On affected devices, Microsoft Defender places thousands of files in the directory: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store

For example, on a test system running Windows 10, version 20H2, there were more than 10,800 objects in this folder. Other users report that in just 24 hours, Microsoft Defender created over 950,000 files, taking up over 30 gigabytes of disk space. Most files are small: 1 or 2 kilobytes.

The error can affect certain operations, such as sync or backup jobs. [...]

The vulnerability, discovered by SentinelOne experts in November last year, was identified as CVE-2021-24092. It also spreads to other Microsoft security products, including Microsoft Endpoint Protection, Microsoft Security Essentials, and Microsoft System Centre Endpoint Protection.

The problem was found in the BTR.sys driver (aka Boot Time Removal Tool), which is used to remove files and registry entries created by [...]

The Microsoft Defender Command Line Tool update now includes a new command line argument -DownloadFile. The directive allows a local user to use the Microsoft Antimalware Service Command Line Utility (MpCmdRun.exe) to download a file from a remote location using a dedicated command.

“Well, you can download a file from the internet using Windows Defender itself. In this example, I was able to download Cobalt Strike beacon [...]

After the release of KB2267602 update and Windows Defender version 1.321.1319.0, users unexpectedly found that Citrix Broker and High Availability Services could not work properly. The BrokerService.exe file is marked as malware (Agent Tesla Trojan) and is sent to quarantine.

“Those wondering when the Microsoft love-in with Citrix might end will be relieved to learn that Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojn”, — speak [...]