Mutated / Changed Definition
MS Windows Defender now see’s the same file as a different definition: Trojan:Win32/Orsam!rts.
The definition of the new threat? This is a generic detection, which means we use this name for a large number of trojans.
Again, this is the same copy of DeCSS. Nothing has changed.
Microsoft Defender still ignoring exception lists
Perhaps more important, the whitelist or exceptions did not work.
As 7/20/2021 I set an exception for the whole \Programs folder on the Z: drive (SMB Share). I also set a specific exception to the DeCSS program. As of 7/23/2021 Defender ignored both whitelist items and still quarantined the file, folwed by immediate deletion.
As before, the use of
mpcmdrun -restore -all -Path D:\temp is required to retrieve the file from a dump as Defender continues to not restore files to SMB shares