Macrium Support Forum

"potentially unwanted software"

By BenR29 - 15 September 2023 8:35 AM

Hi, I wanted to actually back up my files, and I did not want my backup software to selectively refuse to back up my files because of "potential unwanted software" detections.  

I need to make Macrium back up my files.  Not /some/ of my files.  ALL of my files.  They are my archives and I don't appreciate software messing with them. 

I can't stand software violating user trust like this.  I have to start over an ~8 hour backup, I sure HOPE macrium at least has an OPTION to back up files regardless of its phony virus scans. 
By JoeA - 15 September 2023 8:47 AM

Hi @BenR29

We do not have any form of anti-virus software built into reflect, can you please post the log file where you are seeing this so we can further look into this?

Please remember to remove the license key from the bottom of the LOG. 

What may be happening if you are running a F&F backup is the VSS can not get a lock on the file due to another process accessing this and this is what is causing the error you are seeing.
By BenR29 - 15 September 2023 8:38 PM

Hello, thank you for your reply.  
I apologize for the exasperated tone of my initial post.  Here are the lines from the log file:  (I had a wall of red text but it turned out it was only two files with the virus problem.)
"   Error Reading:    U:\xxxx\Desktop\New Items\Flash drive contents\PDANet_3.02\PdaNet.KG\PdaNet.KG.exe
Operation did not complete successfully because the file contains a virus or potentially unwanted software.

Error Reading:    U:\xxxx\Downloads\
Operation did not complete successfully because the file contains a virus or potentially unwanted software."

When I first saw this, I was under the impression that my windows defender antivirus was turned off.  I have found that it has turned itself back on, as it is wont to do.  Knowing that windows defender was turned on, I now believe that windows defender was interfering with Macrium's attempt to access the files, and Macrium was probably just relaying a system message.  In my worry I didn't think of this likely scenario and assumed that all errors shown in the log were part of Macrium.  Do you think my theory makes sense? 

I'm going to experiment with it some more tonight.

Thank you.
By dbminter - 15 September 2023 10:09 PM

I would be very wary of that first file listed.  From its name, it sounds like a keygen for software.  Those are often times infected with real bad actors, not potentially unwanted programs.

The Hiren's Boot CD is probably a false positive.  It's been a while since I last examined the Hiren's utilities, but I think one of them was a utility to extract the password from Windows accounts in case you couldn't access your PC.  Defender might be flagging that in the ZIP.

Another thing to take into consideration about Hiren's Boot CD.  It has not been officially updated for 11 years.  It has unofficially been updated by the software community and is currently based on Windows PE called Hiren's Boot CD PE x64.  It currently distributes as an ISO, so you may want to use a more up to date Hiren's Boot CD.

However, I believe you're getting these issues attempting to Verify a file and folder backup.  While it probably won't help with that issue, if you delete those two files from being backed up and create new F&F's, you may be able to mitigate it repeating in the future.

EDIT: Actually, the Hiren's Boot CD flag is most likely a tool that extracts your Windows product key.  I created the PE Hiren's Boot CD and Defender flagged a utility that appears designed to extract the Windows product key.