View Full Version : Win 11 Windows Security called Spybot Ransomeware!
RBEmerson
2024-05-29, 02:57
I just manually started a Spybot scan and 55 files in, Windows Security called Spybot ransomware, and quarantined. This is on a machine in service since Feb.,'24 running Win 11. Unfortunately, aside from Spybot files now missing (deleted/quarantined), WS doesn't say what or why it did what it did.
My download link has expired, and I don't want to inadvertently kill any existing license files. What's the best way to reload Spybot? How do I keep WS from going ballistic over the new installation?
It's probably best to use the contact page for help from Team Spybot on this one. I wouldn't want to get you to do anything that might inadvertently mess up your license files, either. :)
https://www.safer-networking.org/support/#contactform
RBEmerson
2024-05-30, 06:02
OK, I'll do that.
The initial failure is confusing, because I've been running with this setup since February without a complaint. And then WHAM!
Cool. :thanks:
The initial failure is confusing, because I've been running with this setup since February without a complaint. And then WHAM!
It's possible that Windows Security may have released newer definitions or something along that lines and there is a false positive in the mix somewhere, causing Windows Security to think that some part of Spybot is ransomware, etc. That would explain why Windows Security detected something just out of the blue like that, though that's just a bit of a guess on my part. :)
RBEmerson
2024-05-31, 15:23
Exactly my thought - MickeySoft "improved" WS one step too many, or in the wrong direction.
I fired off a note ASAP and... crickets. The one big gripe I have with Spybot is official support is slow, and often not responsive. Which is why I was hoping for a solution here. While maybe not a no-brainer, I don't think I've come up with a major challenge.
Sometimes a response might take a bit depending how busy they are, I reckon, plus there's also the weekend coming up. :)
RBEmerson
2024-06-01, 07:04
And in the interim, my system remains less than fully protected. Not quite what I paid Safer-Networking for.
I'd install at least the free version, except that would probably compromise the license file(s). Not a very satisfactory situation.
Yes, I realize that it's an unfortunate situation, and you have my sympathies. And I do realize that if Windows Security detected parts of Spybot as ransomware then it's likely a false positive. However, Team Spybot has malware experience so they are needed to determine that for certain in my opinion. I'd never want to get you to restore something bad from Windows Security quarantine if I made a mistake, nor would I want to mess anything up with your license files. That's why I asked you to contact them though it may take a bit longer, and in addition to that they'll see there might be a false positive with Windows Security, if that is what happened here and they aren't aware of it yet. :)
RBEmerson
2024-06-01, 15:39
With very few exceptions, once something hits quarantine, it's considered gone. Any restoration with be from fresh files. Except all I have is WS to vet the files; I don't have Spybot to back up the vetting process. :(
I agree this is probably a false positive. I doubt it's the first time it's happened with the current MS updates to Windows, which I why I expected a fairly quick response.
RBEmerson
2024-06-06, 18:45
As of today, it's been one week since I contacted Safer-Networking support. There has been no response, save a receipt for the initial message.
This matches the pattern with past experiences with S-N support.
I sent a message to tashi, RBEmerson.
RBEmerson
2024-06-08, 17:11
Thanks.
I remain unconvinced S-N is going to pull their finger out, and get on with the matter.
This is an old pattern; it's getting to be time to pay attention my .sig, and move on to another vendor.
RBEmerson
2024-06-10, 19:57
Today I finally received a response which re-installs a valid Spybot installation. It took two weeks to get it; not at all a satisfactory response time.
There was no response to the initial reason for the request for support: MS WS came up with a false positive against Spybot and deleted it (no indication of merely quarantining the files it deleted).
Strictly as a guess, I set Spybot as a primary anti-malware app, hoping it keeps MS WS from attacking Spybot. Maybe a good idea, maybe not...?