Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    It is a good advice for any AV used as the sole security layer. I had Kaspersky I.S for a year and Avira Pro for 12 years and I never relied on their high detection records, any AV can fail. A backup solution that works, is the real backbone of a security/contingency system, on the other hand too many layers might create conflicts or slowdown performance without significantly improving your security...
     
  2. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    100% in agreement. I have argued for years that the only real AV protection is not to be found in AVs but rather in daily backups. Relying solely on AV efficacy without a backup routine is really very foolish.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, it would be cool if felt more like an AV when it comes to the GUI. And I assume that if you disable realtime protection, it won't scan all files automatically anymore, so in theory the system should run faster, but I still need to check it out.

    Also, how does Win Defender updates itself when it comes to malware signatures? And I have disabled the cloud delivered protecion, but I'm guessing this will reduce WD's detection rate, so probably not a good idea.

    https://www.digitalcitizen.life/windows-defender-gets-cloud-protection-windows-10-how-turn-it/
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    It checks via Windows Updates, if that's what you're asking. BTW, I consider Defender as nothing more than a secondary layer in my security approach. I do think it does a pretty decent job though of detecting malicious files, especially combined with Windows Smart screen. The main issue I have with antivirus solutions is there's no absolute way to accurately detect and stop malicious data; there can be false positives and/or missed detection of zero days or even slightly modified older malware.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks, this would mean that Win Def AV is no solotion for me, since I have disabled Win Update. I will only try to install patches for high risk security bugs. But is there an "update WD" button, how exactly do you know when WD is being updated, and what if you use the "cloud protection", I guess signature update is then no issue?
     
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,624
    Location:
    USA
    If you have entirely disabled Windows Update then WD if not for you. I would not even attempt to work around that fact. Use something that can freely update without restrictions.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    There is a way to check for signature updates from the WD interface, but it utilizes svchost to connect to MS servers to check for the updates. I know this because I use my firewall to restrict svchost. As @xxJackxx mentions, you may as well look for something else if you have Win Update disabled.
     
  8. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    ditto. @Rasheed187 you might give ksc free a try.
     
  9. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    How can a home user set Windows Defender to max?
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  11. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
  12. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    Like I said, WD gets a high detection rate, but unless you use configure defender with the "max" preset or the "high" preset it's just not that great. It's just a basic scanner with a locally stored database and a connection to the more up to date database in the cloud.

    A cloud based database is a neat idea, but it's not that great unless your internet connection is super fast and/or you also set the cloud check timeout to be really long.

    I also have noticed that WD will take several seconds to quarantine a positive detection and clearing the quarantine is also a barrage of notifications from the UAC and that also takes several seconds to delete something from the quarantine for some reason. Whereas almost every other security product can do those things instantly with no hassle.

    WD is the only product I've ever seen that needs the user to go out and get a third party tool to properly configure it. Advanced settings in pretty much every other security product are right there for the user to see.

    And I don't know if this is still the case, but WD will sometimes randomly ignore scanning exclusions the user sets.

    For these reasons I don't understand why there are so many people who say it's "the best solution" and "the only thing you'll ever need" Speaking to that second one. It's clearly not the only thing you'll ever need, at minimum, you'll need configure defender too.
     
    Last edited: Dec 16, 2020
  13. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    Voodooshield is a good supplementary product for pretty much every standalone. I was told by the maker of VS that WD is the most commonly used standalone to run along side VS.
    No realtime scanning at all just application whitelisting and protection from scripts and command lines.
     
  14. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    No, sorry I disagree completely, anti-executables are the most troublesome programs ever, one always has to check what they block and it is usually good programs and operating systems executables. Nothing specifically against VS, I've tried many over the years and they've only created problems, no exceptions. But hey, if it works for you, and gives you peace of mind go for them...
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    For beginners, anyone not really understanding what they're doing, anti-execuatbles will be very troublesome, even potentially locking the user out of their O/S. However, with some decent level of understanding in hand, they are incredibly powerful tools at stopping malware in its tracks. In my Windows 10 Pro setup, I generally allow executables under the following directories:

    Code:
    %SystemDrive%\Program Files
    %SystemDrive%\Program Files (x86)
    %SystemDrive%\WINDOWS
    %SystemDrive%\WINDOWS\System32
    %SystemDrive%\WINDOWS\SysWOW64
    The following are directories that malware might target, so I place tight surveillance on them, allowing only what is required:

    Code:
    C:\Intel\*
    C:\Drivers\*
    C:\Users\username\AppData\Local\Temp\*
    C:\Users\username\Documents\*
    C:\Users\username\Downloads\*
    C:\Users\username\Desktop\*
    C:\Users\username\Windows\Panther\*
    C:\Users\username\AppData\Roaming\Microsoft\Templates\*
    C:\Windows\Temp\*
    C:\Windows\Temp
    C:\Windows\tracing
    C:\Windows\Registration\CRMlog
    C:\Windows\System32\FxsTmp\*
    C:\Windows\SysWOW64\Tasks\*
    C:\Windows\tracing\*
    C:\Windows\SysWOW64\com\*
    C:\Windows\System32\spool\*
    C:\OneDriveTemp\*
    C:\ProgramData\*
    These are a few examples of where you might want to keep tabs on a browser such as Firefox:

    Code:
    C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\extensions\*
    C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\storage\temporary\*
    C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\gmp-widevinecdm\*.*.*.*\*
    I don't necessarily do things perfectly, and I may still need to apply some fine-tuning, but I've seen enough evidence to know that nothing unauthorized so far gets past my ant-executable's defences.

    I've also applied numerous points of system hardening, mostly via Group Policy settings.

    I don't trust Windows Defender to get things right all the time, so that's why it forms only the secondary layer of my security setup.
     
    Last edited: Dec 16, 2020
  16. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,156
    Location:
    Canada
    Well nobody said it was perfect, but it provides more than adequate protection if you choose not to use a 3rd party program which may also cause issues.
     
  17. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    That's a great list of directories to protect on Windows. Personally I think Windows Defender is fine and Microsoft has done a great job improving it. I like using native Windows protection if possible and as you know wat I was a big user of Applocker at one time. But I'm also a longtime Comodo Firewall user, I prefer using that along with Windows Defender as second layer in my security setup.
     
    Last edited: Dec 16, 2020
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks, then I will simply stop using Win Def. BTW, I'm using Win 10 1909, it's from last year, so I'm guessing I will be able to disable WD without any problems, with the help of certain third party tools.

    Thanks for your feedback, I was also wondering about this. However, WD always scores pretty good in the latest AV tests. So you're saying it's probably because of the cloud? And what do the "max" and "high" settings exactly do?
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'm guessing you mean Kaspersky? But no, I'm not really into AV's, I believe I can stay safe without them. Win Defender seemed cool though, too bad I won't be abe to use it, since it relies on Win Update. And BTW, I have now disabled it, but I'm not sure if I see any better performance on my laptop, need to test it a bit more.
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    I was also a huge proponent of Applocker, but it's only available in Enterprise Windows 10. I'm using CFW free as the primary layer, with a "two-pronged" defence: HIPS at Paranoid mode and Autocontainent, a few custom rules, against anything unrecognized or malicious. This might seem like overkill, but they work seamlessly together and either one should catch a malicious attempt in case the other misses. BTW, pop-ups occur very rarely after the first few days.
     
  21. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    620
    Location:
    Belgium
    See information on this site :
    Windows 10 Defender's hidden features revealed by this free tool (bleepingcomputer.com)

    According to the ConfigureDefender's documentation, the three templates have the following descriptions:

    DEFAULT: Microsoft Windows Defender default configuration which is applied automatically when installing the Windows system. It provides basic antivirus protection and can be used to quickly revert any configuration to Windows defaults.

    HIGH: Enhanced configuration which enables Network Protection and most of Exploit Guard (ASR) features. Three Exploit Guard features and Controlled Folder Access ransomware protection are disabled to avoid false positives. This is the recommended configuration which is appropriate for most users and provides significantly increased security.

    MAX: This is the most secure protection level which enables all advanced Windows Defender features and hides Windows Security Center. Configuration changes can be made only with the ConfigureDefender user interface. The "MAX" settings are intended to protect children and casual users but can be also used (with some modifications) to maximize the protection. This protection level usually generates more false positives compared to the "HIGH" settings
    and may require more user knowledge or skill.
     
  22. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    Yep sucks that Applocker in only Enterprise. Oh well CFW is a great alternative. Oh I thought you changed HIPS back to safe mode?
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    I did but decided to go back to Paranoid, with a different, less aggressive approach on the HIPS defence. It's honestly taken me several months to get a thorough understanding of how the program works. It's rather complex, but when utilized properly, incredibly powerful against unauthorized file modification and execution. I do have greater restrictions applied to web browsers and other internet-facing applications, as well as MS Office apps.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  25. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    yeah. i see. but let me tell you this. if you don't want to use a 3rd party av sw, then i don't see any reason why you would disable ms defender. you don't want to mess around with it? fine, just leave it be.you won't feel any difference. aamof, disabling it might have a negative impact on your system's performance.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.