Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Thanks - Good to know - I have ZAM running on all my machines right now.

 

I tried with ZAM a couple months ago -- maybe they resolved the conflict since then?
Do this: enable core isolation, and if it turns off again after a reboot, then you know that there is a conflict somewhere.
This test will not work with Kaspersky, though, because it is only a conflict with certain modules.

 

That's a very civilized conflict resolution - I'll have a look sometime, but I'd be shocked if anyone has worked on it

 

I get the same result - it is back to "off" after reboot

 

Does Windows Defender detect PUPs now or do we still need to add this reg entry to enable PUP detection?

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
"MpEnablePus"=dword:00000001

 

I'd like to know about, too.

 

Hi shmu26,
Basically you have to look at it like this - if you have third-party security products that causes errors with core isolation, then such products exhibit a behavior in kernel space that you really don't want.

(And highly likely - such products will probably not run at all in a not so distant Windows 10 development future, unless such third-party products starts following the development guidelines from Microsoft.)

 

Hi Phoenix,
Windows Defenders PUA/PUP detection has increased substantially even in default configuration.
However if you want to get the full PUA detection capabilities, then you will still need to enable it.

But don't use the old registry method.

Just run this in admin PowerShell :

Code:

Set-MpPreference -PUAProtection Enabled

 

Microsoft has apparently made so many improvements in their AV. But they can't add a simple PUP setting...

 

And speaking of easy access to settings, something that makes everybody happy, here are some excellent news :

With upcoming 1809, settings for Edge running in Windows Defender Application Guard will be easy accessible in Security Center.

Link : https://mobile.twitter.com/dwizzzleMSFT/status/1007315731640250368

No more need for GPOs for this feature. Easy for everybody.
I love it.

 

M$ doesn't want to make all the power settings of Windows Defender easy to access, because then it will be harder to sell their paid security packages.

 

If they do so, all the vendors marked as PUP would scream about "unfair competition"...

 

That's true.

 

AV-Comparatives has published chart and report for their Real World Protection test for May 2018.

Testing on Windows 10 Pro 1709 x64.

Chart : https://www.av-comparatives.org/com...=2018&chart_month=5&chart_sort=1&chart_zoom=3

Report : https://www.av-comparatives.org/tests/real-world-protection-test-may-2018-factsheet/

Report (PDF) : https://www.av-comparatives.org/wp-content/uploads/2018/06/avc_factsheet2018_05.pdf

Microsoft doing very well.

 

This is good to hear. For the past month or so, I have been using WD on my home pc.

 

Defender generally scores well, but someone recently posted a test that focused on ransomware, and Defender did not shine in that area -- so IMO it is worthwhile to enable the advanced ransomware protection, configurable by Group Policy or Powershell.
https://docs.microsoft.com/en-us/wi...-exploit-guard#attack-surface-reduction-rules
(To do it by GUI, use Andy Ful's Hard_Configurator or ConfigureDefender tools, available on Github).

 

What paid security packages from Microsoft are you talking about?

 

Advanced Threat Protection
https://www.microsoft.com/en-us/windowsforbusiness/windows-atp
It's not for home users, and it does not fit the budget of home users, either.

 

Indeed, which is irrelevant to talk when concerning home users version.
Like if you praise an endpoint feature to promote the brand when the home user version don't have it...just BS.

 

This has nothing to do with security but i put it there if anyone have this hardware.
I know that if u have creative x-fi soundcard pci or pcie dont work with core isolation on.

 

Controlled folder access says it protects "memory areas", too. Is this something new?
I seem to be getting a lot of alerts about blocked memory access lately, and I don't remember that happening before.

I am also wondering whether I should trouble myself to make exceptions for these "blocks", or just ignore them unless I see obvious breakage. It is common for processes to make certain kinds of random memory accesses that don't help and don't hurt, so I am wondering whether this is the case here?

 

Windows 7 Defender won’t receive updates (June 2018)
June 29, 2018
https://borncity.com/win/2018/06/29/windows-defender-wont-receive-updates-june-2018/

 

Sounds interesting, I would like to know more about this too. Perhaps they have tried to harden it against ransomware.

 

Running WD on Windows 10 at work... opened Visual Studio for a simple test program. A text box, a progress bar, a message box. Clicked the run button in Visual Studio. Cannot access file. Deleted by WD. The test program does not interact with the registry or any files. False positives on files created by other Microsoft products... I don't like it. I hope they don't move to the Norton approach of deleting ANYTHING it does not recognize. This is why Norton and Trend Micro are now banned from our production development machines. I hope I don't have to do the same with WD. It is a lazy means for "detecting" malware and I'm running out of options. I excluded the entire project folder. Works now but shouldn't be necessary.

 

With all the data Microsoft collects and their A.I. algorithm, I was hoping Microsoft would be able to deal with false positives. It appears that isn't the case.