Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

My postings and comments about certificate bypasses were directed to SmartScreen which uses them in its reputation analysis determination.

 

The Bad Rabbit link you posted and further expounded upon in reply #1524 clearly notes that static machine analysis/learning(ML) is being done in the cloud. All the major AV vendors excluding Panda do their static ML locally. They also likewise will upload and perform additional more through analysis on their respective cloud servers as WD does. As such, the major AV vendors do not have to "lock" the executable for more than a few milliseconds which is undetectable to the user.

WD does perform local based signature analysis based on recently detected and prevalent malware.

 

i tried both adguard extension and adguard for windows and none worked for me. i guess you can't inject anything in protected more

 

+1

 

Windows 10 Pro: Windows Defender Application Guard support coming
https://www.ghacks.net/2017/12/21/windows-10-pro-windows-defender-application-guard-support-coming/

 

Oh, sweet joy once again.

VBS/HVCI capable hardware will be auto-detected and VBS/HVCI enabled automatically during clean installations of Windows 10 from RS4 branch and onwards.

As Dave Weston tweets :

https://mobile.twitter.com/dwizzzleMSFT/status/943898254151790592

This is bigger then huge. Microsoft takes security to new heights.

(This are the continuation of the great news from Microsoft mentioned in this post and in this post. )

 

The uninitiated home users will jump for joy.

 

Thanks for the interesting info, this makes it all easier to understand. But I don't believe I misunderstood the post. Fact of the matter is that it took 14 minutes before WD started to block Bad Rabbit via the cloud. This means that local behavior blocking/ML should be improved, to reduce false positives and it should also be able to block malware post-execution, but this can be a bit tricky. So perhaps it's better to leave this to the specialized behavior blockers. But cool to see that WD can already block a lot of stuff with local AV technologies. I don't care for the cloud, any tool can submit malware to some online sandbox and come up with a verdict, that's not impressive to me, you know what I mean?

 

Still can not get it, then again I do not run WD nonstop, I guess that update is just picky.

 

It arrives via a Win Update for WD definitions. If your using a metered connection, you have to manually initiate a Win Update. You also have to have WD set at a minimum to perform periodic scanning.

 

It used to trigger warnings for me on the MS recommended test site (smartscreentestratings2.net), along with others that have been listed in this thread, but now it doesn't. Looking back through my Event Viewer, 22 November was the last time an Event ID 1126 successful block was recorded for me.

The test site still triggers a smartscreen block using the Edge browser. Maybe MS broke something in the recent Defender engine update?

 

this still a heavy resource hog, on my mining rig when downloading blockchains the cpu was ramped at 100% on the windows defender process, the poor cpu is only a g4400 but shouldnt be that heavy on resources. Had to exclude the folder. I then tested with avast, nod32, and emsisoft and none of them had the same resource usage for the same activity. But they all uninstalled now as I decided to do away with a/v on everything except my laptop.

 

Still waiting for applocker tho which is probably more potent than the lot put together.

 

Good god that is bad practice, why on earth have microsoft started doing that,

First of all ProgramData has always supposed to be for non executable files, its the admin location of AppData basically which is also not supposed to host executables.

But to then give each new binary its own unique path will create havoc on firewall's, dont know what is in developers heads at times.

 

yeah SRP is buggy, but its what we got since MS refuse to unlock applocker for non enterprise users

 

I am running Windows 10 Pro v1703, and I have got it. I guess you are unlucky to not have it, yet. I have it running continuously.

 

Is it possible that PUA registry tweak degrade system performance?

 

Did you check System Performance without the PUA Registry Tweak?

 

Tested today with Chrome and Firefox latest versions. The test page was not blocked here. Can anyone else check?

Confirmed here also.

#1468

Edit: Also here - #1472

Thanks.

 

Works fine for me with Firefox 57.0.3 and test page blocked succesfully.

 

Thanks. I tested on one machine and it works but not this machine for some reason. It used to.

Does anyone know why it isn't working or how I fix it, preferably without reinstalling Windows?

I have re-entered the cmdlet:

Code:

Set-MpPreference -EnableNetworkProtection Enabled

... but no joy
Maybe @Martin_C ?

Thanks.

 

I should mention I have Windows 10 1709 Home Edition. If anyone knows how I can check that Network Protection is enabled, or another way to enable it I would appreciate it.

I have downloaded Policy Plus but I don't know how to use that do check or enable Network Protection.

Thanks.

 

I have Windows 10 Home Edition too and i used Windows Powershell to enable Network Protection.

Copy this Get-MpPreference into Powershell and from the list that opens check if "EnableNetworkProtection" has number 1 behind it then it's enabled.