It seems 1.16 is out: https://defenderui.com/Download/InstallDefenderUI116.exe https://defenderui.com/Download/InstallDefenderUIPro116.exe
BTW, did you guys see the latest video on The PC Security Channel? Basically, Win Defender failed to block a certain ransomware sample with standard settings, but when DefenderUI was enabled it did block this sample. I wonder why on earth aren't these extra settings visible in Win Defender's GUI in the first place? You can of course also use a tool like ConfigureDefender, which doesn't need to run in memory all of the time. You can see the video on the DefenderUI website: https://www.defenderui.com https://www.softpedia.com/get/PORTABLE-SOFTWARE/System/System-Enhancements/ConfigureDefender.shtml
OK thanks, very sad to see that MT is more active than WSF. But Andy Ful's (from ConfigureDefender) comment was quite interesting, according to him this is not how real attacks work:
BTW, I decided to take a look at the latest version, and it seems to be improved, it works just fine. But does anyone know how the ''block abuse of exploited vulnerable signed drivers'' (ASR Rules) feature works? Is this something that was developed by VoodooSoft themselves, or a feature that was already hidden in Win Security?
I can't tell you how it works but I'm pretty sure Configure Defender also has this feature and since it is listed as an ASR rule by microsoft I would say it is native in windows. https://learn.microsoft.com/en-us/m...reduction-rules-reference?view=o365-worldwide
The missed sample is probably because of a gangbang (throw malware so fast at defender) that was skipped by defender... but with DefenderUI or configuredefender seems pretty hard to get infected.
OK thanks, it seems like I'm using an older version of ConfigureDefender, which didn't offer this feature. And I have found some more info, apparantly it blocks apps from creating/loading signed drivers, but apps can still abuse vulnerable drivers that are already present on the system. And I assume this list of vulnerable drivers is updated when you update Win Defender. https://hackdefense.com/publications/met-asr-regels-houd-je-criminelen-buiten-de-deur/ Yes, I also don't believe that most malware works like this, on the other hand, I did read on MT that according to someone, certain malware downloaders can download/execute multiple samples quite fast. But it's strange that MS hides these hardening features in Windows.
