This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
recently i made some tests on a virtual machine and i copied some files from the vm to the host machine
at the begining there was no pb with defender on the host but now defender always detect "Trojan:Script/Wacatac.H!ml"
i would like to understand why ?
Has defender "learned" to detect some events using statistics on my host machine ? If yes, is it possible to reset defender on the host (to be like on the vm where there is no detection ?)
thanks
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
The TDT settings may be causing false-positive detections. But I'm not sure. And it's possible that TDT is unavailable on VMs.
I found the following image in a PDF file (sec002-enabling-intel-vpro.pdf).
See also:
Wacatac false positive outbreak? - Microsoft Community:
Thanks for reply
I compared and at the moment i found those differences :
On the host
TDTMode : rsw
TDTSiloType : E
TDTStatus : Enabled
TDTTelemetry : Disabled
ThreatIDDefaultAction_Actions : {6, 6, 6, 6...}
ThreatIDDefaultAction_Ids : {232718, 242420, 246173, 311936...}
On the vm
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/A
ThreatIDDefaultAction_Actions :
ThreatIDDefaultAction_Ids :
Hi Marc,
The following PowerShell commands show the Microsoft Defender Antivirus configuration, the security intelligence and the platform versions.
You may run these two commands on the host as well as the VM, and compare the two outputs.
