I got an external hard disk with lots of stuff I use in it. I connect it to different computers, sometimes not mine, so I use "NTFS drive protection" to keep my files from being deleted accidentally or by antivirus false flags or other reasons. the only problem I have is that Windows defender deletes or quarantines some of my files each time I connect it to a system with active Windows Defender. Is there any way to manipulate my files so that windows defender can't delete or quarantine it because of its stupid false flags or anything else. May be better to say "is there any way to make files inaccessible for Windows Defender?" or "Is there any way to make files that are falsely flagged in windows defender look the other way?". Regards
4
-
No you cant, WinDefend is the supreme overlord, that is why I disable it on all my Windows 10 machines.>>>>superuser.com/a/1590934/40928– MoabCommented Feb 28, 2021 at 13:56
-
What is 'NTFS drive protection' supposed to do on a machine that simply doesn't respect the permissions? It feels like a bit of a false sense of security to me.– TetsujinCommented Feb 28, 2021 at 16:06
-
Well, the fact is that it works well for me, at least except when it comes to dealing with windefend!– Pc boyCommented Mar 1, 2021 at 12:21
-
Bet it wouldn't work if I plugged it in my Mac. :P– TetsujinCommented Mar 1, 2021 at 19:55
Add a comment
|
2 Answers
Virus scanners run with system rights, so they cannot be stopped by trivial things like filesystem permissions.
The normal way (if you control the machine) would be to set up exclusions.
If you cannot do that, the only way to keep those files is to make sure the virus scanner cannot see them, for example using encrypted archives (ZIP, RAR, 7z, …) or encrypted containers (TrueCrypt/VeraCrypt, VHDs with Bitlocker, …). You could have multiple containers for multiple contexts.
Of course, if you open the encrypted container, the virus scanner will still delete your stuff. There is no way to change this. If there were, it would be a monumental security issue.
answered Feb 28, 2021 at 14:09
-
You made a brilliant point with encrypted containers. That works for me if I put an encrypted archive in an encrypted container, so even if windefend deletes the file, I still can have it on my own machine or another machine with disabled windefend.– Pc boyCommented Mar 1, 2021 at 12:25
Windows Defender is normally in the System Tray and can also be found in the Main Menu as Windows Security.
When Windows Defender logs a file as a Threat, it quarantines the threat. Go to the Quarantine and mark the file as OK and then make sure the file name shows up as an Allowed Threat.
Doing that Whitelists the file and Windows Defender will no longer bother with it.
Here is a screen shot of existing Allowed Threats (Cain and Abel is not a virus)
In the event a hard drive is external to the computer, the computer settings such as above have to be managed at that computer, and indeed each computer that you may attach an external drive to.
That is how all decent security systems work.
-
As I said in the OP, I connect my hard disk to computers that are not mine, So I can't change settings in them, and I am looking for a way to make my files inaccessible for windows defender.– Pc boyCommented Feb 28, 2021 at 12:40
-
You have to change Virus settings in the other computers. Each computer owns it own Virus Settings and Quarantine. That is not (and never was) controlled by the external drive. I amended my answer to cover that. I have to make changes in both my computers when I happen to have a file on a USB Key.– anonCommented Feb 28, 2021 at 12:57
-
As I also mentioned in the OP, I use "NTFS drive protection" which does exactly control the ownership of files and does not allow modification of files by apps or users, the only problem it has is that windows defender is considered superior to any other users and can take the ownership of any file and so it can modify files.– Pc boyCommented Feb 28, 2021 at 13:10
-
Anything that is on a virus threat list (right or wrong) will be quarantined by Windows Defender.– anonCommented Feb 28, 2021 at 13:12