After the March 10th Patch Tuesday update, many Windows users began to question a Windows Defender notification telling them that certain files had been skipped during a scan. Windows Defender has a feature that gives administrators the choice to exclude specific files or directories from scans, but none of these users had configured an exclusion. According to the news site BleepingComputer, it does not appear that all Windows Defender users are receiving this notification. Reports that different versions of Windows Defender are affected have added to the confusion. At this time, Microsoft has yet to address the issue publicly.
Although some had concerns that malware could be the cause of the notification, the reason is more likely a bug introduced after the recent Windows update. For those currently using Windows Defender, a temporary solution is to use a third-party solution until the issue can be address by Microsoft. Affected users are encouraged to use Microsoft’s Feedback Hub app to submit a bug report. Anti-virus is a necessary security control to defend against known malware files, but it should not be considered a sufficient solution on its own. Attackers can easily create unique encrypted versions of malware that aren’t detected by any anti-virus software for hours or days. This can give attackers long enough to gain initial access through targeted attacks and disable anti-virus scanning. Companies should strongly consider additional endpoint and network monitoring solutions that allow security analysts to detect attacker behaviors without relying on malware file signatures.