Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
  2. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    I guess you meant 1709 FCU, but I agree. The Fall Creators Update runs perfect here and the update was silky smooth.
    Took one of the non-insider pcs yesterday and hit Update. ~3 minutes to download it, ~7-8 minutes initializing, 18 minutes to update and then the one minute "Getting apps ready".
    Then less then 5 minutes to download, initialize and do the update from 16299.15 to 16299.19
    Perfect.
    Then 15 minutes to go through the new security features.
    And life is good. :thumb:
     
  3. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    In Fall Creators Update, there have been added even more knobs to Windows Defender and there are now two even stronger levels.
    Now we have :
    - Default blocking level.
    - High blocking level.
    - High+ blocking level.
    - Zero tolerance blocking level. (that blocks all unknowns)

    I use High+ on one of my own so far. The remaining of my own pcs will probably be on Zero tolerance and family and kids pcs will definitely be on Zero tolerance. :thumb:
     
  4. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    Comodo's default-deny approach? :eek:
    Any link to read about this setting?
     
  5. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Tnx :thumb:...something else?
    wd.png
     
  6. x ZauX x

    x ZauX x Registered Member

    Joined:
    May 8, 2010
    Posts:
    139
    Is this new? It's under /windows defender exploit guard/network protection
     

    Attached Files:

  7. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    Last edited: Oct 18, 2017
  8. plat1098

    plat1098 Guest

    gpedit, hence the additional protection features, is only available in paid Windows versions. Home version doesn't have this functionality.

    windefgpedit.PNG

    Edit: I just noticed I reached 1000 posts here. What the heck have I been talking about, lol?
     
  9. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
  10. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Yes, my bad :D
     
  11. plat1098

    plat1098 Guest

    Wow, OK. I looked at the link you provided, typed "gpedit.msc" in run box like before and Windows couldn't find it. Tried to see how to join Advanced Maps in Windows 10 Home but it doesn't seem possible, unless I'm not reading something properly. It would be great to beef up the basic Defender here; I have Pro on the other and would not install any third party "antivirus" security there, it's that sophisticated. :)

    If anyone has something to enhance Defender in the Home version, please step forward. :)

    Edit: Aiiii! Never mind, didn't scroll down far enough, I see it. OK, let's try it!
     
    Last edited by a moderator: Oct 18, 2017
  12. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    I found also that I can configure and specify the interval to check for definitions updates now :thumb:
     
  13. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Update, like this:

    update.png
     
  14. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    What's the difference between the blocking levels? ;)
     
  15. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Also remember the four features in Windows Defender Exploit Guard : Exploit Protection, Attack Surface Reduction rules, Network Protection and Controlled Folder Access.

    Exploit Protection and Controlled Folder Access you can set up directly in the Windows Defender Security Center UI.
    Attack Surface Reduction rules and Network Protection needs to be configured through Group Policy or PowerShell.

    A real world example of Attack Surface Reduction rules blocking a exploit from being able to use a vulnerability in the critical time up until a patch becomes available :
    https://blogs.technet.microsoft.com...t-for-cve-2017-8759-detected-and-neutralized/

    Success !! :thumb: Definitely remember to set up these.

    All information on setting everything up are on Microsoft Docs, which explains everything in great details.
    You will find the official Microsoft links in the post here
     
  16. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Yes, you can tailor the update settings exactly to your needs.
    There are also settings for update source, boot time update and much more.

    Windows Defender are extremely configurable. I have so far never found myself in a situation thinking "why can't I do that?". Because all settings needed are right there in Group Policy / PowerShell. :thumb:
     
  17. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    No vendor - first-party or third-party - are going to publish information about their engines internal logic, since the bad guys reads along on the internet also.
     
  18. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    https://docs.microsoft.com/en-us/wi.../policy-csp-defender#defender-cloudblocklevel
     
  19. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
  20. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    No problem, I think your statement was correct :)
    The link I posted just gives a basic answer, while a more detailed one is probably not available for the reason you mentioned :thumb:
     
  21. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    It would be nice to see a test to compare the 4 blocking levels :)
    Let's poke @cruelsister about this ;)
     
  22. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I would like to see all that settings in one place (aka Windows Defender) not so much hidden in GPE...if not for Home user then for PRO.

    BTW: where can I find "Attack Surface Reduction rules" (in GPE)?
     
    Last edited: Oct 19, 2017
  23. Mattchu

    Mattchu Registered Member

    Joined:
    Nov 8, 2008
    Posts:
    72
    Location:
    UK
    So basically a lot of the settimgs that were in Emit are now available and used by Defender. Look under "App & Browser Control" -> Exploit protection settings -> You`ll see System settings [which all but Force randomisation for images (Mandatory ASLR) are on by default, that requires a re-boot if turned on.
    Then if you go on System settings you see a whole load list of processes, select one, say svchost.exe and you have some setings already applied but most not, things like Block untrusted fonts [a pretty good one because as we know NT runs fonts in kernel mode]

    Anyway, plenty of extra settings to try and test, not sure why Edge/EdgeCP isn`t in there [maybe because that already has certain sandbox restrictions]...

    Careful what you change [write it down], it could have undesired affects
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Not sure whether to post this here or on MB thread.

    Starting with FCU, my WD is showing a red cross, Security Center Virus and threat protection says: Malwarebytes is installed as an antivirus provider. Malwarebytes is off and your device may be unprotected.

    It is installed but set not to start with Windows, and no RT components enabled. I only run it on-demand. MB Windows Action Center settings are set to 'Let MB apply the best Windows Action Center settings based on your system (recommended)'.

    CP>Security and maintenance shows MB and WD (which has Periodic Scanning On only) as 'Off' and correctly shows EAM (my primary antivirus) as 'on'.

    How do I get rid of the red cross? Reinstall MB3? Set MB Windows Action Center settings to 'Never register ...'?
     
  25. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    I responded in the MB3 thread before I saw it here.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.