windows defender false positive definition and windows error code 0x80070070 There is not enough space on the disk RRS feed

  • Question

  • This computer has had numerous windows defender quick scans and all display Your PC is being monitored and protected.

    Each Malwarebytes scan has also displayed that the threat scan completed successfully.  Threats identified 0.

    A Windows defender full scan has frequently displayed that it found potential malware.

    Communications with Malwarebytes indicated that what windows defender was finding was a false positive.  That over time Microsoft would need to update their definitions.

    To date the definitions have not been updated and the Windows defender scans continue to display a potential threat.

    The second problem is the inability of windows defender to remove the potential threat with error code 0x80070070.  There is not enough space on the disk.  This process is supposed to take seconds but takes hours.

    File explorer then this pc then C drive displays 598 GB free of 667 GB.  That is 69 GB of used space and 598 GB free space. 

    The definition problem Windows defender versus Malwarebytes has been different for approximately one year:  Windows defender indicating possible threat and Malwarebytes no threat.

    Is one year sufficient time for the definitions to be updated to eliminate false positives?

    How come Windows defender is still displaying it as a potential threat?  And how come Malwarebytes is still displaying it as a no threat found scan?

    How come windows defender changes it color from red to green when it reports that an error was encountered?

    How come 598 GB of free space is insufficient for Windows defender (error code 0x80070070.  There was not enough space on the disk.

    Sunday, April 2, 2017 2:32 AM


  • Thank you, I have passed this information to the Windows Defender AV team.

    False positives and other AV related problems can be submitted here - https://www.microsoft.com/en-us/security/portal/submission/submit.aspx

    Saturday, April 8, 2017 4:14 PM

All replies

  • Thank you, I have passed this information to the Windows Defender AV team.

    False positives and other AV related problems can be submitted here - https://www.microsoft.com/en-us/security/portal/submission/submit.aspx

    Saturday, April 8, 2017 4:14 PM
  • Thank you for passing this information onto the Windows Defender AV team.  Please provide the link or forum for them so I can make the best submission next time.

    For the false positive I attempted to make a submission and it failed.  These are the problems that I had encountered:

    The file that windows defender found is not on the C drive but on the d drive.  I used software everything search to find the file.  When I right clicked on it it displayed that I did not have permission.  I am the sole user of this computer so I did not understand had to find a method to get the elevated permission.  Somehow I was able to create a zip file on the desktop.  Then I used the browse feature on the Microsoft site and attempted to include it in the post.  This appeared to work.  Then when I attempted to send the file it indicated that it must be less than 10 MB.  A right click on the zip file displays 4 KB. 

    How do you make the submission to Microsoft when the maximum size is 10 MB and the file that Windows defender indicates in the finding is 4 KB when zipped?

    Sunday, April 9, 2017 9:12 PM
  • Thank you for contacting Microsoft with your inquiry.  We regret to hear that you are having trouble submitting files to us.  If you still having problems, please obtain MPSupportFiles.cab from the affected machine and email it to mmpcres@microsoft.com.  Please follow the steps below to obtain MPSupportFiles.cab:

    From elevated command prompt:
    C:\Program Files\Windows Defender\mpcmdrun -getfiles

    Once we receive your files, we will investigate and reply to you.

    MMPC Customer Response

    Friday, April 14, 2017 11:29 PM
  • We reviewed removed detection from the file.  The change is available since April 9, 2017, in signatures version 1.239.1109.0 and above.  This new definition library will be available for users who subscribe to the automatic definition update mechanism, as well as users who choose to manually update their definition library.

    The latest definitions information is available here: http://www.microsoft.com/security/portal/Definitions/ADL.aspx

    Thank you for contacting Microsoft.

    MMPC Customer Response

    Tuesday, April 18, 2017 3:50 AM