[solved] How to get around Windows Defender aborting the back-ups

When doing a back-up, a few of my files get flagged by Windows Defender as Potentially Unwanted Software. In my case, I use them for server administration, so they are wanted – but Windows Defender doesn’t know that and blocks access to it. When URBackup encounters a file blocked by Windows Defender, it marks this as an error, and re-starts the back-up from the beginning. The problem is that, even if I am behind the computer when they get blocked, and I immediately click “Alow Threat” – it is already too late. URBackup got its message that the files are blocked, and it has aborted the current back-up; and so there is no other choice but for it to re-start from the beginning. And even if I mark in Windows Defender to allow this “threat”, the next time it comes up is in a new location, and therefore it gets blocked again.

Here is how I worked around this. When the new back-up starts running, I re-create the temporary URBackup directory for the old back-up (i.e. the directory these files were deleted from by Windows Defender)(since urBackup deletes that directory when it re-starts). I then restore the deleted files to that directory – and copy them into the temporary urBackup directory for the currently-running back-up. At that point, I open those files with Notepad. Windows Defender immediately recognizes that they are a threat, and blocks them again – and at this point I go into Windows Defender, and click Allow Threat again. This restores the files to the new urBackup location. Then, to avoid them interfering with the new back-up, I delete them again. At this point, Windows Defender remembers that, these files were deleted from this directory – and next time they recur, they are left alone, allowing the back-up to finish.

It seems that URBackup aborts the back-up after finishing the current directory – so if you have more than one directory flagged by Windows Defender, then you will have to repeat this method every time for one directory more than the last. In other words, after running the process once, you will have one directory with no files blocked. And if other directories have the same “threat”, then they will be allowed as well. But if there is a different threat in another directory, then it will be blocked on the following back-up. However, following this procedure will allow you to un-block files from both directories the next time around, so the third time the back-up will get even farther. And so on.

Unfortunately, this has to be done every time that File Back-up runs on this computer. (not the one-directory-at-a-time, but the final step restoring all files into the new back-up temporary directory, and opening with Notepad). URBackup doesn’t seem to have a way to specify to use the same “Base” temporary directory every time.

p.s. if you wait long enough after opening one file with Notepad, then Windows Defender will scan the entire directory, and delete all files you haven’t allowed through. In this case, the files must be restored before trying to open them. Oddly enough, even though you allow the restoring of the files – next time you try opening them, they get blocked anyways. It seems that they get saved in the “Allowed Threats” list only if you allow them while trying to open them – simply restoring them does not do this.

Try setting Do not fail backups in case of hash mismatches or read errors in advanced on the server.

This did not help. Same thing happened. What’s really annoying is, that the last time it detected a file that cannot be read was on the 16th, but the failure occurred at the end of the backup, on the 20th. At that time, there would be so many back-ups of smaller computers having completed, that this log entry would be gone from the history list. I had to hold back the back-up of smaller computers in order to make sure that this log entry would not drop off at the bottom. And I could not find any setting to show a bigger number of logs in the log list.

However, I found a way to stop Windows Defender from blocking these “Potentially Unwanted” files.

secpol.msc (Local Computer Policy)
Computer Configuration
Administrative Templates
Windows Components
Microsoft Defender Antivirus
Threats
Open the dialog window for: Specify threats upon which default action should not be taken when detected
Enable this policy
At that point, it will show you a list of entries that you can enter.

In order to find what to put onto that list, go into Powershell
Type Get-MpThreatCatalog (preferably pipe this into a text file that can be searched later)
Find the threat ID of the potentially unwanted file.
And, add that ID to the list with a key value of 6 (ignore).

Theoretically this should be a permanent exception that does not require my intervention at every back-up. I just now did this, so won’t find out whether it works for a while; but, I plan to post here if it does not.