Is the Trojan:Win32/BlockMsav.A!reg threat dangerous? In some cases yes, but if you blocked Windows Defender (msmpeng.exe) with GlassWire then it’s most likely a false positive.
To solve the issue, unblock msmpeng.exe as shown below (search for Antimalware and it will appear). If you click the icon next to its name it will show the app name as msmpeng.exe.
We white list Windows Defender to avoid this scenario but it appears Microsoft recently updated the publisher that signs Windows Defender so GlassWire could not recognize the executable.
Our next update will solve the issue by white listing the newly signed Windows Defender msmpeng.exe.
If you are not using GlassWire and you found this page from the web then perhaps Windows Firewall is probably blocking Windows Defender. You should go to Windows Firewall and choose “restore defaults” then reboot and see if the error goes away.
It’s also possible in some cases (especially if you are not running GlassWire) you may legitimately have this malware and you should do as Windows Defender suggests to solve the problem.
any eta on this fix?
i do have the antimalware executable allowed in glasswire (it even has a little shield to the left of it.
however defender keeps picking up the msav.A! alert been like thsi for over a year… when is this going to be fixed?
This is a new issue that just appeared recently due to a change with how Microsoft signs Windows Defender.
We had this happen once before in 2018 and it was quickly fixed February 13, 2018. If you have this issue from 2018 then I’d suggest waiting until our next update that we’ll post in the forum.
Once the update is available please uninstall GlassWire in add/remove programs, then go to Windows Firewall and choose “restore defaults”. Now reboot.
Then reinstall GlassWire with its “reset firewall” option checked. If you continue to have that error after all that then it’s not related to GlassWire at all.
After receiving notifications about this threat detection consistently after reboot for months, I uninstalled GlassWire 2.1. Over several reboots, scans came up clean.
I then followed @Ken_GlassWire’s instructions to restore Windows Firewall defaults, reboot, and install GlassWire 2.2 (with the option to restore Windows Firewall defaults during installation). Immediately upon installation, scans resumed notifying me that this threat was detected again.
I really like GlassWire, but I cannot tolerate these false positives.
Could you show a screenshot of any malware related apps blocked by GlassWire, then click its icon and show the file name and location.
Then a screenshot of the AV threat alert. You can email them so it’s private if you want, but posting it here is fine also.
We white list the Windows Defender files so this shouldn’t happen unless they just changed something recently with an update? However I’m running the update myself and nobody else has reported this so I’m trying to understand how it’s possible for you to get this false positive.
For anyone still getting false positive notifications about this threat, it may not be enough to restore Windows Firewall defaults. In addition, I needed to do a “Clean Install (Clear Data & Settings)” when reinstalling GlassWire.
