Microsoft Defender thinks you created your own Windows PC virus by writing this one line

<div itemprop=”articleBody”>

Microsoft Defender is generally considered to be an excellent anti-malware solution even though it comes as a stock Windows app. Threat detection assessments from AV-Comparatives and AV-TEST have shown that Defender performs well against third-party solutions.

It is not flawless though and from time to time, we get false alarms from it. In the past, Windows security has flagged Office updates as malware, Google Chrome updates as “suspicious,” legitimate URLs and links as viruses, and most recently, Edge was found blocking websites from loading and it was due to a freshly deprecated Defender feature.

Microsoft explained in 2022 how it was improving its ways such that false positives and negatives could be reduced but clearly much more work remains to be done.

A couple of days ago, X user yappy noticed that Defender would flag a text file if one would write the following on it: “This content is no longer available.” As soon as you write this on a TXT file and try to save it, Defender flags it as a severe threat since it thinks it is a Casdet trojan and is described as “Trojan:Win32/Casdet!rfn.”

While the x user first thought it was due to a SHA-256 collision, it looks like the issue is elsewhere. Here’s what Trojan:Win32/Casdet!rfn is according to Microsoft’s official website:

Trojan:Win32/Casdet!rfn

Summary

Microsoft Defender Antivirus detects and removes this threat.

This threat can perform a number of actions of a malicious hacker’s choice on your PC.

Hence the description from Microsoft itself is not particularly useful. Obviously, this is not a major problem as it won’t break Windows like some of these odd and weird bugs do like the Y2K38 superbug. Microsoft should hopefully be able to fix it with updated definitions.

Speaking of updated definitions, Microsoft recently released new images for Windows 11, 10 and Server installations.