HackTool:Win64/ExplorerPatcher!MTB detection

Submitting this to Microsoft won't accomplish anything. This should be submitted to the government agency for use in their pending Microsoft antitrust case.

It's not even a hack tool, it restores Windows 10 functionality (taskbar, start menu) for Windows 11, and people who scan files for Windows defender thought this is a hack tool? Weird

Where do I find it in my drive so that i can add it to my EXCLUSIONS? I'm also fed up of defender being over protective in cases that are unwarranted.

Follow up:

I actually found it. Just add this folder to exclusions

C:\Program Files\ExplorerPatcher

This tool has certain behavior which consider as HackTool and it is recommended to Remove or Quarantine.

However, if you want to use it, you could do it as your own risk and allow it to run.

The source code is on GitHub: https://github.com/valinet/ExplorerPatcher

AV is flagging Explorer Patcher as being Explorer Patcher - so the AV is correct in what it's detecting but wrong in saying it's an issue.

Why does MS Defender see this as an issue? The documentation in their Malware Encyclopedia doesn't say what the threat is or what the developers of this tool could do to address it; it's arbitrary.

My belief is that this software will get flagged up by heuristics because it:

• Calls various Windows APIs / DLLs relating to changing OS behaviours; something most software wouldn't touch.
• Has crashed in the past (due to bugs since fixed) which may have given it a temporary bad reputation.

However, that's the point of the tool - so far as I can see there's nothing malicious; it's doing what it stated.

I can understand this detection being a false psoitive but getting its own code (HackTool:Win64/ExplorerPatcher!MTB) says someone's reviewed this and made a concious decision. If that's the case:

• If this has been found to be real malware MS should share more info on what the issue is - as we currently believe this to be a false positive so many are adding exceptions; i.e. if you can't rely on Defender to provide meaningful insights you'll get into bad habits of adding exceptions for anything it flags as you no longer trust your AV; which removes much of the benefit of having AV.
• If there are specific bits of code which are a concern (e.g. make the OS more vulnerable by compromising some feature) say, so the developers can look to correct or remove that specific feature / can make informed decisions about how to handle this.
• If MS are just being cautious thinking "this could easily be turned into something malicious in a future release, so we don't want to add exceptions to our heuristics but equally don't want the cost of revewing every new release" then document that - as trusting this app is a concern, encouraging users to add an exception for this app is the wrong way to go (MS advise against this; but by flagging something that's not malicious and not providing more info has the effect of encouraging many to add exceptions)

Precisely! No notes.

That was August 14, 2024. It is now December 7, 2024 and I do have some notes.

Windows Update annoyed me to the point of installing 24H2, figured I'd inevitably have to anyway. Uninstalled Explorer Patcher prior to doing so and the install seemed to go fine. Further to his github site, I added the relevant exclusions but couldn't get Explorer Patcher successfully installed again. Blowed up real good!

Anyway, found a product called "Portals" that's dirt cheap 3.99GBP, I gave him 5.00GBP. Hope I'm not being hacked by using it. Took a bit of tweaking but was able to get folders very close to displaying like Toolbars added to the Taskbar used to do. https://portals-app.com/