Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I havens used an AV in a long time but probably what happened was that as Avira PC Cleaner scanned the PC, Windows defender real time started doing it as well. So, it was like if you had 2 antiviruses scanning at the same time. When I used antiviruses and scanned with an OD scanner, to avoid what you describe, I turned off the real time protection of whatever AV I was using at the time on real time.

    Bo
     
  2. illicit

    illicit Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    101
    Has anyone tested the creators update or next insiders build, with all necessary registry tweaks enabled? Curious how it performs against zero days now. Not set up well to do this myself currently.
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    I would exclude Avira in Defender, and Defender in Avira.
    Not familiar with Avira Cleaner, so this is just theory based on other such pairs I've used.
     
  4. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Registry tweaks? :confused:
     
  5. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Turning off Real-time protection would not be a wise thing to do, if Internet is on.

    Exactly!
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Avira PC Cleaner is just on demand scanner - no exclusions are possible. Personally, I would just disable WD temporarily, while scanning system.
     
  7. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    But one can exclude Avira PC Cleaner directory in WD right?

    Disabling real-time protection can work if you leave the PC during the scan, but if you are browsing the internet, then it would not be a wise thing to do !
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes, off course, if one is concerned about getting infected during scan, excluding directory could also solve the problem. I don't use WD so I can't test it.
     
  9. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    :thumb:

    Anyone using WD for on-demand scans? I found this feature interesting. It then keeps updating automatically without keeping the real-time scanning on.
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Might not be wise but it is what it is.

    Bo
     
  11. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Oh, sweet joy. Windows 10 Fall Creators Update are getting closer and it is smoking hot.
    As release are getting closer, Microsoft are of course getting all the documentation ready.

    Some of the huge improvements are Windows Defender Exploit Guard : https://docs.microsoft.com/en-us/wi...efender-exploit-guard?ocid=cx-twidsw-docswdeg

    Windows Defender Exploit Guard are four features : Exploit Protection, Attack Surface Reduction rules, Network Protection and Controlled Folder Access.

    Exploit Protection :
    Only requirement to use Exploit Protection, are that you are on Windows 10 Fall Creators Update.

    It's configurable in Windows Defender Security Center, through Group Policy and PowerShell.

    In case a mitigation are triggered, you will be alerted in Action Center and there will be a log entry in Windows Event Viewer.
    Additional, if you are running Windows Defender ATP, then all events will show up there for centralized alert investigation.

    More here, for an in-depth look at all the mitigations :
    https://docs.microsoft.com/en-us/wi...xploit-guard/exploit-protection-exploit-guard
    And more here : https://docs.microsoft.com/en-us/wi...er-exploit-guard/customize-exploit-protection

    Attack Surface Reduction rules :
    Requirements : Windows 10 Fall Creators Update and Windows Defender Antivirus fully active including cloud protection.

    It's configurable through Group Policy, PowerShell and Mobile Device Management.

    In case a rule are triggered, you will be alerted in Action Center and there will be a log entry in Windows Event Viewer.
    Additional, if you are running Windows Defender ATP, then all events will show up there for centralized alert investigation.

    More here for an in-depth look : https://docs.microsoft.com/en-us/wi...-guard/attack-surface-reduction-exploit-guard

    Network Protection :
    Requirements : Windows 10 Fall Creators Update and Windows Defender Antivirus fully enabled including cloud protection.

    It's configurable through Group Policy, PowerShell and Mobile Device Management.

    In case a connection are blocked, you will be alerted in Action Center and there will be a log entry in Windows Event Viewer.
    Additional, if you are running Windows Defender ATP, then all events will show up there for centralized alert investigation.

    Much more here : https://docs.microsoft.com/en-us/wi...xploit-guard/network-protection-exploit-guard

    Controlled Folder Access :
    Requirements : Windows 10 Fall Creators Update and Windows Defender Antivirus fully active including cloud protection.

    It's configurable in Windows Defender Security Center and through Group Policy, PowerShell and Mobile Device Management.

    In case a unknown or suspicious executable attempts to access a protected folder, you will be alerted in Action Center and there will be a log entry in Windows Event Viewer.
    Additional, if you are running Windows Defender ATP, then all events will show up there for centralized alert investigation.

    More here for an in-depth look : https://docs.microsoft.com/en-us/wi...xploit-guard/controlled-folders-exploit-guard

    Huge boost for all the native security in Windows 10 Fall Creators Update. :thumb:
    This is a extremely powerful update. (and there's more ;))
     
  12. guest

    guest Guest

    Yes, it is :thumb:
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Good news indeed :thumb:
     
  14. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @Martin_C Excellent stuff. Thank you for sharing all of that great details! :thumb:
     
  15. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    MS is serious about network protection. If you disable Windows Defender Firewall, you will get BSOD: "Critical Service Failed", within 5-10 mins.
     
  16. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    With the updated documentation linked to by Martin_C, I decided to dig further into my latest Insider virtual machine. It appears that MS has the ProcessMitigations (https://www.powershellgallery.com/packages/ProcessMitigations) PowerShell module built into the code Windows installation now. Previously, you had to use some commands in PS to download/install the module from a separate repo. Now it's built-in. Also, the latest module available in the repo (and on that link) is 1.0.7 which does not contain all of the mitigation goodies from EMET. The ProcessMitigations PS module built into Fall Creators Update is 1.0.11 and contains all of the latest mitigations from EMET. The location in the file system is: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ProcessMitigations. However, for whatever reason, the typical ProcessMitigations.dll module is not there. So the module must be elsewhere or quite likely built into another binary elsewhere. Either way, it is fantastic to see Microsoft progress with protection from all angles and all aspects.
     
  17. plat1098

    plat1098 Guest

    Critical improvements to Windows Defender and it's reassuring, finally. People keep Defender enabled for reasons other than it's "free." I'll be interested in upcoming comparatives. My main bane has been the update delivery method which has left too many people's machines, their property "smoking hot." I believe Microsoft has made modifications to that end as well. We'll see.
     
  18. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    You can disable the firewall itself, you get problems if you disable the service (MpsSvc)
     
  19. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    Disabling the service improves the network speed. The problem only started since 12673, maybe it will be fixed, but I doubt it, if the security implementations are considered critical.
     
  20. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  21. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    @Martin_C thanks for the information. Interesting development indeed. :thumb:
     
  22. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    You are welcome, all. :)
    Those who haven't tried the new Fall Creators Update branch yet, really have something to look forward to.
    So many improvements and it's running super smooth.
     
  23. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
  24. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    I still can't understand if all these improvements also apply to Windows 10 Home edition... from the Microsoft website (https://docs.microsoft.com/en-us/wi...p/windows-defender-advanced-threat-protection) it seems that it only applies to the Pro, Enterprise and Education versions...
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    And whether anti-exploit programs like HMPA or MB3 AE will be compatible, if not unnecessary.

    I would imagine Exploit Guard or 3rd party softs would have to 'step aside' for each other, if the latter are installed?
     
    Last edited: Aug 30, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.