While installing the Windows 11 Dev update to build 22610 today, Windows Defender arrested "Severe" malware, an actively running process, not just an inactive file. The update errored with 0xc190011f at the same time, so 22610 wasn't installed. The only recent downloads I have were never run. 22598 is plenty new, so unpatched vulnerabilities in the existing build shouldn't be why it became infected. Only a blank pen drive was connected recently. The Chromium browser was recently updated, so it wasn't an exploit through an outdated browser.
The error code is 0xc190011f and the Windows Defender detection is
Behavior:Win32/Powessere.SA
behavior: pid:2340:209678432966826
process: pid:2340,ProcessStart:132957367597465384
I performed a Quick Scan and Offline Scan with Windows Defender, updated Emsisoft Emergency Kit and used it to scan from the Recovery Environment, used SFC and DISM, performed a Full Scan, deleted Software Distribution, made a System Image Backup, and installed the 22610 update again. Threats found. At 5%, the Windows Defender notification appeared and the 0xc190011f error code in Windows Update. This was reproduced 4 times in total, quicker when retrying without having deleted Software Distribution.
Feedback Hub link with screenshots, video recording, and diagnostics: https://aka.ms/AAgsen0
Note that screenshots and other attachments are only visible to Microsoft.
Microsoft Support refused this issue because the operating system is currently under development, as if that makes it any more acceptable to distribute malware through Windows Update. It doesn't matter that it's under development, having a "Severely" malicious update for download is intolerable.
If it's completely unknown how to solve the "Severe" Behavior:Win32/Powessere.SA while downloading build 22610 because it's so new, then it's not that difficult to simply pull 22610 from being available for download. I know this is the wrong place to post this, but this is where Microsoft Support said to.
I know it's not supported, but not providing Behavior:Win32/Powessere.SA has to be maintained at all times. Preview builds being unsupported translating to it being acceptable to distribute Behavior:Win32/Powessere.SA is as if the Windows Defender team saying they don't need to maintain their antivirus signatures because none of the malware is their own and therefore not their responsibility to support.
Microsoft Support said "The Windows Insider forum is a peer to peer group of volunteers that are testing future beta releases of Windows 10 and as it is beta software Microsoft offers no support to Insiders who voluntarily download and test these beta builds."
Translation: The Windows Insider forum is a peer to peer group of volunteers that are downloading malicious beta releases of Windows 11 and as it is beta software Microsoft offers no assurance to Insiders who voluntarily download and test these beta builds that they aren't infected with malware.
Microsoft Support also said "When you first joined the Insiders you should have read the Terms of Service and Code of Conduct prior to joining." I did though, nothing in the agreement makes it any more acceptable to provide Behavior:Win32/Powessere.SA no matter how buggy the builds may have to be.
"There are many very qualified Insiders who use this forum who should be able to help you."
I myself do spend a highly significant amount of time each day assisting others, and did for myself, but the root issue can only be solved by Microsoft by pulling the 22610 download or confirming the Windows Defender detection is a false positive.
"Pease take your concern to Windows Insider forums"
At the same time, "The Windows Insider forum is a peer to peer group of volunteers"
Only Microsoft is responsible for hosting the download.
If Microsoft is to provide severely malicious Behavior:Win32/Powessere.SA infected updates of Windows 11, that's not secure anyway, so if security is out the window even with the latest, why don't I just revert to using Windows 7, the best Windows ever, which is by far the finest ever produced?
