Windows Now Reporting NextDNS as Virus

Heads Up to everyone; seeing lots of activity in the bug report section--I believe this is the cause of a lot of bug reports about NextDNS not working: With the latest Windows Update, Microsoft--in their infinite wisdom--has decided that the NextDNS service is a Trojan and Quarantines it. This breaks NextDNS on Windows because it stops/quarantines the NextDNS service. I am very curious why Microsoft believes this program executes remote commands. I have not seen the source code for NextDNS, I will trust that it does not remotely execute code. I believe this is a way of breaking private DNS lookups on Windows so that Microsoft can collect more telemetry data. An employee of NextDNS needs to work with Microsoft to get this resolved or else this problem will only grow as more people update Windows.

5replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • You can not allow it to run ether. Windows Defender only displays the Remove or Quarantine actions--not Allow.

  • Just saw the post under "NextDNS detected by Kaspersky" bug report where the user reported it to Microsoft as a false positive and Microsoft gave the commands to run to clear out and update the signature cache. Reposting it here. Emir reported the NextDNS installer, I wonder if that will clear the false positive of the NextDNS service as well?

  • I submitted the NextDNS service exe to Microsoft, they removed the detection of malware in the NextDNS service; follow below commands to obtain latest malware definitions. Hopefully this will fix it.

    Like 1
  • Got the same AV detection today when installing the CLI version. I had to add an exception to Defender to allow nextdns.exe. I was going to use the CLI installation in a script to roll out to a fleet of laptops. There goes that idea...

Like Follow
  • 2 wk agoLast active
  • 5Replies
  • 143Views
  • 3 Following