{"id":703,"date":"2020-10-14T12:20:05","date_gmt":"2020-10-14T11:20:05","guid":{"rendered":"https:\/\/www.infobyte.hr\/blog\/?p=703"},"modified":"2025-04-08T19:13:29","modified_gmt":"2025-04-08T18:13:29","slug":"false-positive-conteban-aml-detection-on-docx-xlsx-pdf-and-zip-files","status":"publish","type":"post","link":"https:\/\/www.infobyte.hr\/blog\/703\/false-positive-conteban-aml-detection-on-docx-xlsx-pdf-and-zip-files\/","title":{"rendered":"False positive Conteban.A!ml detection on DOCX, XLSX, PDF and ZIP files"},"content":{"rendered":"<a href=\"https:\/\/www.oeclassic.com\/\" style=\"border:2px solid #000;border-radius:12px;background:#f5df79;color:#000;padding:8px;margin:36px 0;text-align:center;font-size:20px;font-family:Helvetica, Tahoma, Verdana, Arial, sans-serif;font-weight:bold;text-decoration:none;display:block;\">At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic - Click here to download!<\/a>\n<p>Microsoft has really messed up this time. In the most recent update of <strong>Windows Defender Antivirus<\/strong> definitions file (called <strong>Security intelligence<\/strong> in Windows 10), it has started flagging some of the DOCX (Microsoft Word), XLSX (Microsoft Excel), PDF (Adobe Reader \/ Adobe Acrobat) and ZIP (archive format) files as <strong>Conteban.A!ml<\/strong> malware. Note that some other types may be reported such as <strong>Wacatac.B!ml<\/strong>.<\/p>\n\n\n\n<p>The threat itself is described on <a rel=\"noreferrer noopener\" href=\"https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?Name=Trojan:Win32\/Conteban.A!ml&amp;ThreatID=2147735506\" data-type=\"URL\" data-id=\"https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?Name=Trojan:Win32\/Conteban.A!ml&amp;ThreatID=2147735506\" target=\"_blank\">https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?Name=Trojan:Win32\/Conteban.A!ml&amp;ThreatID=2147735506<\/a><\/p>\n\n\n\n<p>However, while this is a real threat, the latest Windows Defender Antivirus falsely labels otherwise safe files as malware. The problem can be seen by simply attempting to scan affected file types where Windows Defender will report a detection.<\/p>\n\n\n\n<p>What you should know is that this is a <strong>false positive detection<\/strong>. That means the problem does not exist, it incorrectly labels safe files as malware-positive detection. If the same files are scanned by other antivirus programs they turn out as safe.<\/p>\n\n\n\n<p>A quick workaround solution is to click on <strong>Protection history<\/strong> and then expand any of the &#8220;Threat blocked&#8221; items. In the bottom right corner there is <strong>Actions<\/strong> drop-down under which there is an <strong>Allow<\/strong> option.<\/p>\n\n\n\n<p>But much better (and what I recommend) solution would be to use the application called <strong>Feedback Hub<\/strong> which you can find by searching Windows 10 and report this problem back to Microsoft. The more reports they get the sooner they will react and fix the problem they have introduced with this Windows Defender Antivirus update.<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>At last, perfect replacement for Outlook Express and Windows Live Mail is available, called OE Classic &#8211; Click here to download! Microsoft has really messed up this time. In the most recent update of Windows Defender Antivirus definitions file (called Security intelligence in Windows 10), it has started flagging some of the DOCX (Microsoft Word), &hellip; <a href=\"https:\/\/www.infobyte.hr\/blog\/703\/false-positive-conteban-aml-detection-on-docx-xlsx-pdf-and-zip-files\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">False positive Conteban.A!ml detection on DOCX, XLSX, PDF and ZIP files<\/span><\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-703","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/posts\/703","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/comments?post=703"}],"version-history":[{"count":1,"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/posts\/703\/revisions"}],"predecessor-version":[{"id":716,"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/posts\/703\/revisions\/716"}],"wp:attachment":[{"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/media?parent=703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/categories?post=703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infobyte.hr\/blog\/wp-json\/wp\/v2\/tags?post=703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}