The latest update of Defender deletes certain source codes and exe files

Through this article, we will discuss an issue that has Windows 10 users on tenterhooks because it is about to mess with some of their saved files.

How many of you remember what DeCSS is?

If you do not allow us to update your memory, by telling you that DeCSS is one of the first free computer programs that can decrypt content on a commercially produced DVD-Video disc.

Prior to the release of DeCSS, open source operating systems, such as BSD and Linux, could not play encrypted video DVDs.

The above problem is directly related to this type of software, as reported by a Reddit user who found out exactly what happened.

Windows Defender update deletes some Windows 10 user files

Reddit user Tizaki first noticed that something was off, he would check his archived copy of both the source code and Complied .exe for DeCSS,

This happened, as we said on Windows 10, OS Build is 19043.1110, version 21H1, installed 6/10/2020.

Little did he know that the latest update applied to the Windows Defender tool would cost him some of that stored data.

The Windows Defender definitions daily update marked a copy of the popular DeCSS DVD encryption software as a Trojan, immediately quarantined it, and deleted it after another 60 seconds.

According to Tizaki, The protection tool picks up the software as Glupteba! Ml Trojan, and marks it as a serious threat.

As a side note, Windows Defender also diagnoses mid-2000s XFX Keygen programs as high threats, marking them as potential ransom.

It seems that the new strict parameters that Micorosft implemented for the trademark security software are not tolerant of old cracked software and take rapid action against these so-called threats.

As you can already imagine, such a topic has sparked endless debate across social media platforms and forums, where many other users shared the fact that they have experienced similar events.

In my workplace we had an incident where an antivirus program broke a program that was used to monitor industrial control systems. The safety logic of the industrial control system became “NOPE” after the loss of monitoring and closed everything.

Admittedly, the vendor’s bad programming routines like not signing the program digitally did not help, but the only way we could prevent it from happening again was to approve specific files.

If Windows Defender started meeting our stuff and giving the go-ahead to our list of exceptions, I can assure you that management would have the engineering heads on pike if we told them “we are waiting for Microsoft to fix their antivirus program before restarting production. Line” .

In comparison, other antivirus software like Kaspersky certainly does not pose a threat. However, on VirusTotal, 32 out of 72 engines also identify this as harmful.

You can also quickly look at the log file:

MpCmdRun: Command Line: mpcmdrun  -restore -all
 Start Time: ‎Tue ‎Jul ‎20 ‎2021 20:10:48

MpEnsureProcessMitigationPolicy: hr = 0x1
ERROR: MpQuarantineRequest failed: name: HackTool:Win32/Keygen!MSR, GUID: {8003F52C-0000-0000-33A7-F7F5B974DFEF} (80508014)
ERROR: QuarantineRestore failed (80508014)
ERROR: MpQuarantineRequest failed: name: HackTool:Win32/Keygen!MSR, GUID: {8003F52C-0000-0000-B7CE-870973926357} (80508014)
ERROR: QuarantineRestore failed (80508014)
ERROR: MpQuarantineRequest failed: name: Trojan:Win32/Glupteba!ml, GUID: {80040956-0000-0000-D48C-06A3EB93B95A} (80508014)
ERROR: QuarantineRestore failed (80508014)
MpCmdRun.exe: hr = 0x80508014.
MpCmdRun: End Time: ‎Tue ‎Jul ‎20 ‎2021 20:10:48

The best advice anyone can give you, in this case, is to make a backup copy of this old software, unless you want to use it again, as the operating system will definitely delete it.

Another important aspect to keep in mind is the importance of being informed and knowing how to react in these situations when Windows Defender deletes your files.

Have you experienced similar issues with Microsoft’s built-in security tools? Let us know in the comments section below.