The Spurious "Actions Needed" Caution Triangle Overlay on Windows Security SysTray Icon

[britechguy]

I think this particular thing deserves a topic of its own, particularly since it does not appear to be linked to or limited to Windows 11 on unsupported hardware (although my own installation is).

Even after doing a Windows Security Offline Scan, which of course came back clean, this spurious warning overlay persists. I just got one of the Notification Center messages I have set up in Windows Security that keeps you up to date on scan results, and it reported that my machine has been scanned 3 times with no issues found.

You'd really think this is something that Microsoft would rush to fix. Allowing users to get inured to visual cues that should trigger action, but now likely won't for a very great many (and forever hence), is just not a good idea. Although I cannot guarantee it, I really do have to believe that this is an easy fix that could go out on any random Patch Tuesday.

 

[nlinecomputers]

Maybe it’s just stuck? Have you tried doing something that would cause the alert icon to be valid, such as disabling Windows Defender? Reboot, re-enable Defender and see if it goes away?

 

[Philippe]

You'd really think this is something that Microsoft would rush to fix. Allowing users to get inured to visual cues that should trigger action, but now likely won't for a very great many (and forever hence), is just not a good idea.

ah, ah the same MS who's hidding the defender icon from the notification area

 

[GTP]

Have you checked to see if "Core Isolation" is working or reporting issues?
I had this issue after installing software for a USB TV Tuner where the driver was causing this caution overlay to appear and persist till I removed the software.

 

[britechguy]

Well, the issue started when I downloaded an installer, but even before I installed. And there is nothing whatsoever in the scan results that allows me to identify what it is that triggered it, nor to just dismiss it (even though there is a Dismiss link).

This is a bug, that's for sure.

And how do you check to see if Core Isolation is working or reporting issues? I honestly have no idea.

 

[GTP]

 

[britechguy]

I have a green check for Device Security, but when I drill down and try to turn on Memory Integrity, this is the result:



I have no idea why this would have any influence on that Windows Security Icon Overlay when in Windows Security itself it's saying everything's fine. And if you go to the Microsoft page about resolving driver issues to enable Memory Integrity, it says this: Microsoft does not recommend that you delete drivers to attempt to restore this setting.

Since all was well, and this was not even checked, under Windows 10 I don't feel compelled to try to get it turned on under Windows 11.

 

[britechguy]

Addendum: Since I know that I have not had any Samsung devices of any sort, I did a bit more digging. This answers.microsoft.com page discusses using the following command, in an elevated command prompt, to remove obsolete driver packages:

C:\WINDOWS\system32\pnputil.exe /d oemXX.inf

where XX is, of course, the number indicated in the above pasted screen.

The Samsung driver package deleted successfully. The Western digital one claims it's in use by a device (and what WD device that would be, I have no idea).

 

[britechguy]

Addendum to Addendum: I decided to to the Device Manager route, viewing devices by drivers, and removing that way. It worked for the WD driver there.

Memory Isolation is now active, no dice as far as any change in the overlay. I'm still having App & Browser control show up as where action is needed, but nothing I can do there, including just dismissing the warning.

 

[GTP]

Microsoft does not recommend that you delete drivers to attempt to restore this setting.

Well I think we are narrowing it down.
In my case I could see at a glace what software the driver belonged to, so despite MS's advice I did delete the driver and the software which restored the Core Isolation function.

The Western digital one claims it's in use by a device (and what WD device that would be, I have no idea).

A Sandisk SSD? A Sandisk USB that has been used in the past?
I would uninstall all your USB devices (except any like Intel(R) USB 3.1 eXtensible...) etc. and restart so that it detects them again.

 

[britechguy]

A Sandisk USB that has been used in the past?

It never occurred to me that the Sandisk microSD card I have plugged in via a USB adapter might have been the culprit.

Yanking that old driver by force and restarting the computer has had no ill effects as far as anything goes, as far as I can tell. I can still use that microSD card just fine. But having Core Isolation on has zero effect on the spurious overlay, either.

As I said at the outset, when the problem appeared, and ever since, Windows Security shows the issue as being one of App & Browser Control. It claimed to have detected a potentially unwanted app when I downloaded something, but when you look at protection history, nothing is there. If you try to use the Dismiss link to just ignore the situation, it doesn't work.

I continue trying workarounds. @nlinecomputers, I have never disabled Windows Security since it's what I use, but I'd be happy to do that, restart, then promptly re-enable it to see if that would fix the issue. Any pointers on how to go about the process?

 

[nlinecomputers]

The western digital driver is for WD external drives. It is notoriously out of date. And will still be present on the system after you unplug the external drive.

As to disabling defender.

How to Disable Windows Defender in Windows 10/11

Windows Defender is a free, built-in, comprehensive antivirus tool with reliable protection. However, there are some drawbacks to using it. It is

www.alphr.com

 

[britechguy]

@nlinecomputers

Thanks for that. It's just way more work than I'm willing to do for this particular issue, which I figure will be fixed at some point.

Since I keep my eye on the Windows Security main panel itself with reasonable regularity, and haven't had any actual infection of any sort in literally decades now, I think I'm more than reasonably safe.

 

[GTP]

Thanks for that. It's just way more work than I'm willing to do for this particular issue....

Lol, you give up far too easily, I would have been all up in its business.
Its just Windows! Take an image, restore point, whatever if you're worried about losing something and deep dive into it. If you break it so what?
I'd be editing the registry, deleting files from here there and everywhere, and trying to find out exactly what it is.
Whats the worst that can happen? A reinstall...pffft.

 

[britechguy]

@GTP

Different strokes for different folks.

There are not enough hours in the day as it is, for me.

 

[GTP]

@GTP

Different strokes for different folks.

There are not enough hours in the day as it is, for me.

I can appreciate that. Have a great day!

 

[Philippe]

If you break it so what?

Much easier with a VM & snapshot

 

[britechguy]

Circling back to this, I seem to have stumbled in to a solution.

I decided to go in a few days ago under App & Browser Control, Reputation-Based protection and turn everything off. This did nothing at the time. So, a short while ago, I went back in and started turning the individual toggles back on one by one. I had turned on everything except the last toggle, SmartScreen for Microsoft Store apps, back on and still no dice. But, "magically," the moment I threw that toggle back on the caution overlay disappeared and the "all's fine with the world" green check overlay returned.

I this proves to be temporary, I'll report back.

 

[GTP]

Hmmm I've actually performed similar steps when I've seen the triangle. It seems to be more prevalent for Core Isolation but App & Browser Protection > Smart Screen For Microsoft Store Apps and Account Protection > "Turn on OneDrive" does it too.
Like you did; flipping the toggle on/off or vice-versa (usually) fixes it.