Behavior:Win32/DefenseEvasion.P!ml
file: D:\World of Warcraft\Data\data\shmem
Submitted the file above and received the following comment:
Analyst comments:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
Run “MpCmdRun.exe -SignatureUpdate”
I let Defender “remove the threat” before I read this. I think I’m in a bad state now - the battle net client thinks every game needs to be updated and throws a “Whoops! Looks like something broke” error when I try to update any of the games. I’ve tried reinstalling the battle.net client twice (deleting all the cache files too).
Windows Defender has flagged the following file at least 6 times now: Warcraft\Data\data\08000002b0.idx
Each time it gets flagged my game crashes. I can usually play for about 5 minutes at a time before this happens.
Each time the file gets recreated, removed by defender, and my game crashes
You can Allow the file in Windows Defender. Go to Windows 10 settings -> Update and Security -> Windows Security -> and click the button Windows Security. Under the virus & threat protection you can change your settings or allow an exempt file so it won’t keep deleting it.
Mine complained and allowed me to accept the file when it was first detected and I found this thread, but you must have flagged it for autoremove and now you’re stuck in a cycle. I think if you add an exception you’ll be okay again.
Defender and such give false positives for “virus like behavior.”
Just did a recursive scan in Linux, with clamscan, in the Wow folder. Came up with zero Viruses.
Re: Fixed this. Had to reinstall the entire WoW client. Not a big deal since I wanted to move it to an SSD anyway, but something in that directory was definitely broken.