14 DAY TRIAL // Windows Defender is the built-in antivirus protection that comes with Windows 10, and as recent security tests have shown, it now offers malware detection and removal performance that’s at least in line with the one of third parties.
Needless to say, these massive improvements have convinced lots of people that it’s time to abandon other security software and just stick with Windows Defender, especially because it’s the native solution bundled with the OS.
But some of those running Windows Defender and Citrix apps have recently come across an issue that leads to some files mistakenly being flagged as malicious.
More specifically, a Windows Defender definition update that was shipped earlier this week caused the Windows 10 antivirus to incorrectly detect a series of Citrix services as dangerous and then quarantine them.
“Citrix is aware of a potential issue impacting the Citrix Broker and Citrix HighAvailability services on the Delivery Controllers and Citrix Cloud Connectors respectively with Microsoft Defender installed,” Citrix said in an advisory published on August 13.
The easiest way to determine if you were affected or not is to check the Services console, as the Citrix Broker service would no longer be listed if Windows Defender blocked it. Furthermore, BrokerService.exe should be removed from the program’s installation folder since the file itself has been quarantined by Windows Defender.
There are several ways to fix the whole thing, and what you should know before beginning the repair is that Microsoft has already shipped a new virus definition update that brings things back to normal. In other words, you must be running definition package version 1.321.1341.0, and Citrix recommends users to just force an antivirus update to make sure they are running the latest virus definitions.
To do this, run the following commands in a command prompt window with administrator rights:
cd %ProgramFiles%\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate
- Restore the quarantined files and restart the service
- Repair the broken Citrix installation using an ISO image
- Download Windows Defender and add Citrix exclusions
Out of these options, the first one is obviously the one that’s the easiest to use, as restoring a file that has been quarantined mistakenly is something that doesn’t take more than a few seconds.
To see what files have been quarantined on your device, follow this path:
Windows Security > Virus & threat protection > Protection history > Quarantined items > Select file > Restore
Once you do this, you need to also resume the Citrix services and then add exclusions to make sure everything is working properly. Eventually, just reboot the Citrix Delivery Controller and there you go, things are once up and running.
Windows Defender has evolved to become a full security hub in Windows 10, so it now packs not only the main antivirus engine, but also a series of other security features, like parental controls and system health information.
As far as the antivirus is concerned, it comes with the typical feature package that you can find today in an advanced security product, and this includes not only cloud analysis but also real-time protection and multiple scanning modes that help you detect threats in the locally-stored files.
Windows Defender is enabled by default on all devices where Windows 10 is installed, and it is automatically disabled when third-party protection is deployed. If the third-party product is removed, however, Windows Defender is then re-enabled to make sure your device is always secure.