Why does Defender block powercfg.exe

EarnestAl 1 Reputation point

Defender blocked C:\Windows\SysWOW64\powercfg.exe (2019-12-07 10:10 77KB).
This looks like a legit windows file in a legit Windows location. Why has Defender blocked it?
The location it was protecting might have been the Windows Restore partition, notice said something like ...\hardisk%3 before it disappeared.

Windows 10 20H2, 19042.1348

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,744 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. MotoX80 31,556 Reputation points

    In Settings, check the Defender protection history.


    Or the Defender event log.


    1 person found this answer helpful.
    0 comments No comments

  2. Docs 15,141 Reputation points

    These are some powercfg commands.
    Please run them to see which work and which are blocked.

    Open administrative command prompt and type or copy and paste: (all at one time)

    powercfg /list
    powercfg /getactivescheme
    powercfg /a
    powercfg -lastwake
    powercfg -devicequery wake_armed
    powercfg -waketimers
    powercfg /availablesleepstates
    powercfg /requests
    powercfg /energy
    powercfg /batteryreport
    powercfg /sleepstudypowercfg
    powercfg /systemsleepdiagnostics
    powercfg /systempowerreport

    This will generate some reports.

    Please post share links into this thread for the commands with results and reports.

    Please remember to vote and to mark the replies as answers if they help.

    On the bottom of each post there is:

    Propose as answer = answered the question

    On the left side of each post: Vote = a helpful post

    1 person found this answer helpful.

  3. Reza-Ameri 16,826 Reputation points

    It could be a false-positive, you may open start and search for feedback and open the Feedback Hub app and report this issue.
    You may open the Microsoft Defender and add it to the exception.

    0 comments No comments

  4. Limitless Technology 39,331 Reputation points

    Hi there,

    Powercfg.exe is a legitimate file. It is also called Power Settings Command-Line Tool. It is used to control all configurable power system settings and it is associated with Microsoft Windows Operating Systems and it is developed by Microsoft Corporation.

    Sometimes the defender might misbehave or consider this vulnerable. You can either add this to the exclusion list or just ignore this as this might be cleared out in a couple of days.

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments