LandzDown Forum

Panos,

I am going to throw a wild guess out there about the "1549950 files scanned!" and the long time that it took to do those scans and why "after 3 hours the computer was working so hard" that you ended up turning the computer off.

I noticed that in the graphic that you posted on "July 10, 2021, 11:24:52 AM", the date in that graphic said "30/11/1999" for the "Last Run Time".  I thought that it looked weird at that time but since nobody else said anything about it I thought that it may not be relevant.  But now after all of the subsequent events it seems that it probably was really relevant.

Because neither Windows Defender nor Windows 10 were in existence in 1999 I am guessing that that date caused Windows Defender to do some sort of extraordinary scanning that it would not have otherwise done.  By that I mean that it probably searched every little item in the computer (or perhaps everything dated since 30/11/1999!).  That is probably how it came up with that huge number of "1549950 files scanned" in your post of "July 10, 2021, 12:33:46 PM".

Once Windows Defender had done this major scan my guess is that it did not need to scan every little thing anymore because it brought itself up to date so to speak.  Now, as your last post indicated, it can do the normal usual scan that all of us have usually experienced --- as your post said, "14670 files scanned" taking only "1 minute 58 seconds".  Based on most of the feedback in this thread this number of files and the time it took seem far more normal, and hopefully it will turn out to be that way for you going forward.

As to how that "Last Run Time" got to be "30/11/1999" I have no idea, although it might have had something to do with you deleting your previously scheduled scan.  Possibly the deletion did some sort of date re-setting back to that old date.  (Maybe some of the data in your Task Scheduler "History" tab might offer a clue.)

At any rate my conclusion is that Windows Defender should work much more normally for you now and everything should happen relatively automatically without your intervention, just like it does for the rest of us.

v_v

I am guessing that that date caused Windows Defender to do some sort of extraordinary scanning that it would not have otherwise done.  By that I mean that it probably searched every little item in the computer

I think that is a decent guess, but I don't think that is it - but admittedly, I am working on a couple "guesses" too. I note 1999 is commonly used by BIOS makers as the default date (until the correct date and time is set in the BIOS Setup Menu). Note a totally inaccurate date and time is a common symptom of a weak/failing CMOS battery. The two primary functions of the CMOS battery is to (1) keep the "user changes" to the BIOS firmware default settings "alive" in the CMOS memory and (2) keep the motherboard's RTC (real time clock) "ticking" ("counting" to be more accurate) when the computer is turned off.

If the motherboard's CMOS battery has never been replaced on this older system, I would probably replace it. Typically they are CR2032 wafer or "coin" batteries, found at nearly every battery counter.

While I agree it "appears" Microsoft Defender (Windows Defender is its old name) did a deep scan, the screen shot says "Quick".

Also I just counted every file on my computer by opening an elevated cmd prompt, moving back to the root on the disk (cd .. until I got C:\> on the command line) on this system, and entering dir *.* /s. That lists every file and folder in that root directory and then the /s forces it to list every file in every subfolder on that drive too. In other words, every file on the disk. Even with a fast SSD, it took several minutes to list all the files on my boot drive.

And still I only(?) had 589,368 files on C drive. I did the same on my secondary drive and it only showed 13,485 files. That's 1/3 of the 1.5 million files you first displayed. Checking the other computers here, and all had fewer files than this, my primary computer.

Now why do I show ~600,000 on the disks but Defender only scanned 46,000? That's easy. Security programs, including Microsoft Defender know that only certain type of files are used by the bad guys. These typically are files that can be "run", otherwise known as "executables". This list is not all inclusive but gives you a pretty good idea of the most common file types used by bad guys to insert their malicious code.

By not scanning every single file on your disk, scans not only take up much less time, they also bog down our systems much less, and (especially for mechanical drives) result in much less wear and tear on the drives. Note since scans are "read" actions (not "write") the wear on SSDs is negligible.

I really hope this is true.

It is. EACH and EVERY file downloaded and saved on our systems ARE scanned on the way in by the real-time scanner. Every time a file is modified and saved to disk, it is scanned. Plus, when you call up any file, including one of those obscure file types, the real-time scanner looks for "suspicious" activity and will halt that activity if something fishy is detected.

Last but not least, regardless your primary scanner of choice, everyone should have a secondary scanner on hand for "on-demand" or supplemental scanning just to make sure we (users and ALWAYS weakest link in security) or our primary scanner didn't let something slip by. In other words, "for peace of mind" and I use and recommend Malwarebytes for that.

FTR, Malwarebytes has never, not once found anything malicious on any of my systems here going back to Windows 7 in 2009 with Microsoft Security Essentials (the W7 version of Windows Defender), through W8 and now with W10 and Microsoft Defender. That's a pretty good track record, if you ask me considering 2 of my computers are regularly used by guests, including several ("it can never happen to me") teenaged grandkids.

The only thing Malwarebytes has ever found on any of my systems are a couple "wanted" PUPs (potentially unwanted programs).

So keep your OS and your security programs current and don't be "click-happy" on unsolicited links, then chill. Odds of getting infected are very very slim.

Is it possible you can still be infected? Of course! It is possible Fort Knox might be robbed too. How? One of the guards opens the front door and invites the bad guys in. Or, a super-duper professional targets it specifically and manages to exploit some "unknown to everyone else" vulnerability.

The difference here is Fort Knox doesn't have backup copies of all the gold. But you, of course, have multiple current backup copies of all your data, including at least one copy maintained "off-site"! Right?

Let me add my thoughts on the above.

1. The Virus & Threat Protection board shows two things:

• When the last WD scan took place.
• When the last WD updates took place

2. From what I saw until now, the updates are daily, but the scan is probably set by default once a week.

3. The Task Scheduler may show the mentioned errors every day. When those errors are present in the Task Scheduler, there is no change in the Virus & Threat Protection board for the latest WD scan. So the errors regarding the scan are real errors.

4. When a week passes from the last WD update, it's time for the new scan to take place. So, no errors in the Task Scheduler anymore and the latest scan in the Virus & Protection board changes and gets updated.

I will watch WD's behaviour for a week more to see if the above apply to it. I don't doubt that everything is OK, but I want to know how my antivirus behaves. Not just say that it works. How it works? When the scan is taking place? Why those errors are present and when?

That's all for now. 

It seems that the default scan is not weekly!

This is my today's screenshots where everything continues to be fine:

Panos,

In my last post I wrote

However my overall view and conclusion on the situation was simply that Windows Defender is doing its job, I occasionally get notifications from Windows Defender indicating that 'the scan were completed successfully and no problems were found', and thus I had nothing to be concerned about regardless of the "code 0x2" error.  To me it just seems to be one of the ways that Windows Defender goes about doing its tasks and recording the results, especially since it is constantly doing these tasks in the background.

If as you wrote,

I don't doubt that everything is OK, but I want to know how my antivirus behaves. Not just say that it works. How it works? When the scan is taking place? Why those errors are present and when?

perhaps you might want to write to Microsoft for more details!  (Smile)

Digerati/Bill indicated that "The default scan is weekly" and despite what you experienced that may still be the case.  My understanding is that Windows Defender (WD) is constantly 'watching' things but 'watching' is not the same thing as 'scanning'.  It is quite possible that any behavior or experience that any of us may have could trigger off a 'scan' because WD was watching and decided that the circumstances presented a situation where a scan would be advisable.  There are probably a bunch of rules that would say something like "if this, then do that."  So again the best source for that would be the Microsoft programmers---and good luck with that!


[I see that Digerati/Bill has beat me to the punch again.  So I will repeat the two words and short sentence from his earlier post:  ". . . then chill. Odds of getting infected are very very slim."  To repeat from his most recent post this time, "In any case, I still would not worry about it - especially when no threats are found."]

So to me the point would be that the pursuit of knowledge about how WD works is laudable, but perhaps it is not worth the effort because only the programmers at Microsoft will know all the rules that they have set up.  Such a pursuit would then be more of a distraction from other more significant matters in life!

v_v