If the hashes do not match, then the only safe thing to assume is that the data has been modified by an unauthorized party, and you should avoid using the data and report it to Microsoft (as the vendor).
Your system has been compromised and the file, while correct in the ISO, has been modified on your system by malware.This is a false positive, and Defender is flagging it falsely.Whenever a website provides a strong cryptographic hash or strong digital signature, it's prudent to check it to be sure that the data you've gotten is the data that the vendor provided.Īssuming that the hashes match, there are a couple of possibilities, in rough likelihood of occurrence: The best way to verify whether the image is legitimate is to check the SHA-256 hash of the ISO as provided by Microsoft's download site.
