Jump to content
CCleaner Community Forums
SPD

Windows Defender reports CCleaner as "Potentially unwanted app" [fix pending]

Recommended Posts

Just updated Windows Defender security file and now I get

image.png.cbc02b84fc94a1b720eee8061df81198.png

 

If I try and install a new version I can download but running the installer gives:

image.png.3c4e0e2c5879fd14225036f283b210be.png

Share this post


Link to post
Share on other sites

Windows Defender was having a few false positives with a version of the definition files released this morning. Have Windows Defender update to see if it's still detecting the file.

Share this post


Link to post
Share on other sites

Windows Defender only marks the "Standard installer" version as a PUA, probably because of the additional software offered during installation.

If the file is still marked after a Windows Defender update, you can also download and install the "Slim" version of CCleaner from the builds page:

https://www.ccleaner.com/ccleaner/builds

Share this post


Link to post
Share on other sites
5 hours ago, Andavari said:

Windows Defender was having a few false positives with a version of the definition files released this morning. Have Windows Defender update to see if it's still detecting the file.

 

Just updated to KB2267602 (Version 1.321.98.0) but problem still exists.

Share this post


Link to post
Share on other sites

As of this morning  ALL piriform software is now being reported by Windows Defender & Vipre as being infected.

Not just ccleaner but  defragger, recuva, and speccy  are being removed due to confirmed viruses.

Ccleaner-5.69.7865
Defraggler-2.22.33.995
Recuva-1.53.1087
Speccy-1.32.26.740

Share this post


Link to post
Share on other sites
3 hours ago, APMichael said:

Windows Defender only marks the "Standard installer" version as a PUA

Indeed.  The paid versions and slim builds are not a problem.  At this point it would seem that Microsoft is not flagging CCleaner, as such, but the presence of an offer for a browser that competes with Edge.

1 hour ago, CynysterMind said:

confirmed viruses

Absolutely not a virus - unfortunately most Windows Defender users will not be able to tell the difference 😞

Share this post


Link to post
Share on other sites

@SPD: May I ask which edition of Windows 10 you were running?  It should show in the top bar of CCleaner - for example, mine is Windows 10 Enterprise:

image.png

Share this post


Link to post
Share on other sites
Posted (edited)
9 hours ago, Dave CCleaner said:

Should be fixed now for the standard CCleaner free installer download available from https://www.ccleaner.com/ccleaner/download/standard - let us know how you go.

The stand-alone Defraggler, Recuva and Speccy may still ping Defender for the time being.

 

The new CCleaner CCsetup569.exe (26,951,680 bytes instead of the previous 28,065,792 bytes) installs and runs but still appears on Windows Defender.

image.png.0611321a889b54ba1b17b41336c7f7ea.png

 

Here's the Windows version:

image.png.d8536b0f366ba282ca3e8629ee9be76d.png

 

 

Edited by SPD

Share this post


Link to post
Share on other sites

Can Confirm that this morning fresh downloads of ccleaner, defraggler, speccy, & recuva still show as potentially unwanted.

Capture.JPG

Share this post


Link to post
Share on other sites

I can't get Defender to complain at all.

Just download both Slim and Standard installers from the builds page and then installed them one after the other.
Not a peep out of Windows Defender.

Did a Right Click 'Scan with Microsoft Defender' of each installer, both showed '0 threats found'.

Tried the Standard wepage free download, again no peep from Defender.

Windows 10 2004.
Defender update version 1.321.144.0 (Updated earlier today).

Share this post


Link to post
Share on other sites
Posted (edited)

Concur w/ @nukecad that this is odd because I'm running Windows 10 Pro and *not* seeing issues from Windows Defender. Also on 64-bit OS.

When was the last time you updated your Windows Defender?

 

Edition Windows 10 Pro

Version 1909

OS build 18363.959

 

-=-=-

 

Security intelligence version: 1.321.196.0

Version created on : 30-July-20 04:59

 

Edited by inFINite
Saw @Nukecad had the same response as me 6 minutes earlier :-)

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites
On 29/07/2020 at 07:29, Dave CCleaner said:

Indeed.  The paid versions and slim builds are not a problem.  At this point it would seem that Microsoft is not flagging CCleaner, as such, but the presence of an offer for a browser that competes with Edge....

 

Microsoft has updated the description of the PUA:Win32/CCleaner detection at https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/CCleaner&ThreatID=277099 and they now confirm that the installer will be flagged by Windows Defender as a PUA/PUP (potentially unwanted application/program) if the installer is bundled with unnecessary software (e.g., Avast Free Antivirus, AVG Antivirus Free, etc.).

Quote

Summary

Certain installers for free and 14-day trial versions of CCleaner come with bundled applications, including applications that are not required by CCleaner or produced by the same publisher Piriform. While the bundled applications themselves are legitimate, bundling of software, especially products from other providers, can result in unexpected software activity that can negatively impact user experiences. To protect Windows users, Microsoft Defender Antivirus detects CCleaner installers that exhibit this behavior as potentially unwanted applications (PUA). ...

 

Kudos to bjm_ for posting about this updated description of the PUA:Win32/CCleaner detection <here> in the Norton Tech Outpost board.
-------------
64-bit Win 10 Pro v1909 build 18363.900 * Windows Defender v4.18.2006.10 * Firefox ESR v68.11.0 * CCleaner Free Portable v5.69.7865

Share this post


Link to post
Share on other sites

Defender update KB2267602 (Version 1.321.214.0) applied.

Downloaded ccsetup569.exe (both 26,951,680 bytes and 26,955,776 bytes versions) and Defender no longer flags when I run a scan.

I just have two historical warnings I can't seem to remove.

Share this post


Link to post
Share on other sites
25 minutes ago, SPD said:

Defender update KB2267602 (Version 1.321.214.0) applied.

Downloaded ccsetup569.exe (both 26,951,680 bytes and 26,955,776 bytes versions) and Defender no longer flags when I run a scan.

I just have two historical warnings I can't seem to remove.

 

It is my understanding that Defender will purge the protection history 30 days after an entry is made -- at least that's what several Microsoft documents state.  Keep in mind that Windows 10 changes a lot so who knows if that timetable is still accurate.  A Google search also turns up a few ways to clear the entries by manually deleting folders in the Event Viewer but the results are not consistent.  I'd wait it out.  

Share this post


Link to post
Share on other sites
1 hour ago, SPD said:

I just have two historical warnings I can't seem to remove.


I'm not sure if running Custom Clean with Windows Defender selected would remove them? (OR - Applications tab, right click on Windows Defender and select clean).

I do know that if you do clean that then Defender thinks that it has never scanned your machine.
Mine resets back to last scan in Sept 2018 if I do that.
image.png

Share this post


Link to post
Share on other sites
11 hours ago, lmacri said:

Microsoft has updated the description of the PUA:Win32/CCleaner detection at https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/CCleaner&ThreatID=277099

That article seems to have been written in haste and is riddled with errors.  Aside from calling us CCcleaner (with 3 "c"s 😉 ) they have a screenshot of an Avast offer with a checkbox that was discontinued back in October of last year in favour of the transparent accept/decline on a separate page:

image.png

They have the correct screenshot of the AVG offer in the Technical Information section (same layout as above with two separate accept/decline buttons) but caption it referring to a "preselection" which would also suggest a lack of proofreading.  We've reached out to Microsoft suggesting that they might want to check their homework.

Their description of the Chrome precheck is accurate.  It's been that way since 2010 and most people are used to it by now, but as mentioned in previous posts here it has been on our "to-do" list for a while to try and get that into the same accept/decline presentation as well.

Share this post


Link to post
Share on other sites

I tried a Custom Scan, Full Scan and Offline Scan but it won't clear out the history.  I guess I'll wait for the 30 days and see if that clears it up.

 

 

Share this post


Link to post
Share on other sites

I wasn't suggesting a scan in Defender - I was meaning a clean of Defender using CCleaner.

Share this post


Link to post
Share on other sites
On 31/07/2020 at 00:03, Dave CCleaner said:

...Their description of the Chrome precheck is accurate.  It's been that way since 2010 and most people are used to it by now, but as mentioned in previous posts here it has been on our "to-do" list for a while to try and get that into the same accept/decline presentation as well.

 

Hi Dave CCleaner:

Sorry, but I have to take issue with that comment.  I might be "used to" Avast pre-checking check boxes in their installers to install bundled software but I'm not happy about it, and I'm not sure why bundled Google products like the Chrome browser are the exception unless your third-party partnership agreement stipulates that Avast won't be paid a commission unless the check box for the Google product is pre-checked.  Customers are still smarting from the latest fiasco that forced Avast to disband their Jumpshot subsidiary in January 2020 (see the PC World article Update: Avast Kills Jumpshot Data-Collection Business After Privacy Concerns Mount as well as Reuter's Avast Pulls Plug on Jumpshot After Data Privacy Scandal) and were hoping these questionable business practices would be a thing of the past.

Perhaps it's a good thing that Microsoft started flagging Avast / Piriform installers bundled with bloatware as PUAs if this serves as an incentive for Avast to finally finish their 10-year-old "to-do" list.
-------------
64-bit Win 10 Pro v1909 build 18363.900 * Windows Defender v4.18.2006.10 * Firefox ESR v68.11.0 * CCleaner Free Portable v5.69.7865

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...