Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Windows Defender deletes Citrix components mislabeled as malware
https://www.bleepingcomputer.com/ne...etes-citrix-components-mislabeled-as-malware/

 

well, apparently @xxJackxx was right.

 

That's the thing, it gets very confusing because it indeed seems that most behavior blocking is done by Win Def ATP, but this isn't correct. I have found the article, and apparently Win Def AV is able to spot certain malicious behavior on the local system and will then send it to the cloud to get confirmation. It sounds cool, but I don't know how it will work in practice. I rather have a third party behavior blocker that blocks stuff without relying on the cloud.

https://argonsys.com/microsoft-clou...based-blocking-stops-attacks-in-their-tracks/

 

LOL, what a major blunder. It's surprising because Win Def AV was quite improved when it came to false positives, at least according to the latest tests. But seems like M$ needs to fine tune their behavior blocker.

 

I don't understand why you guys keep posting in this thread if you don't use WD and only want to bash it. Maybe pandemic fatigue?

 

I don't use the product on my personal machines as I prefer other options. I have to use it at work because the price is right. Sometimes there are issues and I post about them to keep it honest as I would any product. I can't speak for others but.. the thread title is a little bit troll bait. As are some of the posts. Some folks will ignore them. Others will not.

 

Indeed!

 

Microsoft Defender ATP adds new malicious behavior blocking feature
August 18, 2020
https://www.bleepingcomputer.com/ne...adds-new-malicious-behavior-blocking-feature/

Microsoft: Introducing EDR in block mode: Stopping attacks in their tracks

 

Some of us ""bash it " exactly due to the fact we use it.We all know it could be better.Things get better when feedback is delivered also.
When something gets thru, into your OS, you get reactive.
I see that you are a user of BD, why would you care about Windows Defender "bashing"?

 

In that case, critiques are helpful.

I only switched because of the Network Inspection Service bug.

 

Can u please explain this bug? I'm using the high protection with configure-defender and the network protection is enabled.

 

Network Inspection Service is running for me again w/Memory Integrity enabled.

Just tried it again a couple days ago--enabling it under Core Isolation. I realize it might be a reliability issue for some, though.

 

Microsoft makes it difficult to disable Windows Defender on Windows 10
August 20, 2020
https://www.ghacks.net/2020/08/20/m...lt-to-disable-windows-defender-on-windows-10/

Microsoft is forcing people to use its Windows 10 antivirus software

 

I stopped reading this Tech Radar article when I saw this BS.

This is done automatically, why the user should care?

Microsoft Defender and Windows 10 finally put an end from those dark days when almost all PCs from average users were infected, nowadays it is really hard to find a Windows 10 up-to-date infected.

I dont want this behavior to change, I dont want to see again machines being infected with expired pre-installed Nortons and McAfees alike.


Ps: I guess the Tech Radar "Today's best antivirus deals" is saying enough for me.

 

There are many reasons for this behavior, mainly being the fact that most security forum users are geeks that have security as a hobby and unfortunately Microsoft Defender kills it (no need to buy, tweak or test it).

If people could separate their paranoia needs and their "geekness" they would appreciate more what Microsoft has done in the security area.

Some users are discussing for months that Microsoft Defender lacks a behavior blocker (even when evidence proved otherwise), how "weak" it is when it is offline (this is applicable for almost all products), but we dont see their posting those remarks about other products that are objectively inferior.

The feedback from those users are not actually very meaninful because they have an agenda, this has been happening for years and despite their "hate", Microsoft is doing fine in the security area, the numbers dont lie.

Meanwhile:
Microsoft Defender is sharing the first place with Kaspersky in the last SE Labs test, both had flawless score.

Source:
https://selabs.uk/reports/epp-home-20q2-anti-malware-testing/

 

Just yesterday I was copying files between network shares when Defender decided it wanted to stop the process to delete a file. An old file that was not a threat. I had to shut it down to continue. I don't have time for these things. I was trying to recover data from an alternate backup after a server failure. No hate, no agenda, just another incident of a false positive. If it were any other product I would be making the same complaint. Fortunately most products don't do this.

 

This is a valid complaint, specially if you are a software developer, Microsoft Defender is far from being perfect and some very old and very new files are somewhat problematic (fortunately it doesnt matter for most users).

Anyway, if this happen, submit the file for Microsoft:

https://www.microsoft.com/en-us/wdsi/filesubmission


I am talking about this kind of "user" and if you have time just read some pages before and after that post:

https://www.wilderssecurity.com/thr...windows-10-needs.383448/page-101#post-2858175

 

Even though I manually check for updates twice a day, mine hasn't updated beyond "Antimalware Client Version: 4.18.2007.8" (on 1909 Home), so I've left memory integrity off for now. I'm curious to see how memory integrity performs with my new SSD (that is, whether there's any noticeable slowdown).

 

As the techie who spent many afternoons cleaning up my friends' computers with the expired 30-day trials of 3rd-party AV's, I agree 100%.

 

OK, you're on 1909, but this shouldn't make a difference in what version you are entitled to get, should it? There was another recent Platform update that was silent for me. Here's a snip of the recent versions--the Client is now 4.18.2008.4 and installed itself over a week ago, on August 12, 2004.

Right now, Memory Integrity is enabled and Network Inspection Service is currently running without issues. Expanding the name in Services blocks the Running part.

Spoiler: def vers

Spoiler: nis and memint

 

This is so weird. The latest update for me as of today:


My definitions are actually newer, but I'm still on an older version of the client and engine.

ETA: The WD update site shows Platform Version: 4.18.2007.8 current as of 21 Aug 20, so the newer platform might be associated with an insider build. https://www.microsoft.com/en-us/wdsi/defenderupdates

 

anyone who clicks on a link can, happpened to me when looking for an old programme, multiple malware of diff type the second I clicked link

 

If you have read my posts correctly, you can clearly see that I'm trying to figure out how behavior blocking in Win Def AV actually works, because I can't visualize it at the moment. One of the reasons is that most articles about this subject mention both Win Def AV and Win Def ATP.

What's clear to me is that Win Def ATP is an excellent product and Win Def AV has also been improved a lot. I just prefer local based behavior blocking, I'm not real big on this cloud stuff, eventhough it does seem to be quite effective according to the latest tests. But I still have my doubts, M$ states that "Win Def AV monitors over 500 attack techniques", I would like to see a list of that.

And yes, I will bash on tools if they fail in certain things, I bashed Cyclance when their AI was bypassed, just like I bashed on Avast for being bad for privacy. If Win Def produces a serious false positive then I will comment about it.

Wow, this sounds bad. And I agree, if you criticize a product it doesn't always mean you're a hater. Actually, most products that I comment about on this forum, both good and bad, I don't actually use.

 

Wait a minute, so it never actually offered a way to auto-block stuff? I remember one of my first comments about Win Def ATP was exactly about this, I believe it was 1 or 2 years ago, go figure. I think this is quite odd, you would think that all EDR systems offered this an option.

I don't get it, so you will now only be able to disable Win Def AV if you use another anti-malware product? This would be a problem for me since I haven't actually used an AV in over 12 years LOL. They all suck.