Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Weird Windows Defender behavior

10 Dec 2009   #1

Windows 7 RTM
Weird Windows Defender behavior

To begin with, I run Windows 7 Professional. I keep it patched up to date. I also run ESET NOD32 v4, and Windows Defender is on by default. Malwarebytes AntiMalware is run once a week on-demand.

Today I launched Steam, connected, and found there was a patch. I downloaded the patch and let it install. After it installed, I reconnected to steam, and suddenly Windows Defender popped up.

The popup balloon didn't say that it had found a virus, or malware. It said it flagged SteamServiceTmp.exe, and that it wanted to submit the file to Microsoft. I don't know if this means there was a virus in the file or some other malware. I think that's unlikely, considering it came directly from Valve (That's the file that launches to patch the Steam Service), but I'm not sure what that means. I can't find any record of the file being detected in the Windows Defender History, at all. Does this mean I have a virus? What is this all about?

All I can find is this information from the Event Viewer:

Fault bucket 864089046, type 5
Event Name: AVSubmit
Response: Not available
Cab Id: 0

Problem signature:
P1: Windows Defender
P2: 1.1.5302.0
P3: unspecified
P4: 1.71.700.0
P5: 00175e0c-0000-0000-0000-000000000000,7B6FEFA17A704B6D4A03BFABB1DBC794703D480F

Attached files:
\\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BF619DBF-AF9E-8823-3E83-12DE9B785E0B}-SteamServiceTmp.exe

These files may be available here:
C:\Users\{Omitted}\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_Windows Defender_aaba7e9e24b775a1b21d5c41a485d822c4ec703b_0ac496bf

Analysis symbol:
Rechecking for solution: 0
Report Id: 78cda38e-e5ff-11de-862f-001fbc01945b
Report Status: 0

EDIT: Upon review, here's the contents of the Report.wer file generated

Sig[0].Name=Problem Signature 01
Sig[0].Value=Windows Defender
Sig[1].Name=Problem Signature 02
Sig[2].Name=Problem Signature 03
Sig[3].Name=Problem Signature 04
Sig[4].Name=Problem Signature 05
DynamicSig[1].Name=OS Version
DynamicSig[2].Name=Locale ID
AppName=Windows Defender User Interface
AppPath=C:\Program Files\Windows Defender\MSASCui.exe

I uploaded the file to Virustotal, but the report has since expired. It came back with 1/41 as the result, with Panda finding the only positive (W32/Xor-encoded.A), and everything else being negative.

My System SpecsSystem Spec
11 Dec 2009   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Prevx say it's safe
My System SpecsSystem Spec
11 Dec 2009   #3

Windows 7 RTM

It sounds like the file must be safe then. Thanks for the link!

Windows Defender keeps doing this, though. It did it for the second time just recently. This time I caught the balloon message: "Review files that Windows Defender will Send to Microsoft (Important)". Then it asks me to submit the files when I look for more information. I can find information in the Event Viewer, but not in the Defender logs. It doesn't say "This is a piece of malware" explicitly, but the logs in the Event viewer call this an "AVsubmission". This time it did it to me for uninstall_plugin.exe after updating Flash from Adobe's website.

Is this normal behavior for Defender? Is it saying these files are malware? Or is it just submitting them to Microsoft for some unknown reason?
My System SpecsSystem Spec

11 Dec 2009   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1

I have Windows Defender disabled in Services. I prefer to use MalwareByte's Anti-malware.

Defender caused problems on my Vista computer, so I just put to bed, permanently and haven't used it on any of my machines, since.
My System SpecsSystem Spec
12 Dec 2009   #5

Windows 7 Home Premium 32-bit

Quote   Quote: Originally Posted by Jacee View Post
I have Windows Defender disabled in Services. I prefer to use MalwareByte's Anti-malware.

Defender caused problems on my Vista computer, so I just put to bed, permanently and haven't used it on any of my machines, since.
Windows Defender hasn't caused me any problems at all. (Not at least yet) I haven't even gotten one single pop-up balloon except, only when I bought the computer for the first time.
My System SpecsSystem Spec

 Weird Windows Defender behavior

Thread Tools

Similar help and support threads
Thread Forum
Windows Explorer weird behavior
Hello, I've dealing with a weird issue, and I'm lost at this point... need some additional pair of "eyes" to find out the issue described below: Machine: HP Pro Model 3515 64 bits OS : Windows 7 Pro 64bits RAM : 4 GB Processor: AMD Antivirus: ESET NOD 32 (current/updated)
General Discussion
Windows explorer freezing and weird behavior, as well as other issues
Hello everyone, These problems started happening maybe several months ago. I don't really use this laptop that often, so I have no idea what could of caused this. I'm running Windows 7 Ultimate 64 bit. Here are a list of the problems that are occuring. 1. If I press computer in the start...
General Discussion
Weird behavior by Windows 7, clock/date field changing
I am furious at not knowing why my date/clock in Windows 7 keep changins its appearance. It is as if the files or settings for Windows change mysteriously back and forth and I don't like it one bit. The issue pertains to this clock/date shown at the bottom right corner on the screen just beside...
General Discussion
windows 7 sp1 weird network behavior
Hi there I have something weird going on with my network, I can surf and download whatever form servers like Rapid, Mega and all those, but I was trying to download Fedora 14 using the a torrent file, and at the beginning it started to download at the max bandwidth I got but a few seconds later...
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:39.
Twitter Facebook