Windows Update 25H2 might trigger incorrect alerts in antivirus programs.
Windows Update 25H2 might trigger incorrect alerts in antivirus programs.
I just wanted to let the group know about this. On Wednesday, October 22nd, I powered down my computer to apply updates. It installed the latest 25H2 update. When I restarted it again today, October 24th, I received immediate warnings from my Bitdefender antivirus about suspicious code lines. Checking the Bitdefender logs revealed continuous detection and attempts to clean the process, but since it’s a critical file (WMIC.exe), Windows keeps restarting it, creating an endless loop. I’ve already reported this to Microsoft Tech Support while chatting with them. I’m hoping they’ll resolve it soon. It would be helpful if others in the tech community also noticed this problem.
I had to bring back point for my sister's laptop after some updates, but I don’t know if it was connected at all since I couldn’t use Explorer to fix anything. I just did a restorepoint and put deferred updates in so she could leave on her vacation. It seems her laptop was the last in the family running Norton. It’s odd how she ended up being the first on Windows 11 and the last to ditch Norton.
it’s just frustrating. I explained the issue and they directed me to another “expert” who claims to be reviewing our conversation. They then ask the same questions again, as if they’re repeating what was already answered in prior messages. They sent me to a feedback hub, which seems like the proper place for input, but it’s not functioning correctly—my login fails and I get an error. Interestingly, I left feedback using the same account and password just five minutes before, so the problem isn’t with my credentials. Well, I’ll include the transcript with Clifford as well; he was very courteous.
It seems a harmful command line was sent to WMIC.exe. The tool is likely being exploited by malware, though WMIC itself isn't the threat. Bitdefender has already blocked this behavior. You might want to check the VMIC.exe file on VirusTotal for confirmation.
You haven't noticed anything unusual before, but now you're experiencing alerts right after your update. It might not be malware, but it could be related to the change. Check if other apps behave oddly or if you see any new messages.
Check the VirusTotal page for uploading files to test. They also offer a linkscanner feature that can help. Note that WMIC isn’t recommended for use by Microsoft after 25H2. For more details, refer to the support article. If you're unsure about your system, consider running a full scan with BitDefender.
I have just uploaded it. No threats detected in the file on VirusTotal. Indeed, this makes me concerned since the warnings have vanished suddenly. Could I really have been targeted by malware? How can I resolve and eliminate it when neither Windows Defender nor Bitdefender seems able to find or fix the problem? It would have been helpful if a Windows expert were aware that WMIC.exe is no longer active.
The conversation seemed more like a random cartoon following a set guide rather than a technical discussion. You were directed to a feedback app, and it appears Microsoft may have replaced its WMIC script with AI features in Windows 11. It's unclear if this was intentional or just a workaround for the update changes. For clearer answers, you might ask Windows support directly about the 25H2 update.