Share via

Windows Defender, notification saying it has found malware and is removing it every 15 seconds

Anonymous
2017-12-11T06:46:10+00:00

hi,

i have windows 10. then randomly five days ago the windows defender has gone into overdrive. every 15 seconds i get a new, very loud and annoying, notification saying it has found malware and is removing it. i did a full scan and there were no problems. yet i still get a notification every 15 Seconds. what is going on and how can i fix it ?

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments No comments

6 answers

Sort by: Most helpful
  1. Anonymous
    2017-12-11T14:16:00+00:00

    Users sometimes get these repeated detections because Windows Defender Antivirus still doesn’t have an error handler for remediation failures. So instead of telling you that you need to manually remove a threat, or use a third-party malware-removal app for that purpose, Defender will just keep on detecting the same threat over and over again.

    People tried to explain this to a Microsoft developer in this thread:

    https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/found-some-malware-windows-defender-is-removing-it/aa0b864e-0ab5-4a4c-98f0-f6053319852f

    When a threat detection starts recycling like this, you don’t want to turn off notifications; you want to take some action to remove the threat, since it might not have been blocked. The first thing you should do is check the detection path for the threat, to see if it’s in a location where it can be deleted with Disk Cleanup or by clearing your browser cache. The detection path is listed in the Full History page under “Affected items”.

    Windows Defender Security Center > Virus & threat protection > Scan history> See full history > down arrow > See details

     

    More detailed information is available if you right-click on the Start button; select Windows PowerShell; and then copy, paste, and enter these commands:

    Get-MpThreatDetection

    Get-MpThreat -ThreatID [ID]

    Pay particular attention to the fields that report the location and status of the threat, and also to the Action Success and Additional Actions Bitmask fields. If Windows Defender Antivirus actually has the ability to report remediation failures, then this is where we would expect to find it:

    None (0)

    FullScanRequired (4)

    RebootRequired (8)

    FullScanAndRebootRequired (12)

    ManualStepsRequired (16)

    FullScanAndManualStepsRequired (20)

    RebootAndManualStepsRequired (24)

    FullScanAndRebootAndManualStepsRequired (28)

    OfflineScanRequired (32768)

    FullScanAndOfflineScanRequired (32772)

    RebootAndOfflineScanRequired (32776)

    FullScanAndRebootAndOfflineScanRequired (32780)

    ManualStepsAndOfflineScanRequired (32784)

    FullScanAndManualStepsAndOfflineScanRequired (32788)

    RebootAndManualStepsAndOfflineScanRequired (32792)

    FullScanAndRebootAndManualStepsAndOfflineScanRequired (32796 )

    https://msdn.microsoft.com/en-us/library/windows/desktop/dn439471(v=vs.85).aspx

    Of course the problem with this is that the manual steps required for the removal aren’t specified. If the Learn more link in the Full History details is functional, then there might be some manual steps provided in the threat catalog. But what I’m seeing with the eicar.com test file is a dysfunctional link in the Windows Defender Security Center app, although the link in the classic Windows Defender UI is working fine. But for the most part, if the threat isn’t located in a folder that can be cleared manually with Disk Cleanup, or by clearing the browser cache, then you should run some of these trusted third-party malware-removal apps:

    Kaspersky Virus Removal Tool:

    http://support.kaspersky.com/viruses/kvrt2015

    Emsisoft Emergency Kit:

    http://www.emsisoft.com/en/software/eek/

    Malwarebytes Anti-Malware (free version only):

    https://www.malwarebytes.org/antimalware/

    Eset Online Scanner:

    http://www.eset.com/us/online-scanner/

    Some other trusted third-party malware-removal apps are listed here:

    https://answers.microsoft.com/en-us/protect/wiki/protect_other-protect_scanning/list-of-malware-removal-tools/d824b9af-ebd8-4c47-94e2-8ee6c544c100

    GreginMich

    4 people found this answer helpful.
    0 comments No comments
  2. Reza-Ameri 45,806 Reputation points Volunteer Moderator
    2017-12-11T15:30:19+00:00
    2 people found this answer helpful.
    0 comments No comments
  3. Anonymous
    2017-12-14T23:27:41+00:00

    Once again; if the notification is for “No threats found” then you should be able to turn it off because it’s non-critical. If the notification is for “Threats found” then you won’t be able to turn it off because it’s critical. If “No threats found” notifications won’t turn off, then it’s a bug and you can continue to ignore my suggestions and file a complaint at the Feedback Hub. On the other hand, if you’re getting “Threats found” notifications, then you’ll need to go back and reread my reply in your own thread:

    https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start-windows_10/turning-off-windows-defender-antivirus/d5402386-dcc4-4e53-92c7-b568fa7913ce

    If you can’t get things straightened out, then just install another free AV app – and that should turn off Windows Defender and all of its notifications:

    https://www.pcmag.com/article2/0,2817,2388652,00.asp

    GreginMich

    0 comments No comments
  4. Anonymous
    2017-12-14T20:40:59+00:00

    Is anyone planning on fixing this super annoying bug?

    I turned the Windows Defender virus scan off and it is still sending me tons of alerts.

    For example, just now I got three alerts in a row.

    It may be worth reiterating that I TURNED IT OFF and it is still doing this. Why does the turn it off option exist if it doesn't work? It can't be turned off? 

    Ran the scan again and I'm getting more warnings. 

    The symptoms:

    1. Virus detect turned off
    2. Windows Defender Antivirus notifications turned off (see pic)
    3. Even though it is turned off I keep getting new "threat found" alerts every 10 min or so.
    4. And when I run the scan, it doesn't find anything.

    This is a really bothersome bug. I'm sure it is a new creator release bug.

    0 comments No comments
  5. Anonymous
    2017-12-11T17:05:30+00:00

    A Windows Defender Offline Scan is a good suggestion. If looking for the Additional Actions BitMask is a bit much, or if it doesn’t suggest any additional actions, then let’s just combine all of the steps except for the manual ones. I think this sequence covers everything:

    Reboot > Full Scan > Reboot > Offline Scan

    GreginMich

    0 comments No comments