“Windows Defender发现1个威胁”问题解决

发表于 更新于 本文字数: 658 阅读时长 ≈ 2 分钟

Windows Defender快速扫描提示发现1个威胁,但点进去却没有详情,也无法采取任何措施。经查疑似与阿里系软件有关。

“Windows Defender发现1个威胁”问题解决

1 问题描述

Windows Defender会定期自动进行快速扫描,每次都提示发现1个威胁,但点进去后又不给出任何详细信息,只是显示“当前没有威胁”。在“允许的威胁”和“保护历史记录”中,都没有任何记录。

2 解决方案

经过搜索,根据网上的讨论,普遍反映是阿里系软件造成的,如:阿里旺旺【知乎问答】。实验者安装全新系统并验证Windows Defender扫描结果无威胁后,安装阿里旺旺,重新扫描后发现出现该问题。

但我的电脑没有安装过阿里旺旺,之前倒是装过阿里的虾米音乐,但卸载后仍存在问题。

查阅大量链接后,发现一个superuser.com上的讨论:

Windows Defender found one threat, but won't allow me to take action

具体地,可以通过位于C:\Program Files\Windows Defender\MpCmdRun.exeMpCmdRun来输出日志:

1
2
C:\Users\shenj>cd C:\Program Files\Windows Defender\
C:\Program Files\Windows Defender>.\MpCmdRun.exe -Restore -ListAll

将会输出Windows Defender的日志(MPLog),其中有一个注册表项:显示为rootcert65439929B67973EB192D6FF243E6767ADF0834E4

在注册表中删除该注册表项:

1
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\65439929B67973EB192D6FF243E6767ADF0834E4

重新运行Windows Defender快速扫描,即不会再出现“发现1个威胁”而无详情、无法采取措施的情况了。

原因据分析为:

answer at superuser.com

I managed to resolve a similar issue, even I am not sure if this is your case too. This is caused by installing a software called Ali wangwang which is developed by Alibaba. A lot of Chinese users have this issue but they don't have a solution. Even uninstalled this software, the problem persists.

I set up a virtual machine and compared the registries before and after installing Ali Wangwang. The software made a number of modifications to the registry, but I noticed that there are one hash code which also appeared in the logs of windows defender(MPLog). I removed the the key with that hash code and the problem is gone! Computer_LOCAL_MACHINE\65439929B67973EB192D6FF243E6767ADF0834E4

This seems to be a certificate issued by Symantec, named Sysmantec Time Stamping Service Signer. I don't understand why this is causing the problem, and I am also not sure if I just "skipped" some scan which is supposed to be conducted? If someone knows about it, please share, thanks!

One thing for sure, there is no registry key like this on another PC or a new setup VM with Windows 10.

一方面,Windows Defender的软件交互实现堪忧,这种一边报发现威胁,一边却不给用户显示任何详情和措施选项。另一方面,看起来阿里的代码质量还有进步空间。