Key Takeaways
1. Microsoft Defender mistakenly flagged the legitimate “Microsoft Activation Scripts” (MAS) as malware, causing access issues for users.
2. The problem may stem from network-level issues, such as DNS problems or targeted DNS attacks, rather than a direct error from Microsoft.
3. The warning from Defender is seen as a protective measure against potential malware, not an actual error.
4. Disabling Microsoft Defender to bypass the issue poses significant security risks for users.
5. The situation highlights the challenge of balancing security measures against the potential collateral damage to legitimate tools.
At first glance, this situation seemed to be a typical failure in IT security. Just yesterday, numerous users indicated that Microsoft Defender unexpectedly began preventing access to the original “Microsoft Activation Scripts” (MAS). The error notice, “Trojan:PowerShell/FakeMas.DA!MTB,” implied that Microsoft’s security tool was confusing the authentic open-source utility with one of the numerous malware versions that are out there. Since MAS is a community-driven method for activating Windows and Office instead of being an official Microsoft offering, many quickly thought there was some intentional action—a kind of backdoor blockage.
Investigating the Issue
We believe that this isn’t a mistake from Microsoft’s side but rather an issue at the network level for those affected. A likely reason could be DNS problems or even targeted DNS attacks (known as DNS spoofing). If the domain resolution has been tampered with for these users, trying to reach the supposedly genuine address might actually redirect them to a server that provides a harmful “fake” version. In such a case, the warning from Defender isn’t an error; it’s a genuine, last-minute protective measure. Some websites suggested that temporarily turning off Defender could be a solution, but that would essentially leave users vulnerable to malware or Trojans.
User Reactions
On X.com, Powerm1nt shared the first post regarding this error, noting the situation with Windows 11 Pro aarch64.
The Bigger Picture
Microsoft Defender has blocked the legitimate MAS during this ongoing battle against fake scripts, causing collateral damage in the process.
Source:
Link
Leave a Reply