This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 47%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
I ran a Microsoft Security Scan and during the scan I could see that it had found 12 infected files. When the scan completed, it said that there were no viruses, spyware, or other potentially unwanted software detected. I have attached screen shots.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 46%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYD%3C/text%3E%3C/svg%3E)
Hi,
I would like to check if the issue has been fixed? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback.
Best Regards,
Danny
Hi,
I would like to check if the issue has been fixed? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback.
Best Regards,
Danny
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Hi,
To truly answer your question, you need to understand how the Microsoft security apps actually operate, since that's part of why this sort of situation can be confusing to those who don't.
The "Files Infected" count displayed on the Microsoft Safety Scanner, scan in progress screen or any of their other security products for that matter, is actually just a preliminary status indication that there are items which may contain malware. In many cases these specific items have been found in the past to be related to malware, but they are all really just small fragments that have matched signatures, but aren't yet truly confirmed as the specific malware that might include them.
Near the end of the scanning process, say 95% complete, the Microsoft scanners all perform a MAPS (Microsoft Active Protection Service) request via internet to the the Microsoft cloud servers in order to upload their initial findings and request confirmation that these findings are either truly malware or instead possible false positive detections or incomplete fragments of inactive malware.
So what actually happened is that the scanner found possible malware fragments, communicated with the MAPS servers and confirmed there weren't any active malware that it can identify running and completed its operation by reporting these final results as well as uploading its reporting to MAPS as a record.
Back to your case, according to the screenshots there's nothing truly wrong with what the Safety Scanner found.
Thanks for your time.
Best regards,
Danny
-----------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 42%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Today I experienced same issue. I absolutely agree about the silly answer. I would add unpolite answer as well:
"you need to understand how the Microsoft security apps actually operate, since that's part of why this sort of situation can be confusing to those who don't"
We, as users of Microsoft's software and customers of Microsoft company, don't need to understand how the Microsoft security apps actually operate. There is no requirement for Windows' users to have a bachelor's degree in computer science, right?
Instead of saying that Catwoman-3559 is not understanding the app because of his ignorance, you could just have admited the fact, perfectly explained by JohnClegg-8996, that the application is providing misleading information and should be improved.
So thanks for your anser, YuhanDeng-MSFT, but in my honest opinion you should review in the manual that chapter about being friendly, thinking about the issue from user's point of view, and all that stuff.
John
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 33%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Danny, your answer is just silly.
What is wrong with Catwoman-3559's screenshots are that the first one says "Infected files: 12" and then the second one says "The scan completed successfully and no viruses, spyware, and other potentially unwanted software were detected."
These two pieces of information directly contradict each other and simply don't make sense.
MS could easily correct this confusion by changing the verbiage in the initial screenshot to “Possibly" Infected files: 12” or "Potentially" Infected files: 12" AND something like "Please see final "Scan results."
-John
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 88%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
I agree with @John Clegg here about the contradictory messaging. The scan progress screen should show "Suspicious files: 12" -- not "Files Infected: 12"
Additionally, based on the description @Yuhan Deng gave of what the tool actually does, the description at the top of the scan progress screen should be modified to say something like this: "After this operation completes, the tool will send any suspicious files to Microsoft to determine if they are viruses, spyware, or other potentially unwanted software and report the results."
That would reassure users that the suspicious files will be further evaluated to determine if they are actually infected, so the final result of no infections will not be so contradictory that it leads to posts being created on Microsoft forums.
And since I'm already in here giving unsolicited advice about how to improve an already useful tool, it would be helpful if there was some indication of what it is doing when it starts the progress bar over again. Even if I start it on a scan of just the C drive, it seems to scan it multiple times. I assume it's using a different heuristic each time or something, but a better indication of how many heuristics or how many scans it needs would be nice. That would help me to estimate how much longer it will take to complete. The full scan takes all day on my computer with tons of files, so that extra indication would be very informative.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 4%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
I don't mean to raise suspicions, but Ed Snowden and the like have already informed us of larger entities that may be interested in our data, could there be corporate bedfellows? don't fool yourselves.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 73%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENQ%3C/text%3E%3C/svg%3E)
I also agree with the need for new wording on this tool. I was just doing a web search to see what sort of terrible virus was manipulating my AV software. I've been using 6 different tools for the last two days and these "infected" files kept me concerned.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 17%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EER%3C/text%3E%3C/svg%3E)
I am encountering the same issue: Microsoft Safety Scanner 1.389.705.0 indicates Files Infected. The present count is at '2'. When I initially ran this scan the count was '14' (if I recall correctly). There where no recommended further steps recommended. 3rd party scanners don't indicate any infection but this is a Microsoft Operating System so I defer to Microsoft KB. Is my OS infected as Microsoft Safety Scanner 1.389.705.0 suggest or is Danny on point and some harmless code fragment has triggered these notifications? Kind of concerned since I had to return this device to the factory days after it's arrival due to an unauthorized web access and lateral movement.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 70%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)