Hello @gapinto,
Hope you’re doing well today! Sorry to hear about the issue you’re facing with Defender.
I made a quick test on my lab site by adding a custom SVG icon to the /uploads/ directory, and ran a new malware scan. However, it did not highlight the SVG icon. Could you please share a bit more information about it? For example, were these icons “custom icons” added via WP admin >> Elementor >> Custom Icons?
Also, would it be possible for you to share the icons with us via Google Drive or similar, so that we can upload them to our environment and troubleshoot the issue further?
However, just to clarify, not all SVGs are False Positives. SVGs are based on XML, and there can be injections happening on those files; hence, we would like to take a closer look at the files that are being highlighted.
Can I whitelist a specific folder or disable scanning of media files?
I am afraid, at the moment, Defender doesn’t provide a way to skip a specific folder, disable scanning for specific file types. However, in the meantime, if you think those could be false positives, you can choose to ignore those specific files by clicking on them on the Malware Scanning page and clicking on the ignore button. (You can also select multiple files and Bulk ignore them) Ref: https://wpmudev.com/docs/wpmu-dev-plugins/defender/#issue-details
This way, the next scans should not highlight the SVG icons again.
Kind Regards,
Saurabh
Hi @gapinto
We haven’t heard from you in a while, I’ll go and mark this thread as resolved. If you have any additional questions or require further help, please let us know!
Kind Regards,
Kris
