Why are my MKV videos from Pahe now flagged in Windows Defender (Win 10) with a 'Security Warning'? - eviltoast

I just tried opening a video I had gotten from Pahe many years ago, from an external USB drive, and have now gotten a Windows Security warning, ‘Do you want to open this file?’ (see top part of attached image)

I moved the file to another folder and renamed it from the original title (it was an episode of ‘The Blacklist’) to 'Movie.mkv and still get the warning. All files in the folder (22 of them) give this warning, plus some other videos I got from Pahe in the past. Clicking the checkbox ‘always ask before opening this file’ does not keep other files in the same folder from also showing the warning. I tried changing the default video player to PotPlayer, same warning comes up.

The only thing I can think of is that in the metadata of the file (bottom part of image), under ‘Encoded By’, it shows a URL, ‘pahe (DOT) in and pahe (DOT) li’

Is there any way this could actually be a security issue? If not, is there a way to ‘green light’ my MKV files on my local drives?

Thanks in advance

  • Onihikage@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I suspect what you really did by removing the global tags was change the file’s hash to something brand new so it was no longer on Defender’s list of suspicious files. Try removing different aspects of the MKV or add a random text file as an extra subtitle and see if any of those MKVs are also flagged; they probably won’t be.

    • IverCoder@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      If it’s this, it’s likely that the MKV file OP had just happened to hash-collide with a different known malware and caused Defender to recognize it.