A technique called GhostTree leverages recursive NTFS junctions to create numerous valid Windows file paths that can cause Microsoft Defender folder scans to hang indefinitely. This allows malware to remain hidden on systems while antivirus protection appears to be functioning normally. The method targets a fundamental weakness in how Windows file system scanning handles symbolic link structures.

Why it matters in Western Canada: Organizations across Western Canada relying on Microsoft Defender for endpoint protection—including universities, government agencies, and healthcare providers—could face undetected malware infections if systems use vulnerable scan configurations.

---

Summary generated from the original advisory. Read the full source: bleepingcomputer