This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 45%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Defender blocked C:\Windows\SysWOW64\powercfg.exe (2019-12-07 10:10 77KB).
This looks like a legit windows file in a legit Windows location. Why has Defender blocked it?
The location it was protecting might have been the Windows Restore partition, notice said something like ...\hardisk%3 before it disappeared.
Windows 10 20H2, 19042.1348
In Settings, check the Defender protection history.
Or the Defender event log.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 74%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
These are some powercfg commands.
Please run them to see which work and which are blocked.
Open administrative command prompt and type or copy and paste: (all at one time)
powercfg /list
powercfg /getactivescheme
powercfg /a
powercfg -lastwake
powercfg -devicequery wake_armed
powercfg -waketimers
powercfg /availablesleepstates
powercfg /requests
powercfg /energy
powercfg /batteryreport
powercfg /sleepstudypowercfg
powercfg /systemsleepdiagnostics
powercfg /systempowerreport
This will generate some reports.
Please post share links into this thread for the commands with results and reports.
.
.
.
.
.
Please remember to vote and to mark the replies as answers if they help.
On the bottom of each post there is:
Propose as answer = answered the question
On the left side of each post: Vote = a helpful post
.
.
.
.
.
@MotoX80 The only warning around that time and date was:
Curiously, the notice Defender blocked C:\Windows\SysWOW64\powercfg.exe has now completely disappeared, it's not even in list of allowed programs. Maybe related to me allowing "AAM Updates Notifier.exe" but seems unlikely.
It seems that Volume3 is UEFI , the SSD must be the second drive on the laptop and the HDD is the first. It's normal for powerconfig to alter UEFI
@ Docs-4663 All the commands ran OK apart from powercfg /sleepstudypowercfg but that ran OK after I changed it to powercfg /sleepstudy . The results were unremarkable, just 4 errors all minor, the worst of which was "PCI Express Active-State Power Management (ASPM) has been disabled due to a known incompatibility with the hardware in this computer."
I'm going to put this down to an unexplained glitch that has disappeared, possibly coming out of Sleep mode triggered it. Thanks for your time and effort. The suggestions on where to look for solutions were helpful and gave me a bit more knowledge of my computer which will be helpful in future. Cheers, Al
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
It could be a false-positive, you may open start and search for feedback and open the Feedback Hub app and report this issue.
You may open the Microsoft Defender and add it to the exception.
Hi there,
Powercfg.exe is a legitimate file. It is also called Power Settings Command-Line Tool. It is used to control all configurable power system settings and it is associated with Microsoft Windows Operating Systems and it is developed by Microsoft Corporation.
Sometimes the defender might misbehave or consider this vulnerable. You can either add this to the exclusion list or just ignore this as this might be cleared out in a couple of days.
--If the reply is helpful, please Upvote and Accept it as an answer--