Windows Defender notification, took action against threat....but there's nothing there?

[Bitter]

This has been going on for a couple weeks now. It says it took action on a threat, I check the thread notifications, there's nothing there and nothing in event viewer either. Suggestions? Just Windows being Windows and buggy?

 

[Tieox]

I'd run through with MalwareBytes, and a second opinion run with ADWCleaner. 

[Bitter]

23 minutes ago, Tieox said:

I'd run through with MalwareBytes, and a second opinion run with ADWCleaner. 

I'll give it a run tomorrow at work, it's the PC out in the shop that we use. We don't do anything or go anywhere weird and rarely download any files to it.  The only notifications are for the restricted folder access permissions from over a month ago when I tightened up Windows Defender settings more.

[Bitter]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/6/21
Scan Time: 8:33 AM
Log File: 9adae274-ae6f-11eb-af62-20256409b6c9.json

-Software Information-
Version: 4.3.3.116
Components Version: 1.0.1292
Update Package Version: 1.0.40175
License: Trial

-System Information-
OS: Windows 10 (Build 19042.964)
CPU: x64
File System: NTFS
User: SHOP-PC\Shop

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 275211
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

Clean according to that. I have the event viewer logs for the last two days as well, but that's like 4000 things lol.

[Mark Kaine]

Btw if your mwb scan takes 1 minute youre doing something wrong. you need to use *full scan* if you have several drives for each of them, theres no rule that viruses are somehow only allowed to install on the main drive.

 

So yeah, a proper scan will take several hours.

 

 

Also whatever defender found should be in "threat history" btw. 

 

 

[Bitter]

2 minutes ago, Mark Kaine said:

Btw if your mwb scan takes 1 minute youre doing something wrong. you need to use *full scan* if you have several drives for each of them, theres no rule that viruses are somehow only allowed to install on the main drive.

 

So yeah, a proper scan will take several hours.

 

 

Also whatever defender found should be in "threat history" btw. 

 

 

It took about 20 minutes to run I think, there's not much on the PC besides Windows 10 and Chrome browser and some PDF's and pictures related to work.

 

Yeah, there's nothing in threat history except some applications that were blocked by restricted folder access and then allowed manually when I turned on ransomware protection over a month back. If I go to the exact time in event viewer it says it acted on something there's nothing there but some logon activity. Take a look for yourself, I don't see anything that looks like a detection or action on a threat. It's also odd that this has been happening at every boot for the past couple weeks and there's been nothing in the logs or threat history during that time span.

Events-Security.evtx

[Mark Kaine]

4 minutes ago, Bitter said:

It took about 20 minutes to run I think

but ... 

29 minutes ago, Bitter said:

Time Elapsed: 1 min, 25 sec

 

 

You really need to use *full scan*  i mean 20 minutes would be possible if there isnt much to scan, but that doesnt line up with what you posted?

 

 

7 minutes ago, Bitter said:

Yeah, there's nothing in threat history except some applications that were blocked by restricted folder access and then allowed manually when I turned on ransomware protection

Ok, im not really familiar with this, it could be either one of these causing this message though . 

 

 

What was it that you allowed?

[Bitter]

31 minutes ago, Mark Kaine said:

but ... 

 

 

You really need to use *full scan*  i mean 20 minutes would be possible if there isnt much to scan, but that doesnt line up with what you posted?

 

 

Ok, im not really familiar with this, it could be either one of these causing this message though . 

 

 

What was it that you allowed?

I know it took longer than 1:25, I was trying to use the computer during that 20 minute time span and it was exceptionally sluggish.

 

Allowed Chrome browser, the shop management software, some windows processes that needed access to the folders restricted by ransomeware protection from windows defender. Only about 4 or 5 things needed authorization, we don't do much on the PC but it does handle client information so I just wanted to make sure this was an error in Windows Defender. I've also enabled Core Isolation since it is supported on this PC.

[Bitter]

It's back after being gone for a while.

Says took action, nothing in protection history. Anyone else got some ideas? Other logs to look at? Event Viewer maybe?