[size=10pt]Avast alerted that svchost.exe was downloading malware when Windows Update was downloading a definition update for windows defender. The system is Win7 32bit. I’m not sure if it was Microsoft’s problem, or me being hijacked, or false positive. It was really creepy… The full name of the windows update patch was “Definition Update for Windows Defender - KB915597 (Definition 1.191.1866.0)” and it was from au.download.windowsupdate.com. Anyone with the same experience?
Please use the form on the website to report this likely false positive.
https://blog.avast.com/tag/false-positive/
Eddy is right in that you should report it as a false positive, another point to think about is why do you have Defender enabled as Avast already has you covered in this area.
Defenders spyware protection is far beyond poor and really just a waste of resources, far better to have Malwarebytes installed and run a weekly or fortnightly scan just for piece of mind.
Thanks guys, but I’m not sure it’s a false positive, because that the definition update is an .exe sure is strange. I don’t use Windows Defender, but I use Windows Update to keep the system up to date and whenever there is a definition update for windows defender I install it so that it won’t keep nagging me, besides who knows if some day windows defender might come in handy. This was the first time it was flagged by Avast and I’m thinking maybe for some reason Windows Update was not getting the right file. If it is a false positive then others should have seen the same, but as I didn’t find similar feedbacks from Google results I’m worried I might be the only one with the problem. Maybe i was hijacked and my system was infested already by a file disguised as a genuine update patch. 
It is likely a self-extracting archive and the file seems to com from a Australian MS server.
I would not worry about it, just reported if you haven’t done so already.
I was about to report but i did not have the exe file. Avast blocked it so i did not get one. I don’t dare to fetch it again lest it really was problematic. Thanks anyway.
Thanks for report, we (me & Igor) checked your file (from your screenshot) and the latest VPS doesn’t report any viruses. Either it was fixed in VPS or the file wasn’t downloaded properly (stripped for example) and the signature was detected in this corrupted archive.
Thanks a lot. Does this mean i don’t have to worry about it? 
'cos i don’t understand much technical stuff. Just so i could feel assured.
Yes.
Alright
Cheers thanks
KB915597 installed fine on my machine with vps 150113-0. I have Win 7 with Defender deactivated but Win Update gets the definition updates twice a week anyway, a bit annoying but I just let it go ahead.
Does not sound like you have Defender “de-activated”…you can always activate down the road if you uninstall your A/V solution and get its latest database update…until then I would definitely turn this completely off.
Open up Windows Defender, go to Tools on the top menu, and then click on Options. Now click on Administrator on the left-hand pane, uncheck the box for “Use this program”, and click the Save button, Exit. To make sure just go back into Control Panel and click on Windows Defender and you should get a message that the program is Turned Off…exit without opening.
By de-activated I meant real time scanning off, thanks for that tip, thekochs!
Does not sound like you have Defender "de-activated"@ thekochs, Since the OP is running Windows 7, Defender is only a Malware scanner not a resident AV. Use, even if not very good, is still not something that needs to be removed in order to use Avast. :) [url=https://www.malwarebytes.org/antimalware/][b]Malwarebytes[/b][/url] is a much better alternative to Windows Defender. :)
You make excellent point…it is not Windows 8…but if he is “annoyed” at the Defender bi-weekly downloads this would resolve.
If it was me I would “disable” Defender and use MalwareBytes Pro with Avast as my two active Malware/Virus “active shield” tools…of course this is exactly what I run on my W7 systems. ;D