Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Now I am eating my words. Kaspersky Security Cloud Free finished its full scan, and deleted a bunch of Excubits files, and one from Brave beta browser. :(
     
  2. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    “He that is without sin among you, let him first cast a stone" [John 8:7] :argh::argh::argh:
     
  3. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    310
    Location:
    USA
    I assume it is not true but want to verify. A review of Windows Defender stated Windows Defender only works with Microsoft products while other AVs work with all browsers and mail readers.
     
  4. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    What they mean is if you use the Microsoft Edge browser, the download will be scanned by Smartscreen as soon as you download it. But if you use a different browser, it will not be scanned by Smartscreen until you execute it.
    Doesn't really matter, because if you are not using Edge browser, and you are using Chrome browser instead, then Chrome will scan it at the moment of download. Then, you get two scans, instead of one.
     
  5. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Except when you download into C:/users/shmu26/Downloads. Then it will at least scan upon visiting the folder.
     
  6. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    310
    Location:
    USA
    Does Windows Defender have a behavior blocker component in it?
     
  7. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    It has behavior monitoring. I guess that is the same.
    Edit: https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/
    It's in the middle of the page.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Note this reference is for the Enterprise subscription based extension protection for Windows Defender.

    The base Windows Defender product does have some behavior monitoring capability but it is not as comprehensive as WD ATP.
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    It's personal preference what you use with Kaspersky. Maybe disable Real time monitoring in WD but keep its other protection options enabled. I use Software Restriction Policy, but only as a blacklisting approach, because I found the preferred whitelisting approach broke my wireless connection. Advanced logging didn't even reveal the culprit. Group Policy has all sorts of settings that can help harden Windows as well as enhance privacy.
     

    Attached Files:

  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Can you set Path exclusions?
     
  11. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Oh I could even enable real time protection? Interesting. I also found that "enable virtualization based security" yesterday while looking through every option in the GP for two hours, but I thought it was only for when RTP of WD is on. I'll search that.
    Why do you have telemetry enabled, btw?

    EDIT: Oh the virtualization security is Memory Integrity and Core Isolation? Memory integrity never stayed on when I enabled it in security center, and core isolation isn't even there. Interesting. I'll see if that setting in GP does anything. (No TPM)
    meh... old hardware
     
    Last edited: Nov 12, 2018
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    The setting is enabled, but it's configured as "1. Basic" There is a "0. Security" but it's for Enterprise only. BTW, my SRP Blacklist policy is largely based on this approach
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Yes
     
  14. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    310
    Location:
    USA
    How often does Defender update?

    I have sen reviews and other message forums posts about it not updating much.
     
  15. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    It seems to update a few times a day. But it also has cloud protection, which is real-time.
     
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Would using the Windows Defender Browser Extension for Chrome take care of this side of things?
     
  17. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I checks for updates once every hour. (every 24 hours) You can change that with a group policy: "Specify the interval to check for definition updates", but the default is already 1h. You can only lengthen it. (Set it to 8h)

    How many updates there really are per day is up to MS. I see about one every 3h
    EDIT: Someone on the internet said it's three times per day.
    EDIT: Maybe the default value is 24h... it doesn't say that! GRR
    EDIT: It is once per day, or 24 hours, by default. ( I should have google that in the first place...)
    So if you set the value of that policy to 8h, it will check three times a day, which might be enough

    My mistake was reading the description of the policy and observing what setting appears when set to enabled. (It's 1 hour) So I thought that is the default.
    Microsoft is not very good at providing information in a readily available format. GRRRRRRRRRR :mad::mad::mad:
     
    Last edited: Nov 12, 2018
  18. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    WDBP is not the same as SmartScreen. It only warns you about risky sites. It does no scanning of downloads.
     
  19. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    See the above post.

    It's funny, but smartscreen in Edge might block a download, when smartscreen in Windows will not block that same download. The behavior is not consistent.

    In any case, Chrome has very good scanning, and Windows Defender will scan the file when you access your Downloads folder, and Windows Smartscreen will scan it when you try to run the file.
    That's enough scanning, IMO.
     
  20. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Smartscreen is a scanner? I thought it will just call the defender everytime.
     
  21. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    You can get WD to update every hour, that is how it is for me,and it can be so for whom ever put in the effort with group policy. After configuring go here and the proof will be there.
    Control Panel\System and Security\Security and Maintenance\Reliability Monitor
     
    Last edited: Nov 12, 2018
  22. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Are there so many updates provided by MS? I heard it's only three per day. Regardless of the setting in WD.
     
  23. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Windows Smartscreen is a reputation service. It will block exe files, especially the very new ones, until they build up a good reputation. It is very good at blocking zero-days, as long as they are not script files.
    Smartscreen is independent of Windows Defender. WD is default/allow, and Smartscreen is default/deny.
     
  24. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    What you heard is irrelevant what i see and what it does on my machine counts so i can say for sure if configured right it updates every hour,no hear say here.
     
  25. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    It doesn't matter these days how often a AV checks for updates or receives updates, because it receives cloud definitions in real-time. If your computer can check for updates every hour, then apparently you have Internet. So you are anyways connected to the cloud.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.