Recently, Windows Defender flagged a .txt file on my Windows 10 system as Exploit:O97M/DDEDownloader.D, with the detection type listed as "Concrete." The detection surprised me, because the .txt file contained data that I assume is non-executable and was carved from a system that doesn't seem to be compromised.
The Microsoft Learn page for Defender events mentions the following detection types, but doesn't clarify what the definition of each type is:
- Concrete
- Generic
- Heuristics
- Dynamic signature
Is there any documentation I can read to learn more about these detection types, and how Windows Defender detects/handles each one?
