0

I have some utilities purposefully installed on my computer that Windows Defender detects as malware/hacking tools and wants to remove. I've successfully added them to the exclusion whitelist via

Control Panel >> Virus & threat protection >> Manage Settings >> Add or remove exlcusions

folder C:\apps\NirSoft

I am no longer plagued by notifications about virus threats for these files. However I am still being spammed about these same files in the ShadowCopy. How do I whitelist files or folders from both the primary volume and the shadowcopy? The [Add an Exclusion] button doesn't allow me to use the path reported by Defender in the threat notification:

file: \Device\HarddiskVolumeShadowCopy35\apps\NirSoft\netpass.exe
matt wilkie
  • 5,143
  • What is "ShadowCopy" in this case? – harrymc Mar 19 '21 at 17:28
  • Similar question>>>>https://superuser.com/questions/1416767/exclude-specific-file-from-windows-defender-command-line/1416773#1416773 – Moab Mar 19 '21 at 18:50
  • @harrymc https://en.wikipedia.org/wiki/Shadow_Copy – matt wilkie Mar 19 '21 at 19:22
  • @Moab thanks! I used that to add the shadow folder to exclusion list but I'm still getting notifications. I'm now trying various wildcard combinations. I think I might need to figure out what the fully qualified SC path is (e.g. what goes before \Device) – matt wilkie Mar 19 '21 at 19:29
  • Or just turn off checking for "potentially unwanted application", https://www.addictivetips.com/windows-tips/potentially-unwanted-app-found-message/ . Though it might decrease security slightly, most of these warnings are for useful tools, such as some of the Nirsoft's suite. – DrMoishe Pippik Mar 19 '21 at 19:58
  • OK, understood. This won't work for example if you have symbolic links to files outside of the VSS folders. It would be much simpler, if your computer is now clean, to delete them all. – harrymc Mar 19 '21 at 20:05
  • @DrMoishePippik yeah I don't want to lose the "unwanted application" protection layer completely. I just want to tell the guard at the door: "See this person? She's my friend, let her in without hassle. Thanks." – matt wilkie Mar 19 '21 at 21:06

0 Answers0