GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI Archiver
  2. GFI Archiver - General Information
  3. Articles

Managing Microsoft Defender Alerts Related to marc.search.exe and Temporary HTML Files

Overview

Microsoft Defender may generate alerts when marc.search.exe creates and deletes temporary HTML files during system startup. This behavior occurs as part of the normal operation of the application, which processes and indexes HTML-based message content. Defender flags these activities due to frequent file operations, which can resemble the behavior of malware or unwanted programs.

Solution

This issue can be resolved by understanding the normal functionality of marc.search.exe and adjusting Microsoft Defender settings to prevent unnecessary alerts:

  1. Processing HTML Content:

    • marc.search.exe processes and indexes HTML content from messages, particularly those in email bodies or documents.
    • The application converts HTML data into a format suitable for indexing and searching.

  2. Temporary File Creation:

    • During this process, temporary HTML files are generated in the Search\Temp folder.
    • These files typically start with names such as docname or convertingdocname followed by unique identifiers.

  3. File Cleanup:

    • After processing, marc.search.exe attempts to delete these temporary files to free up disk space.
    • If these files are not deleted, it may indicate permission issues or other system-related factors preventing proper cleanup.

  4. Microsoft Defender Alerts:

    • Defender may flag these actions because frequent file operations, especially at startup, can be interpreted as suspicious behavior.
    • Additionally, the temporary files may contain HTML scripts or code that could trigger alerts if scanned before they are deleted.

  5. Recommended Action:

    • This behavior is expected, but if persistent alerts occur, it is advised to configure Microsoft Defender by adding exclusions for the directories where these temporary files are stored.
    • Follow documented steps to add antivirus exclusions to avoid performance issues and repeated alerts:
      • Exclude the Search\Temp folder from real-time scanning in Microsoft Defender.
      • Ensure marc.search.exe is recognized as a trusted application.

Reference Documentation

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments