A while ago I reported an AxCrypt and MSFT Defender issue (see Post 966) where Defender detected a LOW UNWANTED program threat running on my system. It indicated that the potential virus code called CANDYOPEN in the WIN32 folder was the violation and that AxCRYPT code had the infection. Here are is an explanation of resolution to this issue:
The issue started occurring in June 2020 after a Defender update. The CANDYOPEN check finally reported potential WIN32\CANDYOPEN threat in several of files of AxCrypt version 1.7. Thanks to the AxCrypt Community Support board, I was told to use the latest Legacy code which has eliminated the threat (see The AxCrypt Post Here ). In that I reported that "I tried all of these: 1.7.3180.0 (currently using), 1.7.2893.0 Beta MSI, 1.7.1878.0 Beta MSI" and still had the problem. I was told yet another and newest update legacy version(1.x) AxCrypt-1.7.3233.0-Setup.zip should be installed. The instructions were to delete any previous versions and reinstall using above zip-file. I did so and continued to have Defender threat error reported. As it turned out, if the INSTALL SETUP file for 1.7.2893.0 Beta MSI level code is left on the machine after the running version is removed from the system, IT is detected in that SETUP file which is NOT deleted when removal is done. You MUST do a manual delete of the previous SETUP files in addition to removing the running code.
So, when when the running code is removed, the old 2893-level SETUP is deleted PERMANENTLY (i.e., delete from ReCycle Bin too), and 3233-level is installed, the issue will be resolved.
Now, what do you do with all the left over error messages every day still in Defender? To CLEAR the MSFT Defender Protection History simply delete the files in folder C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service. I saw a tip to delete the folder itself, but it is protected by MSFT and can’t be deleted. Instead, delete all the files in the folder above. Windows will allow deletion of all but one file, some logging file, and after doing so it will be clean again. However, you WILL lose any other errors reported. Some other posts note that the errors errors are kept for 30 days, then deleted automatically. You have that option. I have found however that I could not go to Defender's "Virus and threat protection" to do a SCAN. Instead, it went to the screen where all the errors were reported. I only had one other error (CCleaner detected with LOW threat same as this AxCrypt error) and decided to wipe them all out.
Btw, the CCleaner support team is working with MSFT re that issue and can be searched on Internet. Don't know the final plan of resolution, but CCleaner note it is NOT an issue and most likely a fake positive.
I should also note that MalwareBytes will also detect the AxCrypt unwanted program issue as does several other Antivirus programs. So, the detection is new in June 2020. I should also note that I am using the 64-Bit version of AxCrypt code and Win32, I believe, had no place in that as far as running code; I don't even think I have a WIN32 folder! Yet, the CANDYOPEN culprit evidentially was in the SETUP file as described.
No comments:
Post a Comment