender is currently tripping on in my historical files:

Sub BITS_Admin()
'Try with Windows Defender disabled -- there has got to be a way to allow my own code to run
'BITS Admin = Background Intelligent Transfer Service Administration Utility
'Windows Command Line Utility
'C:\Users\ssttr>bits admin /? NOTE: proper syntax requires removeal of space between bits and admin;
' the space is an anti-virus workaround that trips on the concatenated word
'Download from URL to local path via CMD
End Sub

More...
 
Back
Top