Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

I noticed the same behavior a couple of times lately, not from Windows updates per se but from Microsoft Defender app. Tried to resume its virus definitions update manually to no avail, Defender just refused to update.

At first I thought it was some nasty that slipped in which messed security settings or something like that. Strangely enough, on both occasions, it took a couple of restarts and files system checks to make updates work again. I also ran a thorough malware check with other av solutions that were smoothly.

 

Well my grandma doesnt download any programs, she calls me when she needs something. She downloads videos movies or watches online but not programs. So she cant have caught a virus. She might be bad with pcs but shes like those women defensive drivers that drive with 30 km/h on the highway cuz they're afraid, they're never gonna be speeding, so she cant have caught a virus. Its just smth with windows 10 being a piece of ****

 

Its for sure got better, but still has performance issues, long pauses saving cmd files, loading executables etc. Needs to cache the result once scanned once for instant open.

Also there is no way to keep real time scanning off now, it auto turns back on, even with group policy.

 

Well, what is a bit concerning to me is that in the IObit attack they could apparently easily add certain exclusions to Win Defender so that the ransomware could run freely. So then I wonder how good the behavior blocker really is. Also, why are the advanced options from ConfigureDefender nowhere to be found in Windows 10?

 

I haven't seen any major performance issues but I guess it depends on certain activities. And realtime scanning can only be disabled by certain third party tools from what I understood.

 

Got an update to the Antimalware Platform just now: KB 4052623 which changes to version 4.18.2101.9. No changelog yet.

Spoiler: defender latest ver.

 

12-year-old Windows Defender bug gives hackers admin rights

https://www.bleepingcomputer.com/ne...dows-defender-bug-gives-hackers-admin-rights/

 

https://labs.sentinelone.com/cve-20...escalation-vulnerability-in-windows-defender/

Sentinelone labs talked about the same issue. This is why you need something to supplement your stand alone solution.

 

For me keeping your system updated is more important than supplemental protection. Of course it doesn't hurt unless you over-armour your protection.

 

Agree

 

Got a strange request and maybe this isn't the place to ask... but for those of you with the latest Windows Defender Platform, 4.18.2101.9-0

Could someone tell me the hashes of the two files "mpasdesc.dll.mui" and "mpuxagent.dll.mui" in their "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\en-US" folder? Thanks in advance.

 

mpasdesc.dll.mui: 4b4eedcf797e8ba480dc6b10b1c718c1344cbc164debe842daa9de7e3f098b69

mpuxagent.dll.mui: edbfa4e369530fc757829df106c92e17e535f4cc8d4cf5e51fc3a093e092fed6

 

@Special: Don't know what hash you want, so here are several.
Both files have modifed date 12/14/2020. I installed this defender today.

mpasdesc.dll.mui
md5: 7cd77ae81d0c3c8886e9955a411b3c74
sha-256: 4b4eedcf797e8ba480dc6b10b1c718c1344cbc164debe842daa9de7e3f098b69
sha-512: bf411d804d21e7d90c677e355853b7081dd0b69fec3dc11169f9f42601a543659bb3db859ce11e0c961468d84b7efc723d959f824b26cfca4e5bf628ef0039f7

mpuxagent.dll.mui
md5: 217d6af9bf9a5e0b5065f1225044a23b
sha-256: edbfa4e369530fc757829df106c92e17e535f4cc8d4cf5e51fc3a093e092fed6
sha-512: 0fd69bb7315ac540686acc071a03d5a07f85b93f87ca4f558c5a13285ff738723f59d3f8066ac3f37891a19fe4b2ec9c3cbdd502d8380e563be3155f80d1da2f

 

@act8192

Weird mine are different...

mpasdesc.dll.mui sha-256: 329A646318BEDC7534B2A20C2906ED9F0907726F7E761DF14B07B77771CA7A2D
mpuxagent.dll.mui sha-256: AC5854111729AA99E837DEE9DB29B72493F45A09CF1D2DB1F8D62F73AA98FC2D

Do others, have matching hashes like act8192 has?

 

@Special

mpasdesc.dll.mui sha-256: 4b4eedcf797e8ba480dc6b10b1c718c1344cbc164debe842daa9de7e3f098b69

So same as act8192 & plat1098

 

mpasdesc 4b4eedcf797e8ba480dc6b10b1c718c1344cbc164debe842daa9de7e3f098b69 /Dec..11, 2020
mpuxagent edbfa4e369530fc757829df106c92e17e535f4cc8d4cf5e51fc3a093e092fed6 /Feb. 11, 2021

@Special, can you post the "About" info?

 

@SouthPark

Here: https://i.imgur.com/d72iIlY.png

I'm also on 1909 if that makes a difference...

Lastly, I don't suppose one of you who has matching hashes would be willing to to send me those two files in a zip or something would you?

EDIT: And if you're wondering, there was some merging of files going on while cloning some system files to another, and "4.18.2011.6-0" the previous platform's en-EU files got put in the new one "4.18.2101.9-0" instead, lol oops. No harm seems to have happened as Defender works and look normal, but I'm not sure what to expect...

 

@Special, that's the same client and engine version I have, though I'm on 20H2. It sounds like the files from the 2011 folder overwrote the ones that should be in the 2101 folder. It might be worthwhile to run sfc /scannow from an elevated command prompt to see if it finds anything wrong.

 

BTW, does the engine version only gets updated via Win Update? Or does it also gets updated when you manually update AV definitions?

I disagree, updates are important but can't protect you against zero days. So in my view, security tools that complement each other are more important.

 

Hey Rasheed--I've updated both via the regular WU and Defender's UI. That did have me wondering, though, that if you have Windows Update compromised or disabled, if you could still update Defender and its components via the Defender UI? A quick online search didn't give me much info there. More along the lines of: manually updating, like via the Catalog.

I wonder why they can't function independently.

 

Well, I got the patched Malware Protection Engine version 1.1.17800.5 before this months updates were installed, so I guess it can update the engine independent of WU, but the 4.18.x is the version of the program itself, not sure if that can be updated without WU.

 

I have my connection set to metered (yay, 1 Mb hotel WiFi), so neither Windows 10 nor WD auto-updates. I check WD manually for updates 1 or 2 times a day, and the engine and client updates occur normally along with the definition updates.

 

That's why I use Andy Ful's excellent open-source Hard Configurator to enforce some additional defenses such as SRP. I also use Quad9 DNS, and malware filters in uBO. Layered security is best, as long as the solutions don't conflict.

 

Yep, me too.

 

You don't even need that function>>>

https://i.imgur.com/83h2tH2.jpg