Page 1 of 1

Windows Defender vulnerable: race condition fails to resolve

Posted: Sun Dec 11, 2016 4:32 am
by 3ICE
False positive detection of harmless Nirsoft tool. Source code available here: http://www.nirsoft.net/utils/asterie.html

In my attempts to overrule the virus alert and run the application despite many complaints from the stubborn antivirus, I've ran into a race condition. The "virus" executable remains in the folder where I've put it, but with "access denied" when trying to run it.

Defender is stuck in "Restart your PC to clear this threat" mode, even after I've restored the "virus" from quarantine, allowed the item (added an exception for it), etc.

I can run asterie.exe just fine, no reboot yet.

Updates will be posted here: http://forum.3ice.hu/viewtopic.php?f=15&t=943