Have you tried to simply to name these RAR files to ".dat" or ".bin" ?
The right way is not only rename them but also encrypt, this should solve your problem,

BUT, and it is huge but here, and need some information to keep in mind:

Renaming (and/or) deleting a file using the OS APIs is closely watched operation by all AV scanners and specially Windows Defender, this is called a trigger,
so, i suggest to try the following:
1) create a file, new and different file either in the same directory or in different path.
2) choose the name you want, try ".mp3", ".bin", ".dat" ... just test multiple variations.
3) write the data to the new file, may be just copy the content form the old file to the new one.
4) delete the original, and see if this step still triggers the Defender, as it might, being NTFS closely monitored for ownership and permissions.

Please, test the above and report here, so we can see if an encryption is needed, also we need to know exactly what step is the trigger, it could be writing/renaming on that directory and has nothing to do with the files them selves, which is pretty much easy one, but again if you are changing the content of a file you are not suppose to from Defender point of view, or that file is watched for its content then it will trigger th Defender, but this solvable by creating the copy (may be with encryption) the content to different file (woth/without different path) same as above.

And good luck !

Meinst du Midi? Willie.

Yes, that would be a good idea. Copy the file with a new name. That could be done elegantly with "Rename".

And that what was i pointing to, when you copy and rename using single API, you are still disclosing the operation to Defender and it might also block it, but when you read it in whole or partial and at the same time writing data to another file, these are internal operation to your application.

Do you get the idea ?
1) Copying a file with the help of the OS UI like Windows Explorer, and
2) copying the file using an API, and
3) creating a different file then read data then write it to the second, in other words copying the data from within the file, but not the file.
these are different operations and Windows Defender will be not watching and reacting them the same way, each one has collection of rules to watched and checked.

Defender is not a simple scanner but also real time protection with heuristic and behavior analyzer scanner.

Nee. Midi hat in den seltensten Fällen die verwendeten Instrumente mit dabei. Das verlässt sich auf die Audiobibliotek der Soundkarte. Deswegen können Midi auch auf jedem Rechner anders klingen.
Sorry, ich hatte das vergessen mit zu erwähnen ich meine Module oder Tracker Formate. Sowas wie MOD, S3M, IT, XM.

Hey, MOD kenne ich aber sonst hab' ich wenig Ahnung davon. Ich weiß nicht, wie lange du schon dabei bist. Früher gab es eine kleine Klaviertastatrur, die wohl zur Soundkarte gehörte und eine lange Liste von Musikinstrumenten von Klavier über Geige bis Stimme (m/w) und du konntes Musik machen. Das war kurios. Das war Midi und gibt es nicht mehr. Aber wie gesagt, viel mehr weiß ich nicht.

[QUOTE=Kas Ob.;1553260]Yes, I noticed that. You don't necessarily need an additional virus protector. I will follow your thoughts and test.

Warum sollte es Midi nicht mehr geben? Problem ist nur bei Remote Desktop. (Midi ist das meist verbreitete Format um Musikinstrumente miteinander zu verkabeln - gibt sogar Drehleiern die das können )
Oder meinst Du nur die Klaviertastatur?

</OT> Auf Youtube gibt es ein Video bei dem die größte Kirchenorgel der Welt über MIDI an ein Notebok angeschlossen wird </OT>

Ja, genau meinte ich. Wiliie.