Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

So you're basically saying leave it on with the Cloud protection? But then how will Win Defender update these cloud signatures, or does it do this automatically, even when it can't use Windows Update? Would be cool if I could update Win Def (both local and cloud signatures) without having to use Win Update, that's the problem.

 

yes and no. i'm saying, you should not disable rtp. if you want to disable cloud protection or automatic sample submission, it's ok to do that. just don't mess with ms defender's rtp, leave it on. it don't matter if the updates are disabled. you don't want to rely on its protection anyway.

 

@Rasheed187
did you give this a try?
https://www.thewindowsclub.com/update-windows-defender-automatic-windows-updates-disabled

 

While I somewhat agree if it is not getting updated and is blocked from the cloud then it could end up being useless or worse than nothing. If i were me I like your previous suggestion but it's not me so I guess I got nothing...

 

i hear ya. if i were you and you was you i'd go with my previous suggestion.

 

Well then as you say, you have a decent level of understanding, I don't for these things, and I suspect the vast majority of users are like me. I was referring though to anti-executables applications like Anti-Executable from Faronics, Woodooshield, NoVirus Thanks ExeRadarPro and another one I don't remember the name many years ago. On paper they are supposed to supplement security for any 0 day AVs would miss and probably they do in most cases, but in my experience I only had problems, things that suddenly would not work until the anti-exe apps were disabled.

I don't trust MS Defender either as my first defense, Macrium's daily incremental backups remain my 100% solution to any problems followed by my virtualizer (Shadow Defender always on), and last as an indication MS Defender (lately I've been using WiseVector StopX as a scanner, but honestly there is no malware out there!)

 

whitelist cloud settings: "auto allow safe whitelist cloud items full time"

Then disable the setting to auto-deactivate after X-number of minutes and disable the option to auto-allow by parent process

I've never had any issues with voodooshield along side any other product.

When it's configured that way and WD is on max or high it's a totally unstoppable setup. And voodoo will allow everything that's already in the program files folders and windows-system stuff out of the box. And with WLC set to auto-allow all known-safe items it won't block anything that you would want to install either....for the most part.

 

Thanks will check it out. BTW, I was experimenting a bit with disabling Win Defender and Win Update, seems like not all third party tools work correctly, and I guess you will always need to disable tamper protection. Currently it looks like realtime protection from WD is disabled, the question is will it stay this way.

Also, I can't check for signature updates anymore, probably because Windows Update is now correctly disabled. I didn't even know you could check for updates manually. But anyway, I have used O&O ShutUp10 and Win Update Stop (from NVT), I'm not sure if Defender Control is working correctly.

 

give us your feedback when you're done.

 

Well, it's a bit weird because after reboot, real-time protection from WD is enabled again. Even though tamper protection and Windows Update are turned off. So I wonder what causes this. O&O ShutUp10 did notify me of this, but apparently it can't solve it, so I need some other tool. Will now try Defender Control.

Or perhaps I should indeed keep WD enabled, because I'm not seeing any big performance boost. The question that comes to mind is, if you enable Win Update, what exactly will happen, will it automatically download updates and force you to install them? Or can you still choose which updates to install. It seems like currently updates have been paused until 21 January 2021, so what will happen after this date?

 

@Rasheed187 for me Defender Control is working perfectly

 

OK thanks so it's able to disable real-time protection also after reboot? Or will it disable WD completely, so even on demand scanning won't work?

 

It definitely disable WD after reboot, on demand scanning I don’t know...

 

OK thanks. You should easily be able to check if on demand scanning is still working via the context menu, in case you didn't know.

But I'm seriously considering to leave WD's real-time protection enabled. Because I have just read that even without Windows Update you can manually download WD signatures, see link. Another option is to simply enable Win Update when you want to update WD signatures, and then disable Win Update again. Or I could use the Task Scheduler trick that imdb mentioned.

https://www.microsoft.com/en-us/wdsi/defenderupdates

 

Does anyone know when Windows Defender Sandbox will be enabled by default? I can't find anything more recent about it than the original announcement 2 years ago.
For those who have enabled it, do you notice a performance hit or bugs?

 

If your intent is to use the sandbox for suspected malware analysis, I wouldn't do so: https://www.magnitude8.com.au/m8-blog/2019/5/27/beware-the-perils-of-windows-sandbox

 

@BoerenkoolMetWorst

are you referring to the isolation sandbox or the antivirus process sandbox?

 

To be clear, I'm referring to the antivirus process sandbox:
https://isc.sans.edu/forums/diary/Windows Defenders Sandbox/24266/
Afaik that one is called "Windows Defender Sandbox" and the isolation sandboxie style sandbox is "Windows Sandbox". They could have better pick a totally different name for it

 

Hi

I am thinking of reinstalling so i wonder if i should go with my Pro or Home licens. It all depends on if the sandbox in Pro is working as it should now or is it still as flawed as it was 6 months ago?

Any Pro user who has an answer?

 

W10-20H2 German:
Sandbox works.

 

BTW, I've just noticed that Win Defender apparently keeps finding a certain threat, but there is no way to know what is exactly quarantined, does anyone know what this means, and I suppose this is triggered by the behavior blocker? Also, will Win Defender block all of this "behavior-based" detections mentioned in this article out of the box? I wonder if you guys have ever seen it in action.

https://docs.microsoft.com/en-us/wi...osoft-defender-atp/client-behavioral-blocking

 

Do you use configuredefender (on Max) ?? i think its a falseP
This is default thing in that folder, say normal. i don't know why it flags this .... (unless something other installed that triggers changes to the OS)

 

It's obvious something is attempting to modify the Win hosts file. Normally, nothing other than comments are in that file.

Are you updating it with some custom hosts file list? If you're still using SpyShelter, does it propagate entries in the hosts file?

-EDIT- I also think you're a bit confused about WD behavior detection which primarily applies to the ATP feature. A critical component of ATP detection is deployment of EDR:

Anyway below is a list of its behavioral detections. Writing to the hosts file does not fall into this category:

https://docs.microsoft.com/en-us/wi...-defender-atp/behavioral-blocking-containment

 

Thanks, I have looked in this folder, but there are no .exe files listed. So absolutely no way to find out what exactly was quarantined, but it seems that so far, all apps are working just fine. Still, this is a feature that should be improved in WD.

No, I don't use Configure Defender, so it's the standard WD configuration. For now, cloud protection is disabled, but I might eventually enable it, because it will improve malware detection. Plus, I'm guessing that the behavior blocker in WD is mostly cloud based.