Windows Defender just Quarantined all my fog clients

  • Hello,

    My fog client (version 0.11.17) on windows machines was detected as Program:Win32/Uwasson.A!ml with windows defender. This is a false positive with the latest definition update.

    Windows defender has quarantined every fog client windows service on my network currently so I get to spend today figuring out how to reverse that for more than a few machines. I guess I’ll start with domain GPOs and see if I can set a do not quarantine list for now but I’ll probably have to reinstall fog everywhere and that means my images all have post install steps now unless I script something or rebuild them.

    Any advice?

  • Moderator

    @bradgillap Thanks for reporting! I have not heard about fog-client being detected by any anti virus program yet. Have done a quick search in the forums and found nothing either. So I don’t have an easy solution for you on this.

    Good you have been able to deploy again and put it on the exclusion list!

  • Just an update.

    I grabbed the latest fogservice client 0.12.0 off github. Set defender to remove quarantines over the next day with a GPO and added it to the exclusion list. Wrote a shutdown script to reinstall the MSI if the fogservice is missing.

    Wrote a conspiracy rant to my team about MS having hurt feelings because we don’t use intune or SCCM. Thousands of different apps and the one app they false flag on us JUST HAPPENS TO BE part of our imaging system. Yeah, ok, MS, sure mm hmm… yep.