Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    Does anyone have a link to show how to use PowerShell to tweak the Windows Defender settings (for Windows Home users). I am currently doing this in .REG files but would like to write a nice script.
     
  2. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
  3. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    It would be nice to see all these powerful settings in the UI.
    But for now, Group Policy and PowerShell are needed to configure settings.

    There are two Windows Defender Exploit Guard Group Policy folders, both named the same.
    For the Attack Surface Reduction rules, open the Windows Defender Group Policies.
    It's then the bottom folder within the Windows Defender folder.
    In here you will find three of the Windows Defender Exploit Guard features' settings (those that are implemented as part of Windows Defender), including the Attack Surface Reduction rules.

    Then pick the rule IDs you need from the Microsoft Docs documentation linked to earlier and activate.
     
  4. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    It has been a long time since font parsing was done in kernel mode.
    Dropping the “Untrusted Font Blocking” setting

    Good advice. :thumb: Also - when in doubt, try Audit mode first instead of going straight to Block mode. :)
     
  5. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I found it...

    Attack Surface Reduction.png

    And the page is this:
    https://docs.microsoft.com/en-us/wi...exploit-guard/enable-attack-surface-reduction

    TNX :thumb:
     
  6. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    :thumb:
     
  7. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    It would be great if you could make a simple SW (like GFlagsX) to allow Home users to set up WD as easily as Pro users :)
    Here you can download the two registry keys to set the high cloud blocking level:
    https://www.maketecheasier.com/harden-windows-defender/
     
    Last edited: Oct 20, 2017
  8. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Agreed, that would be nice to have a simple UI to toggle those low level Defender settings more easily.
     
  9. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
  10. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    ... and how can I get Fall Creators Update? ;)
     
  11. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Has anybody had much time yet to play around with the new Attack Surface Reduction (ASR) rules?
    Link: https://docs.microsoft.com/en-us/wi...exploit-guard/enable-attack-surface-reduction

    It seems that the requirement for ASR in particular is that you have to be running Windows Defender Antivirus for these to work. I prefer not to run Defender, and therefore I can still make use of the Exploit Guard mitigations. But unfortunately not these ASR rules. These rules are quite nice though. You can exclude files and folders as well which is great.


    You can manually add the rules by using the GUIDs in the following table:

    Rule description GUIDs
    Block executable content from email client and webmail
    BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550

    Block Office applications from creating child processes
    D4F940AB-401B-4EFC-AADC-AD5F3C50688A

    Block Office applications from creating executable content
    3B576869-A4EC-4529-8536-B80A7769E899

    Block Office applications from injecting into other processes
    75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84

    Impede JavaScript and VBScript to launch executables
    D3E037E1-3EB8-44C8-A917-57927947596D

    Block execution of potentially obfuscated scripts
    5BEB7EFE-FD9A-4556-801D-275E5FFC04CC

    Block Win32 imports from Macro code in Office
    92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B

    See the Attack surface reduction topic for details on each rule.
     
  12. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    You have to review event logs to determine what has been blocked. Whereas in WD ATP:
     
  14. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    You are welcome, @Djigi :)

    As far as I can see from your posts, you have activated all the new features now.
    The only thing I didn't see you mentioning activating, are the new Network Protection.
    It has a subfolder in the same Windows Defender Exploit Guard Global Policy folder, where you also have the subfolder with policies for Attack Surface Reduction rules.
     
  15. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Whenever a Attack Surface Reduction rule are triggered, there's a notification in Action Center and also a log entry made in Event Viewer.
    So you will be notified of all blocks being made. :thumb:
     
  16. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
  17. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
  18. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    Maybe Microsoft servers are busy, everyone wanna update now :p
    I'd wait at least for the first patch Tuesday, so that most bugs can be reported and fixed :)
     
  19. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Yes, couple of this now stuff I did turn on.
    That ASR got couple of stuff what is useful for me (maybe), and that is:
    - Block executable content from email client and webmail
    - Impede JavaScript and VBScript to launch executables
    - Block execution of potentially obfuscated scripts

    I don't have any Office app and use only Gmail Online mail.

    Also, I have a question about that Exploit protection and Google Chrome.
    I added chrome but don't know what security options to turn ON?
    I added this (screenshot) but it brake all my extensions so I turned all off.

    Untitled.png
     
  20. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    343
    Location:
    Down Under the Southern Cross
    I had to disable Control Folders Access. Its prompts any time I clicked on files or apps in protected folders, it felt like UAC on steroid. Also I was unable to delete new files that I created and saved in protected folders after the upgrade. Not allowed to send them to the recycle bin or by right click and select delete, explorer shell delete option not available. There maybe an easy way to deal with it but I could not find it.
     
    Last edited: Oct 21, 2017
  21. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    Upgrade still stuck at 33 %, there must be a glitch. o_O
     
  22. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
  23. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
  24. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
  25. plat1098

    plat1098 Guest

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.