Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Weird Windows Defender behavior

10 Dec 2009   #1

Windows 7 RTM
 
 
Weird Windows Defender behavior

To begin with, I run Windows 7 Professional. I keep it patched up to date. I also run ESET NOD32 v4, and Windows Defender is on by default. Malwarebytes AntiMalware is run once a week on-demand.

Today I launched Steam, connected, and found there was a patch. I downloaded the patch and let it install. After it installed, I reconnected to steam, and suddenly Windows Defender popped up.

The popup balloon didn't say that it had found a virus, or malware. It said it flagged SteamServiceTmp.exe, and that it wanted to submit the file to Microsoft. I don't know if this means there was a virus in the file or some other malware. I think that's unlikely, considering it came directly from Valve (That's the file that launches to patch the Steam Service), but I'm not sure what that means. I can't find any record of the file being detected in the Windows Defender History, at all. Does this mean I have a virus? What is this all about?

All I can find is this information from the Event Viewer:

Fault bucket 864089046, type 5
Event Name: AVSubmit
Response: Not available
Cab Id: 0

Problem signature:
P1: Windows Defender
P2: 1.1.5302.0
P3: unspecified
P4: 1.71.700.0
P5: 00175e0c-0000-0000-0000-000000000000,7B6FEFA17A704B6D4A03BFABB1DBC794703D480F
P6:
P7:
P8:
P9:
P10:

Attached files:
\\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BF619DBF-AF9E-8823-3E83-12DE9B785E0B}-SteamServiceTmp.exe
C:\Users\{Omitted}\AppData\Local\Temp\MPSampleSubmit\client_manifest.txt

These files may be available here:
C:\Users\{Omitted}\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_Windows Defender_aaba7e9e24b775a1b21d5c41a485d822c4ec703b_0ac496bf

Analysis symbol:
Rechecking for solution: 0
Report Id: 78cda38e-e5ff-11de-862f-001fbc01945b
Report Status: 0

EDIT: Upon review, here's the contents of the Report.wer file generated

Version=1
EventType=AVSubmit
EventTime=129049732283935547
Consent=2
UploadTime=129049732284013672
ReportIdentifier=78cda38e-e5ff-11de-862f-001fbc01945b
Response.BucketId=864089046
Response.BucketTable=5
Response.type=4
Sig[0].Name=Problem Signature 01
Sig[0].Value=Windows Defender
Sig[1].Name=Problem Signature 02
Sig[1].Value=1.1.5302.0
Sig[2].Name=Problem Signature 03
Sig[2].Value=unspecified
Sig[3].Name=Problem Signature 04
Sig[3].Value=1.71.700.0
Sig[4].Name=Problem Signature 05
Sig[4].Value=00175e0c-0000-0000-0000-000000000000,7B6FEFA17A704B6D4A03BFABB1DBC794703D480F
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7600.2.0.0.256.48
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=AVSubmit
ConsentKey=AVSubmit
AppName=Windows Defender User Interface
AppPath=C:\Program Files\Windows Defender\MSASCui.exe

I uploaded the file to Virustotal, but the report has since expired. It came back with 1/41 as the result, with Panda finding the only positive (W32/Xor-encoded.A), and everything else being negative.

My System SpecsSystem Spec
.

11 Dec 2009   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Prevx say it's safe
STEAMSERVICETMP.EXE, Prevx
My System SpecsSystem Spec
11 Dec 2009   #3

Windows 7 RTM
 
 

It sounds like the file must be safe then. Thanks for the link!

Windows Defender keeps doing this, though. It did it for the second time just recently. This time I caught the balloon message: "Review files that Windows Defender will Send to Microsoft (Important)". Then it asks me to submit the files when I look for more information. I can find information in the Event Viewer, but not in the Defender logs. It doesn't say "This is a piece of malware" explicitly, but the logs in the Event viewer call this an "AVsubmission". This time it did it to me for uninstall_plugin.exe after updating Flash from Adobe's website.

Is this normal behavior for Defender? Is it saying these files are malware? Or is it just submitting them to Microsoft for some unknown reason?
My System SpecsSystem Spec
.


11 Dec 2009   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I have Windows Defender disabled in Services. I prefer to use MalwareByte's Anti-malware.

Defender caused problems on my Vista computer, so I just put to bed, permanently and haven't used it on any of my machines, since.
My System SpecsSystem Spec
12 Dec 2009   #5

Windows 7 Home Premium 32-bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
I have Windows Defender disabled in Services. I prefer to use MalwareByte's Anti-malware.

Defender caused problems on my Vista computer, so I just put to bed, permanently and haven't used it on any of my machines, since.
Windows Defender hasn't caused me any problems at all. (Not at least yet) I haven't even gotten one single pop-up balloon except, only when I bought the computer for the first time.
My System SpecsSystem Spec
Reply

 Weird Windows Defender behavior




Thread Tools



Similar help and support threads for2: Weird Windows Defender behavior
Thread Forum
Solved Odd behavior, please advice, cannot access MSE/Defender System Security
Weird behavior by Windows 7, clock/date field changing General Discussion
Solved Weird behavior & bad performance with new HDD Hardware & Devices
weird ping behavior Network & Sharing
windows 7 sp1 weird network behavior Network & Sharing
No Crash but Weird behavior BSOD Help and Support
Weird Behavior IE8 Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:04 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33