Share via

Windows defender detected HTML/Phish.refb!MTB in Windows server 2016 VHDX file

MADHAN KUMAR 1 Reputation point
2022-08-25T08:14:51.797+00:00

Today Windows defender has detected Malware (HTML/Phish.refb!MTB) in VHDX file in the hyper-v host server.

When checked the VHDX file is added in quarantine for action. Also in C:\ProgramData\Microsoft\Windows defender\Resource data\97 a file is present with the same size of the VHDX file. This occupied Hyper-V host machines C:\ space. VHDX file is nearly 900 GB so equivalent to 900 GB another file is created in Windows defender quarantine folder.

I need to remove the quarantine file but, i am afraid removing the quarantine file will delete the original VHDX file from VMs folder.

I am stuck with my C:\ drive space is fully used

Windows for business | Windows Client for IT Pros | Storage high availability | Virtualization and Hyper-V
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,931 Reputation points
    2022-08-26T08:53:27.957+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having issues related to Windows defender detected HTML/Phish.refb!MTB in vhd file.

    First of all please take back up of existing .vhdx file to avoid Defender to delete or quarantine the file.

    Then do the FULL scan to remove this infection from vhdx and see if Defender can heal it without deleting the vhdx file.

    ----------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.