Microsoft Defender flags text file containing ‘This content is no longer available.’ as a severe threat

News
By
published

It identified the text file as Trojan:Win32/Casdet!rfn.

False positive
(Image credit: Shutterstock)

Microsoft Defender, Windows’ built-in antivirus tool, is widely considered robust enough to mean that an average user no longer needs a third-party antivirus or security suite. However, a bug brought to light by Twitter/X user yappy shows that there are times when Microsoft Defender can be extremely overzealous in its attempts to defend your computer.

A false positive can be observed when you type ‘This content is no longer available.’ or ‘This content is no longer available!’ in Notepad and save it as a text file on your PC. When you do so, Microsoft Defender will instantly flag it as a Trojan file and delete it from your system - no matter what file name you use, ostensibly protecting you from a potential 'severe threat.'

Upon first investigation, yappy and some other Tweet/Xers concluded that the cause of the false positive was an SHA-256 collision. However, the astronomical odds against such a clash rung true, as most commenters now agree the headlining text string was used in several previous threats, and thus raises a red flag in the Windows Defender detection engine.

False positive

This time we are sure this alert is a false positive (Image credit: Future)

This head-scratching bug isn’t the first time Microsoft has had issues with its Defender antivirus. Microsoft actually broke it in 2020 with a faulty update, while it patched a serious bug in 2019 that prevented the antivirus app from operating properly. But aside from these missteps, we still consider Microsoft Defender as a pretty good antivirus.

Thankfully, this bug isn’t as serious as those issues, as the text line doesn’t pose any actual threat to Windows 11. Furthermore, if you add other text to it (like changing punctuation or adding an extra space at the end), the false detection goes away. However, in the unlikely event that you must have this exact text string saved on a text file on your computer, you need to exclude the folder where you’re saving it from scans, otherwise, it’ll be gone the moment you hit Ctrl + S.

Hopefully, Microsoft can fix this silly bug soon. This isn’t a threat to the security of Windows 11 and we don't think anyone will want to temporarily disable Microsoft Defender and install another antivirus program waiting for a fix. Meanwhile, Kaspersky has recently become even less attractive as an alternative, as Washington has just sanctioned it.

Jowi Morales
Jowi Morales
Contributing Writer

Jowi Morales is a tech enthusiast with years of experience working in the industry. He’s been writing with several tech publications since 2021, where he’s been interested in tech hardware and consumer electronics.

7 Comments Comment from the forums
  • Colif
    its hardly the first time an AV has had a false positive.
    Not sure why you would expect Defender to be perfect... its not even close.

    I wonder how good it is detecting viruses on ARM. Glad I don't need to find out.
    Reply
  • Giroro
    I think one of my biggest problems with Windows Defender, is the complete lack of user control.
    It doesn't quarantine files, ask you what to do, or ask what kinds of files are ok to delete. It just deletes whatever it wants, whenever it wants. It usually doesn't even notify you.
    If you try to turn it off, it will just turn itself back on again - which suggests Microsoft is making money when it runs. Maybe it's telling Microsoft about every file you have on your computer, so they can sell the data.

    Either way, If you had a key generator for some 30 year old piece of abandoned software archived on your computer, it's definitely been deleted by now. It won't be there when you need it
    Reply
  • Bruce Benson
    Defender removed without warning epg123 which updates windows 8.1 media center tv schedules (yes, still use it). It took the auther of the program months to get Microsoft not to flag it as malware. This looked like Microsoft trying to discourage use of the program by 'mistakenly' flagging it as malware (was not a false positive).

    I've tried to turn off Defender in a windows 10 VM I run a few windows only apps on my Linux Mint PC. It shows it is off but it also shows significant process usage especially on boot up.

    I have little faith in Defender and have generally (attempted to) turned it off on my Windows PCs, but I've grave doubts that it's off and is probably harvesting as much private data as possible.
    Reply
  • Colif
    I just replaced it with BitDefender as I still don't trust it or a lot of the sites I may have to visit to find answers for people here.
    Defender turns off if you replace it, it just resists the action if it doesn't find a replacement there.
    Reply
  • USAFRet
    Colif said:
    I just replaced it with BitDefender as I still don't trust it or a lot of the sites I may have to visit to find answers for people here.
    I had to ditch BitDefender because it would not let me log into my router.
    "expired cert".
    Reply
  • Colif
    USAFRet said:
    I had to ditch BitDefender because it would not let me log into my router.
    "expired cert".
    that is a reasonable reason.
    Reply
  • brewmanz
    The only text file that I know would be flagged is
    X5O!P%@AP
    Reply