PDM:Trojan.Win32.Generic - msmpeng.exe

[CronoK]

Hello,

wanted to uninstall Kaspersky Internet Security yesterday because it was no longer working as it should (description follows). During the uninstallation routine (started via "Settings -> Apps -> Uninstall"), a virus message from Kaspersky came up in the last phase before deleting the program shortcuts. Exactly when Windows registered that the current virus protection (Kaspersky) was switched off and none is currently active. The Windows Virus and Threat Protection then usually only starts after a restart of windows. I think this is normal behavior.

 

PDM:Trojan.Win32.Generic was found in the msmpeng.exe file (Picture 1-3).

Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0

 

After the restart, Windows Defender also did not turn on and could not be repaired with "sfc /scannow" (Picture 4-5).

 

With a backup I was able to reproduce the behavior once. After that, with the same backups and the identical procedure, the virus message no longer existed. As far as I know, the file belongs to Windows Defender. I checked the file again with Kaspersky, Malwarebytes and Virustotal. No viruses/trojans were found (Picture 6).

Previously, Kaspersky had behaved differently than usual. Pages were no longer loaded in the secure browser and then it could no longer be started (Picture 7). Furthermore, it was not possible to establish a connection to the KSN for checking the file reputation for certain files (Picture 8).

I then installed other backups where the secure browser and KSN verification worked. Here, too, the deinstallation of KIS ran again without a virus message.

I have saved the affected file. I no longer have logs because of uninstalling KIS and installing backups. I can't reproduce it at the moment either. Malwarebytes is also running (I know - it's not recommended) and didn't find anything.

 

System:

Windows 10, 22H2 Build 19045.2251

Kaspersky Internet Security 21.3.10.391 (j)

Malwarebytes 4.5.18

 

 

False positive? Can I upload the file for investigation here? How can I be helped regarding analysis?