Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Just as I suspected. Fast Startup is one of the worst things they have ever come up with. At least it appears they no longer enable it with the 1809 update as they have done in the past.

 

Guys, this so-called bug just means that you need to do a one-time reboot after changing system settings. I am sure you all do that anyways, it is very well known that you need a full reboot for some of the system settings to change properly.

 

Any problems or pitfalls in running Defender in sandbox mode?

 

Yeah. It might not work right. It needs a lot of testing.

 

Running good here

 

It ran great on my system, too, when I tried it out, but how can we know whether it provides the same level of protection? That's the problem. It needs testing. Some people are reporting problems with protection:
https://malwaretips.com/threads/win...now-run-in-a-sandbox.87669/page-2#post-773459

 

I'll want to see a lot more expert(industry/user) opinion on WD and benefits of sandboxing an AV before I turn off my existing AV setup. I've run Avast + Malwarebytes in tandem for years and the worst I've experienced is the odd PUP threat so I'll need to be certain before I set aside this effective comfort blanket!

 

I just did some of those test at random on chrome
seemed okay here
One file dnldd but wouldn't allow to run
So have to see

 

Google Project Zero's James Forshaw (aka Chrome sandboxing wizard) pointed out the potential for some bypass potential with the Defender sandbox mechanism. Keep in mind that the bug report linked below is older, from 2017. Therefore just an example at the moment. However, he hints at this being a possible avenue for bypassing the sandbox. I imagine he will be digging into this further.

Link: https://twitter.com/tiraniddo/status/1059680151330525185

 

The latest Transparency report - Examining the AV-TEST July-August results - are now available.

It can be downloaded here (PDF) :

Code:

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2IL3Y

 

I've set mine up to block potentially unwanted apps as well

 

How do you put up with Windows Defender? GRRR
I just found out that it silently detected and deleted 5 to 6 files on 06.11 and 08.11, without telling me anything at all!
I also found suspicious entries in the run folder in the registry: "C:\WINDOWS\SysWOW64\conime.exe.exe" and another one I deleted before copying/remembering. The files weren't there anymore and Defender never deleted them. So what do I know what happened?!

Good thing is, I appear to be clean. HitmanPro doesn't show anything and Defender does not do either, of course. (anymore)

Worst thing is, they were all in the temp folder and the names don't have any information attached to them that could help me identify WHAT PROGRAM IT EVEN WAS THAT CREATED THEM! I could have been able to identify it, if only Defender told at the exact time of detection!
It was obviously one of these search programs I tested because I needed to search something in a billion source code files. But which one? Impossible to know...

These files, some were installers, were allowed to be downloaded and run by me. They created malicious files in the temp folder and some were even allowed to run - as it is visible by the registry entries. But then they were silently deleted. What kind of protection is that? I don't think they were zero-day malwares either. The programs are all quite old.

Not only that, but a few days ago I tested my PC with Emsisoft, ESET, Malwarebytes, and HitmanPro within like 2 to 4 hours. Now I am running a Defender scan (for other reasons) and this alone takes 5 hours! Bullc*ap!


This is the last time I gave Defender a chance. I go back to KFA.

 

This is strange. Just scan my PC with Windows Defender this morning, it took about 20 minutes...

 

@_Nikopol

check its notification settings...

 

If you're talking about "Quick Scan", mine take about 5 minutes! Deep scan a few hours.

 

I already installed Kaspersky and can't see them anymore. But I used ConfigureDefender a while back and there should be no reason that they were deactivated - except when Microsoft chose to do so per update!

 

The first thing I noticed with Windows Defender, is some application take much longer to load. A non starter for me.

 

If you used ConfigureDefender, or you otherwise enabled ASR, that's why.
One or more of the ASR rules will silently delete files. Not sure which one it is, but it happened to me a couple times.

 

so how was False Positive Friday been for you guys? eventful i assume

 

Was there a problem with FPs I don't know about?
This week at work, we had problems with our remote desktop software, being quarantined by WD and MSE. Were there other problems with FPs?

 

WD has FP problems with everything, everytime.
Check what happened with Voodooshield, even after Microsoft claimed the FP is fixed, it was still not fixed.

 

42 sec for quick scan here
39 min 13 sec full scan

 

Those configure defender and asr enableable rules look pretty radical
glad I didn't go that route

 

I guess... why does it do that? Nobody wants that. I can't find a setting that even sounds like that, except maybe 'hide the whole defender'.

Anyway. I'm glad I decided to just move away from this trainwreck. Why would you even need ConfigureDefender just to make it easier, or possible itfp, to change important settings. I can't stand it anymore. Gui-garbage.