Skip to main content

Windows 10 bug reportedly cripples built-in antivirus: What to do

(Image credit: Tom's Guide)

UPDATED March 24: There's a way to make sure that this annoying message no longer appears, but you may just want to live with it. See below.

UPDATED March 30: Microsoft has patched this with an out-of-band Windows Update release. Please see below.

Windows Defender, the anti-malware component of Windows 10, is skipping files during security scans for many users for no apparent reason.

According to Bleeping Computer, a number of Windows 10 users report seeing an "Items skipped during scan" message despite not having any file exclusions set up in their Windows Defender preferences.

When users conduct either a Quick Scan or Full Scan, an Action Center notification is sometimes generated saying items were skipped during the scan "due to an exclusion or network scanning settings."

You can assign Windows Defender to skip or exclude certain files on your device during scans. If you don't have any exclusions assigned, though, all your files should be assessed by Defender when you initiate malware scans. But that's not's happening.

BleepingComputer was able to recreate the message while performing malware scans in Windows 10. However, it found discrepancies in which Windows Defender Antimalware Client versions the issue is being reported under. 

Bleeping Computer also said the error isn't impacting all Windows Defender users, even those using the same Windows Defender Engine Version. Guenter Born, a German tech blogger who reported the issue a few days ago, told Bleeping Computer about 20% of his readers said they didn't have the problem, but 80% did. 

This issue may have started with a Windows March patch, released March 10th, 2020. But Microsoft hasn't acknowledged the problem, so what's causing the error and whether its being worked on is unknown.

A Reddit thread discussing the issue began on March 10, as did a couple of threads in the Microsoft user forums

You could roll back Windows 10 to before the March security patches, but we don't recommend that as Microsoft did fix a lot of severe flaws with that update. Instead, you might want to look into using one of the best antivirus programs for your computer until Microsoft resolves the problems with Windows Defender. 

Update: How to stop the messages from appearing

Later on March 23, Born reported , and Bleeping Computer confirmed, that the issue is a result of network scans -- i.e., of files not directly present on the computer, but linked to via the local network -- being disabled in Windows Defender. 

Ironically, Microsoft recommends that network scans be disabled by default. That's because scanning all accessible files on networked devices takes a lot longer and eats up much more processing power than just scanning the system's own drives. 

As one of Born's readers pointed out, you also don't want multiple machines on the same local network scanning each other's files at the same time and slowing down network traffic as a result.

Yet someone preparing updates for the March 2020 Patch Tuesday updates apparently didn't get the memo, which is why Windows Defender suddenly started acting like skipping network scans was a serious issue. It isn't.

If the "items skipped during scan" notification really bothers you, then log in as an administrator, pop open Windows PowerShell, type this:

Set-MpPreference –DisableScanningNetworkFiles 0

... and hit Enter. (That's a zero at the end of the text string, not an "O". The zero disables the disabling, as it were. A "1" would turn the disabling back on.)

Nonetheless, Born recommends that you NOT enable network scanning and instead just learn to live with the "items skipped" notification until Microsoft fixes this minor problem. At least now you know the notification isn't about anything serious.

UPDATE March 30: Microsoft permanently fixed this with an out-of-band security update. The update may affects how AppLocker updates applications, and also may block some computers from booting up if they have SecureBoot enabled. (Many computers ship from the factory with SecureBoot turned on.)