Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

Unexpected Yellow Warning Symbol on Windows Defender in Windows 10

/
/
Security

In the latest Windows 10 version and OS build, Windows Defender keeps track of 7 major categories and if any of these categories have a security issue it will warn you of the threat or a problem and display the yellow warning symbol. If you address the issue, the warning symbol will disappear and you will see the green check mark, which means Windows Defender protection is working as expected. In this article, I will focus on the Virus & threat protection category and share some insight on a known issue where Windows Defender displays a warning symbol even when there is no threat or virus on your computer.

Depending on your Windows 10 version, your screen may look slightly different. For example, if you have an earlier version of Windows 10, instead of “Security at a glance”, you may see “Your device is being protected.” at the top of your home page in Windows Defender Security Center. You may also have fewer categories listed in Windows Defender if you haven’t updated Windows 10 to the latest version and OS build. On January 30, 2018 when I wrote the article Configuring Windows Defender Security Center in Windows 10 there were 5 categories. Now in May 2018 there are 7 categories. The following screenshot is from Windows 10 Pro Version 1803 OS Build 17134.48.

Windows Defender Security Center

There are many reasons why you will see the yellow warning symbol on the Windows Defender icon, like the one below. Most of the time when you see a warning symbol it will be a legitimate reason because Windows Defender will report security threats and warnings. Once the problem is addressed, the warning will disappear. However, in the scenario that I am going to share today the warning symbol appears even without a real cause. I will tell you why this happens and how you can get rid of the warning symbol. First, I am going to explain what the automatic sample submission feature is and then describe the scenario so you have a better understanding of what I am talking about.

Windows Defender Security Center

Understanding Automatic Sample Submission

The automatic sample submission option is available under Windows Defender -> Virus & threat protection -> Virus & threat protection settings. If Windows Defender determines that a file has a malware and the automatic sample submission is turned on, it will send the file to Microsoft even if the file has been incorrectly classified as malware. Because I am concerned about security and privacy, I like to leave the automatic sample submission option in Windows Defender turned off. If you are a regular reader of my blog, you probably know that I have always warned people not to send samples of any kind to any vendor (error reports, malware file samples, etc.). Besides other concerns, sample files can include your confidential information and expose your personal information to unauthorized individuals.

Why Do You See the Yellow Warning Symbol?

Here’s the scenario. You turn off either the Cloud-delivered protection or the Automatic sample submission and see the yellow warning symbol (yellow triangle with a black exclamation mark) on Windows Defender icon in the taskbar. Because Cloud-delivered protection is a good thing and provides increased and faster protection, I recommend you turn it on. However, I recommend you tun off the Automatic sample submission. If you turn this feature off, you will see the yellow warning symbol. You may think you have a malware on your computer. You open Windows Defender and see the message in the Virus & threat protection section “Automatic sample submission is off. Your device may be vulnerable.” What I recommend you do is this. Because the warning symbol indicates a security issue, you should click the link highlighted in red below and visit the Virus & threat protection section to find out what the problem is. DO NOT click on the Turn on link.

Windows Defender Security Center

If there is a malware on your computer, Windows Defender will warn you and you can have it quarantined or removed from your computer. However, I see the yellow warning symbol on Windows Defender occasionally, even when there is no malware on my computer. The reason has to do with the Windows feature update, which is explained in the next section. After you understand the effects of Windows 10 feature updates, I will explain how to get rid of the warning symbol.

Effects of Windows 10 Feature Update

At the time of writing, Microsoft rolls out Windows 10 feature updates twice a year. The latest update was Windows 10 April 2018 Update (version 1803), which came 6 months after the Fall Creators Update (version 1709). Windows 10 resets your security and other system customization settings, without your permission, after each Windows 10 feature update. When I say it resets the settings, I am talking about reverting back your personalized settings, such as Windows 10 security settings in Windows Defender, your folder and search options that were configured in Windows File Explorer, desktop background color, it adds unwanted icons to the desktop, overwrites manually installed drivers, changes some of your default programs, and more. If you have documented your personalized settings before the feature update, you can go back and undo what the update did, otherwise you are likely to lose the tweaks to your operating system.

In case of Windows Defender, the feature updates turn on the warning about Cloud-delivered protection and Automatic sample submission, which results in displaying the warning symbol on the Windows Defender icon in the taskbar. These Windows 10 features are not mandatory and you are protected whether you enable or disable them, so the warning makes no sense and is therefore completely bogus.

NOTE: For some upgrade workarounds, you may be interested in Microsoft MVP Greg Carmack’s article on overcoming Windows 10 version update failures listed in the additional reading section at the end of this article.

Getting Rid of the Warning Symbol

Now that you know what causes the warning symbol, let me show you how to get rid of it. Luckily, getting rid of the warning symbol is not very difficult and it only takes a few mouse clicks. Just follow these steps to get rid of the warning symbol.

  1. Click anywhere inside the red box to go to the Virus & threat protection screen.
    Windows Defender Virus & threat protection
  2. On the Virus & threat protection screen click Virus & threat protection settings.
    Windows Defender Security Center
  3. In the Virus & threat protection settings screen, make sure the Real-time protection and the Cloud-delivered protection options are both turned on, but the Automatic sample submission should be turned off. Click the Dismiss link to get rid of the yellow warning symbol. If Windows Defender doesn’t report any malware on your computer then the warning that your device may be vulnerable, because either Cloud-delivered protection or Automatic sample submission has been turned off, can be safely ignored. The submission of sample files can help Microsoft improve their product, but if you decide not to send samples, your computer won’t suddenly become vulnerable. In fact, turning on the Cloud-delivered protection and Automatic sample submission are both optional and despite the warning you are still protected.
    Windows Defender Security Center
  4. As soon as you click Dismiss, the warning symbol will disappear and instead you will see the green check mark indicating your system is now protected. If for some reason you prefer to turn off the Cloud-delivered protection (which you shouldn’t), you can use the same technique and dismiss the warning message because, as I indicated earlier, both of these features are optional and even if you turn one or both of them off, you are still protected by Windows Defender.
    Windows Defender Security Center

You might be wondering why I didn’t tell you to just click Dismiss in step 1 above. You could dismiss the warning in step 1, but if the warning is due to an actual malware then you should take appropriate actions. The screen in step 2 would have told you about any possible malware on your computer. In the absence of malware, the warning symbol is bogus and simply dismissing it will get rid of the yellow symbol. Unfortunately, a Windows 10 feature update in the future will turn on the warning again and you will have to go back and reverse the action to get your green check mark back. Luckily, the regular Windows updates don’t mess with your settings. Until this problem is fixed, you will have to play this cat and mouse game where Windows will turn the warning on and you will go and turn it off. Of course, if you are not concerned about your privacy you can turn on the automatic sample submission to avoid seeing the warning symbol.

Additional Warnings

Once in a while you may see the warning in the Apps and software section. I have been seeing this warning for a long time on Windows 10 computers, both Pro and Enterprise editions. This too is usually a fake warning that says Some apps stopped working. There are no apps that have stopped working. Simply click Dismiss to get rid of the warning and your Windows Defender icon will replace the yellow warning symbol with the green symbol with a check mark indicating your Windows Defender has no problems to report and you are now protected.

To prove to yourself that the warning is meaningless, click the Open Troubleshooter link. You may see something similar to the following screen with one or more options. In my case I have two options to repair something that is not broken at all.

  • Switch to a Microsoft account
  • Reset temporary Internet files location to default

Windows Defender Repair Options

Neither of the two options indicate a problem with some apps that supposedly stopped working so you know you can safely ignore the warning. In situations like these, I click Cancel here and then click Dismiss in the previous screen to get rid of the fake warning symbol.

Yet another warning that you may see is the OneDrive set up warning, like the one below.

Windows Defender OneDrive Warning

If you don’t have a backup system in place and are not using the OneDrive for Business already on your computer then you may want to consider the option to set up Windows 10 OneDrive by clicking the link Set up OneDrive. Backing up data is important and Microsoft’s correctly points out that in case of a ransomware attack having a backup can be very useful. However, if you are using OneDrive for Business or you are not interested in setting one up, then click Dismiss to get rid of the yellow warning symbol.

Summary

Windows Defender in Windows 10 displays a lot of meaningless warnings that can be dismissed. These “fake” warnings are mostly an attempt to get you to send information to Microsoft (through automatic sample submission) or make you sign up for a Microsoft account, both of which can be a potential risk to your privacy and/or security. Security professionals will encourage you to avoid these risks. Even though in the past several years I have yet to see a real threat when Windows Defender displays the yellow warning sign on the Windows Defender icon in the taskbar, I still recommend going into the settings and verifying that there is no malware or real threat before dismissing the warning, just to be on the safe side. Windows Defender is included in Windows 10 and does a decent job to protect your computer from malware. You just need to make sure you don’t fall into traps and make the right decisions to protect your privacy and stay safe.

Additional Reading

Here are a few of the related articles that you may be interested in reading.

Updated: August 10, 2018

Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background.

Copyright © 2018 SeattlePro Enterprises, LLC. All rights reserved.

  • Facebook
  • Twitter
  • Linkedin

4 Comments

  1. I’m getting a yellow alert on ACCOUNT PROTECTION. MSN advice is useless. I’m supposed to link “all my devices” by trying to get a code via phone [they insist they can’t reach my phone]. Trouble is, I have no other devices besides pcs.

  2. As a general rule, the less linking and sharing we do, the more secure we are. Opening ourselves to linking everywhere may be convenient, but increases risk to privacy and security.

  3. This is extremely annoying. It emerges nearly at every power on… Seems that Microsoft badly wants our files… What are they searching?

  4. I did not realise all you had to do was to dismiss the warning in the Virus and Threat Protection section. Appreciate the help!

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar