Defender shows virus in allowed list and will not delete. RRS feed

  • Question

  • So I have a computer with a scan ran on it. shows a virus in allowed list, I cannot check the check box, if i click remove all nothing happens. Have ran Ccleaner and disk clean to remove temp files. Have ran MBAM and eset online scanner. Ran defender in safe mode, tired remove all in safe mode and no go. Nothing seems to let me remove this. I also checked in windows 10 settings and exceptions but it is not listed in there. At a total loss on what to do. I have domain admin rights so no issue with privileges to remove it. Thanks for any help. Also we are on 1511, win 10 enterprise, build 10240. cant upgrade to 1607 until we upgrade our systems center.

    Edit: tried to post screen shot but I guess I am not verified so sorry I cant do that.

    • Edited by ITTom2.0 Thursday, November 17, 2016 9:30 PM
    Thursday, November 17, 2016 9:29 PM

All replies

  • No one program can be relied upon to detect and remove all malware. Added that often easy to detect malware is often accompanied by a much harder to detect and remove payload. So its better to be overly thorough now than to pay the high price later. Check with these to an extreme overkill point.

    How do I find and remove a virus?

    TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN it will show any infections in the report after running - if it will not run change the name from tdsskiller.exe to Whether it finds anything or not does not mean you should not check with the other methods below.

    Microsoft Safety Scanner

    Malwarebytes - free

    SuperAntiSpyware Portable Scanner - Free


    Hitman Pro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.).

    What is Windows Defender Offline?

    Windows Defender Offline system requirements


    If needed here are some online free scanners to help


    Other Free online scans

    Rob Brown - Microsoft MVP - Windows and Devices for IT - Windows Insider MVP : Bicycle - Mark Twain said it right.

    Friday, November 18, 2016 12:39 AM
  • Well use default software & do not run multiple types doing the same thing,it only creates conflicts.Microsoft has

    malware/virus protection software.Its called: Microsoft support emegency response tool v1.231.2187.0

    its listed as malware protection,it runs with default malware OS software,maybe more options are available to

    delete a virus,also,one must have administrative user rights to install/edit software,uninstall parental user software

    Friday, November 18, 2016 3:05 AM
  • Multiple scans found minor things like cookies etc but defender still shows the same thing in the allowed list.
    Monday, November 21, 2016 3:38 PM
  • Are sure what it is allowing is an actual virus? Sounds like a known false positive to me.

    What is it showing - name and explanation.

    Rob Brown - Microsoft MVP - Windows and Devices for IT - Windows Insider MVP : Bicycle - Mark Twain said it right.

    Tuesday, November 22, 2016 5:11 AM
  • Hi,

    Would you mind to share the screenshot of the issue you encountered for clarification of your issue?

    What's the name of the virus?

    If you just would like to remove the allowed items in Defender, in Windows 10, we can try following settings:

    Settings -> Update & Security -> Windows Defender -> Exclusions (Add an exclusions)

    Highlight the items you would like to remove and click remove:

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, November 23, 2016 8:56 AM
  • So this is what it shows. Also as said in the original post it doesnt show up in settings> exclusions. In fact all of my exclusions are policy based from us and cannot be removed. There are none that dont belong.

    • Edited by ITTom2.0 Wednesday, November 23, 2016 7:57 PM
    Wednesday, November 23, 2016 7:56 PM
  • We can't read the actual file name.

    I have 3 in my Allowed Items - clicked Remove All and they are gone from the list.

    Since it is in Allowed items and was not detected by the other scanners I bet it was a False Positive and is actually not malware. Or it is in an area that you do not have access to if you are not a Full Admin on the system.

    What do you have in Settings - Updates and Security - Windows Defender - Exclusions - Add an exclusion?
    Or Windows Defender - Settings - Exclusions - Add an exclusion <-- same place as above.

    Also could be the file has actually been removed from the system.

    Rob Brown - Microsoft MVP - Windows and Devices for IT - Windows Insider MVP : Bicycle - Mark Twain said it right.

    Wednesday, November 23, 2016 10:37 PM
  • This is all the info that defender gives me. It gives absolutely 0 information on where the file is, what the file name is, like it seriously gives nothing to go on. And I understand that remove all should remove them from allowed, like I said in the original post my issue is it doesnt. As i have said 3 times now also in the original post, it is not in my exclusions, they are exclusions for our autodesk software thats all that is in there. Again again like I said in the original post too is that I am a domain admin so I can delete anything I want but this wont delete. you are seriously asking me the same questions over and over here man. This is just ridiculous, I am probably just going to image it on Monday and be done with it since microsoft wants to tell you about a virus and not let you clear it from the system. Totally makes sense to have a virus scanner that does that.

    • Edited by ITTom2.0 Wednesday, November 23, 2016 11:05 PM
    Wednesday, November 23, 2016 10:58 PM
  • Its probably a false positive that was found in the Autodesk files before exclusions were applied. It is an Allowed item so it is has been around a while and not caused issues then it most likely is not a real threat.

    Rob Brown - Microsoft MVP - Windows and Devices for IT - Windows Insider MVP : Bicycle - Mark Twain said it right.

    Wednesday, November 23, 2016 11:05 PM