Why does Defender block powercfg.exe

EarnestAl 1 Reputation point
2021-11-26T22:54:26.027+00:00

Defender blocked C:\Windows\SysWOW64\powercfg.exe (2019-12-07 10:10 77KB).
This looks like a legit windows file in a legit Windows location. Why has Defender blocked it?
The location it was protecting might have been the Windows Restore partition, notice said something like ...\hardisk%3 before it disappeared.

Windows 10 20H2, 19042.1348

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,147 questions
No comments
{count} votes

4 answers

Sort by: Most helpful
  1. MotoX80 23,651 Reputation points
    2021-11-27T14:53:40.617+00:00

    In Settings, check the Defender protection history.

    152959-capture.jpg

    Or the Defender event log.

    153000-capture1.jpg

    No comments

  2. Docs 12,886 Reputation points
    2021-11-28T22:01:12.897+00:00

    These are some powercfg commands.
    Please run them to see which work and which are blocked.

    Open administrative command prompt and type or copy and paste: (all at one time)

    powercfg /list
    powercfg /getactivescheme
    powercfg /a
    powercfg -lastwake
    powercfg -devicequery wake_armed
    powercfg -waketimers
    powercfg /availablesleepstates
    powercfg /requests
    powercfg /energy
    powercfg /batteryreport
    powercfg /sleepstudypowercfg
    powercfg /systemsleepdiagnostics
    powercfg /systempowerreport

    This will generate some reports.

    Please post share links into this thread for the commands with results and reports.

    .
    .
    .
    .
    .
    Please remember to vote and to mark the replies as answers if they help.

    On the bottom of each post there is:

    Propose as answer = answered the question

    On the left side of each post: Vote = a helpful post
    .
    .
    .
    .
    .


  3. Reza Ameri 14,616 Reputation points
    2021-11-28T16:38:15.38+00:00

    It could be a false-positive, you may open start and search for feedback and open the Feedback Hub app and report this issue.
    You may open the Microsoft Defender and add it to the exception.

    No comments

  4. Limitless Technology 37,356 Reputation points
    2021-12-01T09:36:25.283+00:00

    Hi there,

    Powercfg.exe is a legitimate file. It is also called Power Settings Command-Line Tool. It is used to control all configurable power system settings and it is associated with Microsoft Windows Operating Systems and it is developed by Microsoft Corporation.

    Sometimes the defender might misbehave or consider this vulnerable. You can either add this to the exclusion list or just ignore this as this might be cleared out in a couple of days.


    --If the reply is helpful, please Upvote and Accept it as an answer--

    No comments