Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Ok, so I downloaded the free copy of O&O Defrag from this thread:
https://www.wilderssecurity.com/threads/o-o-defrag-20-professional-edition-giveaway.405613/
This is also being blocked by Windows Defender. This file was digitally signed in March by O&O Software. I'm starting to get upset... I'm hoping Microsoft put out a bad Windows Defender update today. Otherwise there isn't much excuse for the day I am having with it.

Edit-Just updated. I can run the file now.

 

Which is why I am no longer using Windows Defender.
https://www.wilderssecurity.com/thr...e-files-as-trojan-win32-bluteal-b-rfn.405474/

 

Why not just let windows manage/defrag drives? Are standalone defrag programs a remnant form the 90s? I have not used one in probably over 10 years, especially since tests at the time show zero improvement to performance.

 

Not wanting to get too far off topic but I have some external drives I would like to optimize and when the price is free it does a much better job than Windows. My system drives are SSD, so no point there.

 

Does WD have quarantine?...so people can get it out

 

It has quarantine, but sometimes the new, advanced protections just zap it and fail to put it into quarantine. Then you need to take the missing file from your mounted system image.

 

Microsoft Resumes Delivering Windows 7 Defender Definition Updates After 2 Weeks
July 5, 2018
https://www.bleepingcomputer.com/ne...-7-defender-definition-updates-after-2-weeks/

 

In the latest Insider Preview build, Windows Defender Application Guard can be configured inside the Security Center

Source: https://blogs.windows.com/windowsex...ncing-windows-10-insider-preview-build-17713/

 

With the upcoming RS5/1809 branch, Attack Surface Reduction rules becomes available to everyone, with easy enabling in the Windows Security app.

You already know how powerful the ASR rules are, so I'm sure you will agree that this is a big step forward once again.

I very much like Microsoft's approach to this. Build new powerful features, let researchers hammer at them to find areas that needs further strengthening, spend time further refining them and when ready for mass adoption, then include the features one by one in the Windows Security app for easy access and control thereof.

We have seen it with the Block at First Sight feature that has been massively improved with every new branch released, for many branches in a row now. 1803 expanded its reach to now also include non-PE files.

And with RS5/1809 we see ASR rules becoming available in the Windows Security app.

And as already mentioned in thread, RS5/1809 will also bring easy access to settings for Windows Defender Application Guard right there in the Windows Security app also.

So much power available without anybody having to jump through hoops to enable it. I love it !!

 

I have no idea if the soundcard you mention are recent or antique. (didn't look it up, since I'm on mobile right now with the nearest celltower so far away that each packet arrives by pigeon)
But driver guidelines has been available from Microsoft for ages now.
So if Creative Labs still haven't produced any drivers that are compliant and the hardware are recent of course - then your best option are to be persistent and continue asking Creative Labs nicely for new drivers.

This is 100% a hardware vendor issue - they need to stay current and provide drivers that are capable of functioning on a modern secure OS.

 

Yes, it does sound like a good approach.

 

It's great.
Easy access to powerful features without complicated options, and a lot more users are comfortable using it.

A similar thing can be seen with Andy Ful's great tool, ConfigureDefender available on GitHub
Although all the most powerful settings of Windows Defender, ASR rules, Network Protection and so forth are easily accessible through GPO/PowerShell, then a lot more users will use it when manageable through a UI.

So Microsoft's approach with making more features and their settings available in the Windows Security app will be welcomed with open arms

 

March-April 2018 test results: More insights into industry AV tests.

Much more in blog post here :
https://cloudblogs.microsoft.com/mi...results-more-insights-into-industry-av-tests/

Also download the complete transparency report on March-April 2018 AV-TEST results here (PDF) :

Code:

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA

 

This is cool and all, but can they also explain why they failed to classify 31 samples (user dependent) as malware in this test?

https://www.av-comparatives.org/tests/business-security-test-2018-march-june/
https://www.wilderssecurity.com/thr...ntivirus-that-windows-10-needs.383448/page-74

 

Impressive. Not enough to get me to stop buying paid products... yet. They may get there.

 

Protecting the protector: Hardening machine learning defenses against adversarial attacks.

Much more in blog post here : https://cloudblogs.microsoft.com/mi...earning-defenses-against-adversarial-attacks/

 

Slides from Jugal Parikh, Holly Stewart, & Randy Treit's talk - "Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks" - at Black Hat USA 2018 are now available.

Slides can be downloaded here (PDF) :

Code:

http://i.blackhat.com/us-18/Thu-August-9/us-18-Parikh-Protecting-the-Protector-Hardening-Machine-Learning-Defenses-Against-Adversarial-Attacks.pdf

Absolutely amazing work Microsoft has been doing to make machine learning models more resilient to adversarial attacks and on how ensemble models can catch malware that singular models can't.

 

Encouraging to see that Microsoft is finally embracing technology other AV vendors have been using for over 20 years:

https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/

 

Microsoft is or has been creating *funny* restore points. See: https://www.tenforums.com/antivirus.../115488-defender-update-frequency-normal.html
This is what I see in CCleaner:

 

Did they really have any other choice? It's a great cover for their spying racket

 

Windows Defender updates? I see the same thing on a PC that uses Defender, and not on one that doesn't.

 

Microsoft: 5 tips for developers to reduce malware false positives
Digitally signing files and keeping a good reputation are among the best practices Microsoft lays out for developers.
August 17, 2018
https://www.techrepublic.com/articl...developers-to-reduce-malware-false-positives/