What’s new in Windows Defender ATP Fall Creators Update

Discussion in 'other anti-malware software' started by ronjor, Jun 27, 2017.

  1. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    I want to download and install it as well. :geek:
     
  2. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    The plan is to eventually have it in all versions of Windows.
     
  3. TheMalwareMaster

    TheMalwareMaster Registered Member

    Joined:
    Jan 11, 2017
    Posts:
    25
    Location:
    Italy
    Thanks for the reply
     
  4. plat1098

    plat1098 Guest

    Home or Pro, doesn't matter as I have both but an ETA would be beneficial. When? Here are a couple of issues I've had all along:

    a. Tiny (117 gb) C: drive means diligent monitoring of whatever software goes on/off. Not inclined to make room for a bulky third party AV.
    B. When you do a reset/recovery/clean install, there is a lag between when machine is "ready" and Windows/Defender applies crucial updates. I've paid the price when recovering machine and then absent-mindedly opening a browser right away. It's very much needed to have that extra protection right off the bat.

    By the way, any noise about "FUD," "hater," and "pornography sites" and you're talking to the back of my head. Thanks.
     
  5. plat1098

    plat1098 Guest

    I'll answer my own question as there seems to be some vagueness associated with exactly what will be revised in the initial Fall Creators build. It was necessary to sift through the syrup in order to get the meat and potatoes. That Exploit Guard will be very welcome, I think.

    https://betanews.com/2017/06/28/windows-10-defender-exploit-guard/

    Adding: The use of the older link is deliberate and the very issues/concerns I was raising some months ago and were slammed as FUD and worse are incidentally being addressed by Microsoft in the form of an upcoming markedly stronger product. Ain't that something. These shills had better sit up straight and pay attention. They know who they are.
     
    Last edited by a moderator: Aug 18, 2017
  6. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    While true, this is not a valid complaint against WD, Windows, or Microsoft. It is not Microsoft's fault new code, new features, or the latest updates are not already "retrofitted" into your old image files or installation disks.

    And WD may be outdated after a clean install, but it is there and up and running upon the very first boot after a clean install, able to protect you from the vast majority of malicious code. Only the most recent malware is a threat, and will be soon covered once Windows Update is allowed to do its thing.

    If you depend on 3rd party anti-malware solutions, they aren't installed, and cannot be expected to be installed after a clean OS install until the user downloads, installs, and updates it. So while Windows Defender may not be completely current, at least you have something "right off the bat" trying to look out for you. No other solution provides that.

    This is exactly why the user is ALWAYS the weakest link in security. I note on a clean install, Windows immediately goes out to get fully updated. If the user aborts that to do some surfing and gets infected, that is not on Microsoft. On a "recovery", users must also understand the recovery images are likely outdated.

    Bottom line: NO security solution can protect a user if he or she opens the door and invites the bad guy in.
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    If only WD would use a standalone update system. I did 3 clean installs in a row and Windows update and WD failed to update, until I used 3rd party software to fix it. Everything else worked.
     
  8. plat1098

    plat1098 Guest

    No but it's a common pitfall to just start using machine right after it's finished recovering because you're assured on screen that critical updates are being applied. Yet, I always have to force the latest updates afterward. That's just the way it is. It's a limited responsibility, I think, for Microsoft to identify such mass pitfalls and mitigate them a bit, it behooves Mic. to do so. Which they did to a large extent. Internet Explorer is buried in Windows 10, things like that. Exploit Guard is a big boon for scenarios just like this, until Adobe flash player is gone in 2020 for starters.

    Me, I learned the hard way. You're your own best teacher sometimes.
     
  9. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    Except that is one of its main advantages. A standalone update system would require a lot more coding, additional services, resources and more. While a single service may result in a single point of failure, fewer parts also results in fewer points of potential failures. In this case, it also means an easier learning curve for users that don't want to mess with such things, they just want their computer to work without any additional intervention. And for the vast majority of users, that is exactly how it works all the time.
    That is not interpreting the message correctly.

    "Are being applied" is not the same thing as "Your computer is fully updated and current as of 2 minutes ago".

    And cutting to the chase here, you are talking about exceptions here, not the norm. Having to do a recovery is not a normal procedure or routine procedure. That is (or should be anyway) always a last ditch action after all other repair options have been exhausted. And a clean install should only be done once - on a brand new computer, or when upgrading to a new version of Windows. A fresh install (or recovery too) can easily put a computer months, or even years behind in updates. Microsoft cannot be held accountable if the user is so impatient they can't wait before surfing the net and exposing their system to threats.

    And once again, at least with Windows Defender, you have an anti-malware solution in place from the start, even if it not fully current - yet.
    We do clean installs on new systems all the time here and have never had to use 3rd party apps. It often requires an extra reboot or two, however as many updates are prerequisites for subsequent updates and need a reboot to get properly set in place first. But patience always wins out as eventually, Windows Update completes.
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,052
    Location:
    Texas
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Seems like they are really going after the EDR and next-gen AV market. Also, this article (see link) answers my question about WD-ATP's blocking capabilities, apparently it's Win Def AV that now is indeed using behavioral monitoring, so it's supposed to block stuff like ransomware in it's early stages. But I'm not sure if it will block suspicious process execution and process hollowing straight away.

    https://blogs.technet.microsoft.com...pdate-hardens-security-with-next-gen-defense/
     
  12. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    Behavior analysis has been a feature in WD for some time now. ARSTechnica talks about in March 2016.
    Since you have made it clear throughout this thread you believe Windows Defender is such an inferior product by finding fault and inserting doubt every step along the way, please show us which program (free or paid) is the 100% perfection you expect WD to be, and continue to criticize because it is not and apparently never will be.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Bill, you need to get over it. I already said it's best to end this discussion because of the simple fact that you just don't get it. I was trying to figure out how WD's local behavior monitoring exactly works and what it monitors, but there is no information on the web about that.

    I'm guessing it has the same ability as WD-ATP, but if this is the case, it should be able to block malware in an early stage. This means that in practice, you shouldn't have to rely on WD-ATP to block stuff like ransomware. Like you said, WD-ATP is mostly meant as a monitoring tool, that will eventually block malware in a later stage or will block malware from spreading to other machines.

    https://blogs.technet.microsoft.com...t-for-cve-2017-8759-detected-and-neutralized/
     
  14. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    :argh: So you dredge it up after it has been dormant for a whole week? Who's not letting it go? Gee whiz. Talk about the pot calling the kettle black. :rolleyes:

    I'm done so go ahead and get your last word in.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Weak reply Bill, of course I needed to respond to someone who clearly doesn't get it. Once again you started with "you think WD is inferior bla-bla" while that was never the point of the discussion. Hopefully M$ will soon release more info about WD's behavior blocker, and I do believe WD-ATP is a pretty decent product. I'm just saying, in case you didn't notice it and start to act all fanboyish again LOL. :thumb:
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,052
    Location:
    Texas
    Automated Response for Windows Defender ATP

     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Looking good, and now I understand why they bought Hexadite. BTW, I wonder why they don't make the pictures clickable. And I also read that WD-ATP will be available to consumer versions of Win 10, but I don't know if this is true.
     
  18. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
  19. plat1098

    plat1098 Guest

  20. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    I have Enterprise and will be going to ATP at some point next year.
     
  21. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  22. plat1098

    plat1098 Guest

    OK, if you have the PRO (or other paid) version. Via gpedit/Computer Configuration/Administrative Templates/Windows Components/Windows Defender Antivirus/Scan--enabled heuristics and pause scan. There are numerous scan options but most would impact performance. Under Real Time Protection: enabled behavior monitoring. Under Windows Defender Application Guard, WDAG was enabled. In other words, Application Guard is already available for paid versions, just sayin'.

    Incidentally, just sharing some info: if anyone is hoping to transfer Windows 10 PRO product key to another machine, if you only purchased the upgrade from the Store (not the full retail license, like on a DVD) forget it, the PRO can ONLY be (re) installed on the machine you originally installed in on. :mad: If you want to downgrade from Pro to Home version for some reason, what I did after Microsoft chat told me was to use my Windows media on a USB and select custom installation and then the appropriate partition. Voila, back to Home version and then back to PRO as I couldn't transfer it to my other machine. :rolleyes:
     
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    So far I have all the features of Pro with my insiders builds but I also just bought a new 10 Pro Usb stick via Best buy, never used.
     
  24. plat1098

    plat1098 Guest

    Yeah, that you can transfer to another machine. Lucky duck. :)
     
  25. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,052
    Location:
    Texas
    Detecting reflective DLL loading with Windows Defender ATP
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.