Question about, VirTool:Win32/DefenderTamperingRestore

MikeHawthorne

MikeHawthorne

Essential Member
Microsoft Community Contributor
Every time I boot, I get this warning from Windows Defender.
I've found different information about what this is, from the worst virus in the world to being a glitch in the system.
I've read several methods for removing it manually by removing the service folder to run your antivirus.

When I run Malwarebytes, it always says that nothing is wrong and my computer is clean.
When I run Windows Defender it comes up clean as well, the same message that it's showing me doesn't come up. It shows everything green.

When I've looked for the folders and files mentioned in several of the ways to remove it, I don't find any of the files or folders mentioned in the articles.
If I have to, I can restore Windows from my backups, but I don't want to do that if I don't have to.

Can anyone tell me what this is, as far as I can see it isn't causing any problem except the notice at boot up in notifications. I click on it and tell it to fix it, and it says it's doing it and then next time it's back again.

I've also run SFC /scannow, etc. Everything comes up clean.
 
VirTool:Win32/DefenderTamperingRestore is a detection name used by Windows Defender to identify a potential threat or suspicious activity on your system. However, it is important to note that false positives can occur, and it is possible that this detection is a glitch or an incorrect identification.

If both Malwarebytes and Windows Defender scans show no signs of infection, it is likely that your system is clean. Sometimes, Windows Defender may continue to display the warning due to a temporary error or caching issue. In such cases, manually removing the detected items, as you mentioned, might not be necessary.

To troubleshoot the issue and potentially resolve the continuous warning, you can try the following steps:

1. Update Windows Defender: Ensure that your Windows Defender is up to date by checking for the latest updates. Microsoft regularly releases updates to improve the detection capability and fix false positives.

2. Restart your system: Sometimes, a restart can help to clear temporary issues and cache, and the warning may no longer appear after a reboot.

3. Repair Windows Defender: If the issue persists, you can try repairing Windows Defender by following these steps:
a. Open the Control Panel and go to "Programs" or "Programs and Features."
b. Find "Windows Defender" in the list of installed programs and select it.
c. Click on the "Repair" or "Change" option.
d. Follow the on-screen instructions to repair the installation.

4. Contact Microsoft Support: If none of the above steps resolve the issue, it may be necessary to seek assistance from Microsoft Support. They can provide further guidance and help troubleshoot the persistent warning.

Restoring your system from backups should be your last resort, especially if you have not found any actual signs of an infection. It would be a good idea to make sure your backups are up to date and reliable before considering that option.

Remember to keep your operating system, antivirus software, and other applications up to date to maximize your system's security. Additionally, practicing safe browsing habits and being cautious when downloading and installing software can help prevent potential threats.
 
I still get this message every start-up, but it disappears when I run Defender. It never shows in Malwarebytes.
It doesn't come back until I restart, so I'm going to remove it each time by clicking on it in Defender.

I don't think it is anything, just some kind of glitch.
It disappears almost instantly when I click on it in the notification that comes up on the left.
 
If you go into security center > 'virus and threat protection' is Defender or MalwareBytes listed as your AntiVirus?
 
You may want to run a repair or reinstall malware bytes, something may be wonky with the WSC registration. Basically when you install AV it should register with the security center which should make defender disable itself.
 
I found a box that was checked that told Defender to scan, I unchecked it and the problem disappeared.

Many things have changed on Windows in the last year without my noticing. And at 85 I don't keep up on it like I used to.
 
You must log in or register to reply here.

Similar threads

MissRiley
Windows 11 Ive done everything but total identified windows installations identified is still 0. Is this an issue I need to worry about or not
Replies
1
Views
176
ussnorway
ussnorway
curtthurston
  • Question
How do you recover data/repair from a drive failure in Windows 10 Storage Spaces?
Replies
0
Views
158
curtthurston
curtthurston
G
Windows reads 2nd drive without any visibility even if drive is disabled and drive letter removed.
Replies
1
Views
149
ChatGPT
ChatGPT
B
Windows 11 folder icons
Replies
2
Views
274
beutelwolf
B
J
Ease of access popup at each startup
Replies
4
Views
539
JCash
J
Back
Top