G
Guest
What follows arises from a particular problem that Defender has with the AOL
driver ATWPKT2.sys on my system, but I suspect the solution will be
applicable to many similar issues.
Here's the history of my quest:
1. When I started using Defender I had the two 'Advanced options' boxes
unchecked (see Tools -> 'options' and scroll down). Every time I started AOL,
Defender objected to the behaviour of ATWPKT2.sys, reported it in the history
log, and created a defender checkpoint in System Restore. This led to an
excessive number of checkpoints, which I disliked intensely. For a while, I
switched Real Time Protection off to stop this activity. (There's a registry
edit to stop it, but I don't consider myself competent to edit the registry.)
2. When I felt brave enough to experiment, I switched RTP back on and ticked
the two 'advanced options' boxes under 'options'. From this point on I
received pop up notifications of the ATWPKT2 driver every time I started AOL
(which I ignored) but now there were no entries for these events in the
history log, and more importantly, the proliferation of defender checkpoints
stopped.
3. This was fine - but how nice it would be to be able to tell Defender not
to worry about ATWPKT2. On a previous occasion I'd tried including it in the
'Do not scan these files or locations' box, but it had made no difference.
(I'd assumed this was because checking behaviour of programs in RTP is not
the same as performing a scan.) Well, I've now tried this again, and
discovered that I was wrong - it DOES make a difference. I've added the full
file path to the box, and now when I start AOL there are no spurious pop-up
notifications; no false entries in the history log; and no spurious defender
checkpoints in system restore.
Why does it work now and not before? Well, maybe I made a mistake when I
tried it before (I've learned a lot since then). Or maybe this is another of
those complex and illogical interactions that seem to occur between false
alerts, the selections we make in the options boxes, and the creation of
checkpoints.
But to anyone out there who is getting false alerts with a known 'safe'
program, try the combination I've outlined above, i.e.:
1. Tick the two 'Advanced options' boxes
2. Add the (full path of the) offending program to the 'Do not scan these
files or locations' box (Click the Add button, then browse to the program in
question.)
You may now discover (as I have) that Defender now runs silently in the
background as it's supposed to, with no false alerts in history, no false
pop-up notifications, and no proliferation of checkpoints.
driver ATWPKT2.sys on my system, but I suspect the solution will be
applicable to many similar issues.
Here's the history of my quest:
1. When I started using Defender I had the two 'Advanced options' boxes
unchecked (see Tools -> 'options' and scroll down). Every time I started AOL,
Defender objected to the behaviour of ATWPKT2.sys, reported it in the history
log, and created a defender checkpoint in System Restore. This led to an
excessive number of checkpoints, which I disliked intensely. For a while, I
switched Real Time Protection off to stop this activity. (There's a registry
edit to stop it, but I don't consider myself competent to edit the registry.)
2. When I felt brave enough to experiment, I switched RTP back on and ticked
the two 'advanced options' boxes under 'options'. From this point on I
received pop up notifications of the ATWPKT2 driver every time I started AOL
(which I ignored) but now there were no entries for these events in the
history log, and more importantly, the proliferation of defender checkpoints
stopped.
3. This was fine - but how nice it would be to be able to tell Defender not
to worry about ATWPKT2. On a previous occasion I'd tried including it in the
'Do not scan these files or locations' box, but it had made no difference.
(I'd assumed this was because checking behaviour of programs in RTP is not
the same as performing a scan.) Well, I've now tried this again, and
discovered that I was wrong - it DOES make a difference. I've added the full
file path to the box, and now when I start AOL there are no spurious pop-up
notifications; no false entries in the history log; and no spurious defender
checkpoints in system restore.
Why does it work now and not before? Well, maybe I made a mistake when I
tried it before (I've learned a lot since then). Or maybe this is another of
those complex and illogical interactions that seem to occur between false
alerts, the selections we make in the options boxes, and the creation of
checkpoints.
But to anyone out there who is getting false alerts with a known 'safe'
program, try the combination I've outlined above, i.e.:
1. Tick the two 'Advanced options' boxes
2. Add the (full path of the) offending program to the 'Do not scan these
files or locations' box (Click the Add button, then browse to the program in
question.)
You may now discover (as I have) that Defender now runs silently in the
background as it's supposed to, with no false alerts in history, no false
pop-up notifications, and no proliferation of checkpoints.