I would try and get a NEW clean copy of this file tat you are having issues with.

What kind of file is it?

 

Thanks but that's not an answer to how to get folders and files listed in the exclusions list to actually be excluded.

Until now, excluding it in every version of Windows Defender has worked, Windows 7 and up.

 

I would suspect from what you say that whilst you have entered the folder where the file is, it is not actually the location of the file that Defender deletes
This of course depends on the actual file defender is deleting and the location of the file that defender is deleting

Have you checked the threat history in defender

1. Open Windows Security.
2. Click Virus & threat protection and then click Threat History.
3. Under Quarantined threats, click See full history.
4. Click an item you want to keep, then click Restore. (If you prefer to remove the item, you can click Remove.)

CHECK there to see the exact file and its location that has been quarantined

Rather than setting an exclusion for a folder UNLESS that folder contains ONLY that file and others relating to the app to which the file appertains, it is better to set a file exclusion

 

I don't know how I could have missed it as Defender requires that folder. Since it still deleted the so-called protected folder, I decided to exclude its parent folder, which is E:\Original. Every folder below Original should be excluded recursively. It's too simple a path to get wrong.

Yes, I did check the threat history and the history shows Defender is obviously ignoring exclusions.

 

Alex Ethridge

My colleague posted and with respect - for you to simply reply that is not an answer is NOT helpful to people trying to assist you
It is an answer - because what type of file it is - is extremely relevant
and had my colleague not have asked - before I posted - I would have asked the SAME question

The second suggestion made to try a new known good copy of the file is, although you MAY NOT know this, also good practice, as it ensures the correctness, or should do of all the properties of the file and its hash.

The above may sound a little out of order, but it is no use asking for help and then simply dismissing the advice you are given

 

This is a Windows Defender problem and the type of file I want to protect is irrelevant. However, it is an EXE file that sets up a small program. It is an old proprietary inventory tracking and invoicing program written by a local person now deceased. The copy I have is the latest edition which because it is irreplaceable, I burned it to three CDs which I check and update every couple of years. The copy I have is a good copy as it runs fine on my new Windows 10 installation of this week.

 

Having an infected file around can and will infect others even if you have it protected.
A different file may be infected and is continue to create this one that defender is finding and removing.
I do not us any method of excluding any file or folder from any system protection.
It can be very harmful to your system.

 

Having an infected file around can and will infect others even if you have it protected.
A different file may be infected and is continue to create this one that defender is finding and removing.
I do not us any method of excluding any file or folder from any system protection.
It can be very harmful to your system.

This happens too often in too many forums. Contributors who don't know the solution simply go off topic.

The very specific topic is Windows Defender is ignoring the exclusion list and how to stop this failure.

And by the way, I ran Norton Antivirus, Kaspersky, Trend Micro and McAfee on previous systems and they never hit on this program and neither does Windows Defender on my desktop, which has no exclusions, hit on it. But the laptop will nail it across the network when I access it on the desktop computer from the laptop.

 

Good luck with it
I will leave the issue with you

 

In case someone else runs across this, Windows started an update when shutting down this morning and finished some hours later when I turned it back on. Since then, Defender seems to be observing exclusions.

However, just as a test, I tried to copy the program from a flash drive to the excluded folder and Defender nailed it as soon as I right-clicked to start the copy. I had to temporarily disable it to do the copy.

 

Hi Alex, Does Windows Defender detect it after you disable it temporarily? If so you might want to try a different protection like Kaspersky or McAfee instead of windows defender. You can disable it permanently and use only one of the two security centers mentioned. I personally do not think Windows Defender is a sufficient security protection as it leaves your pc vulnerable to various threats while detecting too many false positives. Free protection is free for a reason. That reason is that it does very little to protect your system. A good security center is a paid version because you get full protection. Some are better than others depending on the paid version you select. kaspersky has been known to be bulletproof. My personal opinion would be to pick Kaspersky over McAfee. As to reason, Kaspersky has better detection rates than McAfee and is less likely to focus on false positives and more likely to detect a realistic threat and not just the easy stuff.

If you decide to use one of the commercialized protections, please do not install both because they contain firewalls that will conflict and disable the other's controls which will cause system instability, lockups and system crashes.

 

Professionalgirl
For your information and for the benefit of anyone reading the topic may I point out the following

1. The problem whatever was causing it in the first place when Defender would not acknowledge the set conclusion IS SOLVED and so marked by the thread starter - as per post 12 - on Saturday

In case someone else runs across this, Windows started an update when shutting down this morning and finished some hours later when I turned it back on. Since then, Defender seems to be observing exclusions.

2. The second part of that post 12

However, just as a test, I tried to copy the program from a flash drive to the excluded folder and Defender nailed it as soon as I right-clicked to start the copy. I had to temporarily disable it to do the copy.

is the standard and correct behaviour of Defender.

Hi Alex, Does Windows Defender detect it after you disable it temporarily?

as Alex said - he temporarily disabled Defender to make the copy..

3.If you exclude a folder, or a file, or indeed a process, then that exclusion is for the FILE, PROCESS or Folder and its contents, as it EXISTS when you exclude it.
Generally speaking without getting too technical, as there is more detail to this, than posted here.
Exclusions apply to both real time protection and scanning.

4. If you, having excluded a file, whether that be by file name itself or a file in a folder by excluding the folder, sub folders within and all files within the folder and subfolders, then that exclusion does not apply when you then attempt to COPY a program and therefore its files - from a flash pen to the excluded folder.
It would be IMHO most unsatisfactory if it did still apply the exclusion, therefore Defender still protects exclusions from having contents altered by copying.
Defender of course does not know how or why the contents are being changed.

5. Re this

I personally do not think Windows Defender is a sufficient security protection as it leaves your pc vulnerable to various threats while detecting too many false positives. Free protection is free for a reason. That reason is that it does very little to protect your system

You are of course perfectly entitled to your opinion and I have always said that the choice of a AV/Malware detection/prevention app, must be the choice of the users.
That said it is now more or less commonly acknowledged that Windows Defender as included with 10, is the apparent best choice for 10
It is 100% compatible with 10
100% of the time
This has shown, without any doubt, to be the over riding advantage with Defender
That is, also most certainly not something that can be said of many if not all 3rd party such programs
Most of them work fine at first and then start to produce problems, after a version update to 10, or indeed after the larger security updates.

Finally Windows Defender has scored highly in independent tests

https://www.trustedreviews.com/reviews/microsoft-windows-defender

https://www.pcworld.com/article/3434097/why-you-can-stop-paying-for-antivirus-software.html

https://docs.microsoft.com/en-us/windows/security/threat-protection/

https://docs.microsoft.com/en-us/wi...lligence/top-scoring-industry-antivirus-tests

 

Hi Macboatmaster, There appears to be a misunderstanding. I meant to ask the user if Windows Defender picks up the file again after Windows Defender is enabled. Meaning, Does the problem repeat itself?

I also am not suggesting that a user must use Kaspersky or McAfee. I was simply stating my personal opinion and am not in any way forcing the user to use the protection that I may use.

 

Hi Macboatmaster, There appears to be a misunderstanding. I meant to ask the user if Windows Defender picks up the file again after Windows Defender is enabled. Meaning, Does the problem repeat itself?

The process is that I temporarily disable Defender, copy the false-positive file to the excluded folder, re-enable Defender and the file is then safe from Defender's false-positive hits.

I also am not suggesting that a user must use Kaspersky or McAfee. I was simply stating my personal opinion and am not in any way forcing the user to use the protection that I may use.

I have been working in a limited area of IT for twenty-five years. That area is computer and network troubleshooting on Windows computers, setting up as bullet-proof as I know how, automated backup systems and maintaining them by remote. I also dd data recovery and virus and malware removal but my abilities are not as good as those who specialize in that area. Having said that, I have experience with many brands of antivirus and have found a common problem among all of them and that is they cause unexpected and unwanted results from time to time. They actually sometimes block certain program functions, including desired network traffic.

I've used Microsoft's antivirus in its various iterations since shortly after its release, recommended it to all my customers and set it up on many systems.

In all the years I've used Defender, I can't recall a false positive like this one so this is a first. I have had other false positives like one I remember on some network probing tools but I was forewarned by the developer that I might have to disable my antivirus when I run it.

Hint: Personally, I try to remember to couch my knowledge and advice in terms of my personal observations and experience.

 

Hi Alex, I am happy to know that your issue was resolved!

I would also like to note that even though I specialise in the areas that you suggested, I have difficulties retaining the information that I was trained for. I repetitively worked on simulated TestOut Labs troubleshooting realistic like scenario's and I still need a memory refresher. There is a bulk of information that absolutely no one could possibly remember all of it.

I also document the solution when I help a user solve a problem on their operating system or network connectivity, so I can use it again the next time a user has a similar problem.

 

I have so many such notes I can count them only one way, right-click the folder and select Properties so I am with you on that. I also got an app for my phone that records tech support calls. A lot of my notes are made from listening to those calls and writing down the important stuff.

I was looking at those notes just yesterday and it appears about three-quarters of them are obsolete.

I know the feeling.