Mutated / Changed Definition
![Windows Defender DeCSS Quarantine on 07/23/2021](https://www.arch13.com/wp-content/uploads/2021/07/Defender-072321-Again.webp)
MS Windows Defender now see’s the same file as a different definition: Trojan:Win32/Orsam!rts.
The definition of the new threat? This is a generic detection, which means we use this name for a large number of trojans.
Again, this is the same copy of DeCSS. Nothing has changed.
Microsoft Defender still ignoring exception lists
Perhaps more important, the whitelist or exceptions did not work.
![Windows Defender Existing Whitelist Exceptions](https://www.arch13.com/wp-content/uploads/2021/07/DeCSS-Exclusions.webp)
As 7/20/2021 I set an exception for the whole \Programs folder on the Z: drive (SMB Share). I also set a specific exception to the DeCSS program. As of 7/23/2021 Defender ignored both whitelist items and still quarantined the file, folwed by immediate deletion.
As before, the use of mpcmdrun -restore -all -Path D:\temp
is required to retrieve the file from a dump as Defender continues to not restore files to SMB shares