[German]Has anyone noticed the problem with Defender in Windows 10 that the virus protection suddenly loses defined exclusions for scans? Here is some information on this issue. Addendum: The bug has been fixed.
Background information: I received a mail from the German heise editorial team informing me about an observation, a reader made. Its a strange behavior in Windows Defender. Since there were only on e mention within the Internet yet, I am posting it here in the blog in consultation with heise. The reader Rene S. describes the following observation on October 23, 2020 (translated):
Exclusions in Windows Defender disappeared
Hello dear heise editorial team,
I noticed today that with Windows Defender all my exclusions have disappeared or are no longer visible. Also it is not possible to create new exclusions. In the latter case there is no error message, but after confirmation nothing is displayed, as if you had not done anything.
Antimalware client version: 4.18.2010.4
module version: 1.1.17500.4
However, I myself suspect that the exclusions are not completely gone, they are just not apparent. Because after a quick scan today, the obligatory message “Items skipped during scan”, which actually only appears when exclusions are added, was displayed after the process was completed.
So far I could only find a thread about this topic in the forum of deskmodder.de from October 22nd, 2020, which also reports about it but no solution.
I have Windows 10 myself and yesterday I updated to 20H2. But I think the problem is not Windows itself but Windows Defender.
In the discussion at deskmodder.de it turns out that it might be the Defender update of the anti-malware client version: 4.18.2010.4. The problem seems to be still continuing. Anyone of you who has the problem and can confirm it?
Addendum: Strange thing
As it’s mentioned within the comments below, Antimalware engine 4.18.2010.4 isn’t official distributed by Microsoft. The reader contacted me with a 2nd mail and wrote.
The strange thing about this version 4.18.2010.4 of Defender is that it is not officially distributed by Microsoft. Also via Microsoft’s update catalog, the KB4052623 (https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623) currently only offers the client version 4.18.2009.7 and the older version 4.18.2001.10.
According to the forists at deskmodder.de or the thread I mentioned, this version of Defender was only distributed in the DEV channel so far. But since I only use a local account for this Windows installation and I’m not logged on to the insider program of Microsoft, I’m more wondering why this version of Defender was installed on my computer at all and why it is reinstalled in the background after I went online and let Windows check for updates.
I’m running a VM with Windows 10, where I’m logged in to the Insider program (Release Preview Channel) for testing purposes, but this Windows account is not used by the host system, but only by VW. The VW Windows was also activated by a separate Windows key. In the host system, where I received the client version 4.18.2010.4 of the Defender and, if I go online, continue to receive it, the Windows account is only logged on in the Microsoft Store. However, this should not be the cause.
I myself will try, probably tonight, the workaround from the forum of deskmodder.de and hide the update KB4052623, with the client version 4.18.2010.4 of the Defender or – I’m still thinking about it – do an in-place update, because I’m back yesterday on a backup with Windows 10 2004 from October 3rd, 2020 and the PC is or was offline since then, on Windows 20H2. But I will do the Inplace Update offline to be on the safe side, in case the client version 4.18.2010.4 of the Defender is used during the update process. Because, as far as I know, the client version 4.18.2009.7 is integrated via the current MCT of 20H2.
So we have no idea what happened, but it’s not a single isolated case.
Addendum: The bug has been fixed. German blog reader Tom informed me today (Oct. 29,2020), that an update of anti malware client to version 4.18.2010.6 fixed the issue. The excludes are shown again – simply a “Bug as a service”…