Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    what does custom settings have to do with the fact that if you want to properly configure WD, you need a 3rd party tool to do so?
     
  2. Tyreman

    Tyreman Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    145
    Location:
    Cambridge Ontario,Canada

    doesn't crush me at all bud!!!
    I'm using settings in win 10 pro
    use what you like and ill use what I like
    Reminds of an old Hall and Oates song
    "Some things are better left unsaid"
     
  3. Spec7re

    Spec7re Guest

    You don't need a 3rd party program to configure WD. You can do it via PowerShell or GP depending on your version on Windows. All the 3rd party app does is make it easier, but whether you choose to do it manually or with the app the result is the same.

    Now what I will say is that it is indeed more difficult than other programs out there, but Microsoft intended these settings for enterprise/IT pros, not home users, hence why they did it this way. Most home users could care less about making changes to their security program, most just install it and that's it. It's really only us geeks that fiddle with settings.
     
  4. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Is it normal to spew negativity constantly?
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    There are plenty of PowerShell cmdlets posted earlier in this thread which I have used to harden WD. You don't need a third-party tool but it does give you a nice GUI.
     
  6. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    is it normal to have emotional attachment to a software?
     
  7. guest

    guest Guest

    Is it normal to try categorizing things as normal? :p
     
  8. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
     
  9. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    610
    Location:
    US
    Normal is a relative term.

    I harden WD through Power Shell and Group Policy.

    Robert
     
  10. fossewayfella

    fossewayfella Registered Member

    Joined:
    Nov 13, 2018
    Posts:
    17
    Location:
    Midlands UK
  11. fossewayfella

    fossewayfella Registered Member

    Joined:
    Nov 13, 2018
    Posts:
    17
    Location:
    Midlands UK
     
  12. fossewayfella

    fossewayfella Registered Member

    Joined:
    Nov 13, 2018
    Posts:
    17
    Location:
    Midlands UK
    This might be useful
    https://youtu.be/uLlv_aZjHXc
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  15. guest

    guest Guest

  16. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    A new transparency report has just been made available.
    The report - Examining the AV-TEST September-October 2018 results - can be downloaded here (PDF) :
    Code:
    https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWqOqD
     
  17. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    On page 10 of the above pdf, I can't fathom how startup/shutdown test measures could be applied across the board. Microsoft acknowledges some performance impacts, particularly with a "standard" PC (what are the criteria there, anyone?). For me, performance impacts trump protection ability any day of the week because I can manage the latter if need be, with tiny software tools. But drag my shutdown past five or six seconds and I'm finding that a "critical" issue indeed. :mad: (Shutdown w/Defender on here is virtually instant). It's frequently a matter of how much your antivirus gets on your nerves, it seems.
     
  18. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
  19. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    Are there any new important tweaks for WD? ;)
     
  20. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    I keep TCPView running as a kind of wallpaper on my system. This morning I noticed that WD had turned its "Cloud Based Protection" on from a normal off state on my system, resulting in a great deal of svchost connections on TCPView. Weird eh? I turned it off but will now have to watch WD for autonomous setting changes :‑,
     
  21. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    svchost has absolutely nothing to do with Defender or its cloud based protection.
    Connections to Microsoft's cloud are made by MsMpEng.exe
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    It does have a direct connection. It loads WinDefend service which will start MsMpEng.exe:

    "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe"

    Thereafter, MsMpEng.exe runs as a stand alone process versus a svchost.exe instance but still as a child process of SCM.

    The Win firewall on the other hand runs as svchost.exe instance:

    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
     
    Last edited: Feb 8, 2019
  23. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    When using TCPView, a svchost process making an outbound connection will have a PID associated with it. The PID is usually associated with a Windows service.
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    All Windows active processes are assigned a PID; i.e. process identifier. Open Win Task Manager and click on the Details tab.

    Also TCPView hasn't been updated since 2011. As such, it doesn't fully reflect Win 10 process status in regards to svchost.exe. Using Process Monitor, you will observe multiple processes running a given svchost.exe instance; multiple runtimebroker.exe instances, SmartScreen, dllhost.exe, etc.. All these processes have a unique PID.
     
    Last edited: Feb 8, 2019
  25. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Well sure, this is exactly what I do with a PID from TCPView.

    Yea.

    Also, the service that is activated with WD cloud protection is Windows Defender Advanced Threat Protection Service (which is what started this conversation). When I saw the svchost processes (many of them) in TCPView I used the PID referenced to use Task Manager details to find the service. It took me a couple of minutes to figure out that WD had re-enabled cloud protection. I disabled it using the WD control interface and the svchost processes stopped. Cloud protection has remained stopped since, but like some other MS stuff, I now know to keep an eye on this one. I'm not being judgemental, some people like cloud services, some don't.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.