MS Windows Defender is generally good (I actually prefer it and preferred its SecurityEssentials predecessor to all the other antiviruses) but seems really notorious in removing non-virus "threats". It also removes NirSoft (and some Sysinternals IIRC) utilities regularly. Yesterday, trying to download the recent version of LibreOffice, I have even found found out I have no qBitTorrent installed any more - it killed it also. I really wish I could just put a regex filter to bulk-allow some classes of "threats" ("HackTool:" and "PUA:") permanently.
I don't know if my installation is broken, but I haven't had Defender remove what I thought was a legitimate binary since I first installed Windows 10. Literally not one single time on half a dozen installations.
FWIW I installed and ran qBitTorrent recently and it didn't complain.
> I haven't had Defender remove what I thought was a legitimate binary
Probably because you are closer to a "typical" kind of user who doesn't use "hack tools" (which some people like me use for absolutely legal and benevolent purposes "hacking" their own PC, e.g. to backup the passwords and e-mail records saved on it). By the way it also is very important to distinguish between a legitimate hack tool and an infected hack tool and I am not sure they do.
> I installed and ran qBitTorrent recently and it didn't complain.
They just added a slightly old version to their threats database and didn't add the most recent version there yet.
I just checked, perhaps the fact that I have "reputation-based" blocking always disabled helps, which seems to avoid that kind of false positive. I am not a fan of my OS phoning home to check every single executable I run. Either it's in the virus database, or I'm tech-savvy enough not to run any .exe I receive via e-mail.
I didn't even know there is such a "reputation" option. Today Windows configuration windows are way harder to find anything (what you don't already know is there/where) in than they used to be even in Windows 7, let alone XP (where everything was way more intuitive and easy to discover). As for submitting the files to Microsoft - I believe I have disabled that but in the today context I can't be sure it didn't get enabled on itself.
I disagree that it is good. It was good. But now it is indistinguishable from a malware. It regularly takes 100% CPU, it prevents many of my own apps from running, and if you switch off real-time protection it switches itself back on like any respectable rootkit.
