Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I use O&O ShutUp 10 and Spybot Anti-Beacon, I'm guessing that these are the only apps that may modify the hostfile, so now I have to check if I see this "threat" warning from WD, when I open these apps. But I didn't see an option to exclude them. And no, SpyShelter didn't warn me, most likely because it's not monitoring the hostfile or perhaps it auto-allowed some trusted app.

    And about the behavior blocking discussion, I believe that it may be cloud based, see quoted text. So WD's locally based behavior blocker will most likely not watch for the stuff that was mentioned in the article. But ridiculous that M$ doesn't explain it clearly, because we're still not sure if you need WD ATP for this stuff.

     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Interesting(cloud behaviour blocker)
     
  3. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    620
    Location:
    Belgium
    Windows defender mostly relies on the cloud, even behaviour... i don't know why you would disable cloud ?
    Its like installing an Antivirus and disable realtime protection ! o_O
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, a good AV shouldn't solely rely on the cloud. I also think it's a weird idea that AV's may upload files without you even knowing. That's why I never installed any free or paid third party AV's. Just look at what Avast did, they basically spied on users. On the other hand, Win 10 is full of telemetry crap so this may already be happening anyway, so you might as well enable cloud protection and get better protection.
     
  5. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    620
    Location:
    Belgium
    Every AV sends some telemetry back home, Avast did that last year (and sold data) but they stopped with that, now just necessary stuff.
    Windows defender also sends things to microsoft and Kaspersky is the biggest one, because all traffic on your computer goes in the kaspersky lab server , so they know much more...
    If you want full protection from WD leave everything enabled and its recommended to use configure defender on High profile, this sets cloud protection on highest level comparable like WD atp.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    There's a very good reason for doing this. If they find a potentially suspicious file that they haven't encountered before, by uploading it to the cloud, they are able to analyse the file and then add signatures for it if they find it to be malicious.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Also, it saves having a huge database of signatures stored locally. Cloud signatures are always up to the minute the latest, which may not be the case without the cloud.
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Yes, that too. It's a bad idea to disable cloud scanning.
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    The only bad thing about cloud is that some malware kill internet connection so after that no more updates;)for the cloud antivirus this is in a case the virus was missed by antivirus
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Good thing I don't rely solely on an AV. ;)
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Good boy ;) I also have my malware killer SASPro;)
     
  13. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    735
    Location:
    South Park, CO
    I use WD with Configure Defender on High and all cloud permissions allowed. Last year when my Internet connection was down for 2 days, WD was aggressively blocking some old.exe's from running, so I would guess the protection level rises to "paranoid" when it can't reach the cloud. Smart Screen works the same way for me on Windows 10.
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Hey that's nice good to know at least WD still works ;)
     
  15. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi @ SouthPark

    In your previous post you said "I use WD with Configure Defender on High and all cloud permissions allowed."

    I am a new user of Configure Defender so how do you "allow all cloud permissions"

    Thanks

    Terry
     
  16. Mattchu

    Mattchu Registered Member

    Joined:
    Nov 8, 2008
    Posts:
    72
    Location:
    UK
    @TerryWood

    Iv`e found the easiest way to do this is via powershell [Configure Defender is mostly just a GUI for it anyway]

    From the start menu scroll down to "Windows Powershell" -> Right click Windows PowerShell ISE, more "Run as Administrator" ->

    Now in the box that says "Name" type in "Set-MpPreference" -> two entries will show, click the bottom one -> This now gives you the various settings available to windows defender.

    Go to CloudBlockLevel -> from the drop-down, select "High" -> Now click "Run" at the bottom. You should see the entry in the main powershell windows "Set-MpPreference -CloudBlockLevel High"

    That`s it...

    Sorry, I now see you want "all cloud permissions allowed" -> for that set MAPS (lower in the list) to advanced and hit run.

    To make sure it`s right type get-mppreference into the main powershell windows and hit enter. You should see CloudBlockLevel and CloudExtendedTimeout both with a 2 + MAPSReporting with a 2.

    These as far as I`m aware will allow all cloud permissions...
     
  17. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi Mattchu

    Thanks for that. One question. Could this be done from Configure Defender GUI?

    Thanks

    Terry
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No of course, but you would hope that AV's are good enough to block most malware, zero day or not, via behavior based blocking. Actually, would be interesting to see how AV's would perform when they don't have access to the cloud.

    Yes you're right, I'm not that sharp at the moment, but you can click on "learn more" and then you will see that it's indeed related to modification of the hosts-file, and apparently Win Def will block this automatically. Luckily it didn't quarantine Spybot AB. But it does give you an option to allow it.

    It's funny because this means that Spybot AB wasn't actually able to protect me for the last 2 months and I didn't even notice it LOL. I have checked my hosts-file and now it's indeed correctly being modified by Spybot AB. However, Win Def should have at least made it clear that Spybot AB was the culprit, it didn't mention this anywhere, plus you can't even configure this type of behavior blocking in WD. So I'm not too happy about this.

    Good to know, and I hope it won't simply blindly block unknown .exe files similar to Win SmartScreen, because this might generate a whole lot of false positives.
     
  19. Mattchu

    Mattchu Registered Member

    Joined:
    Nov 8, 2008
    Posts:
    72
    Location:
    UK
    Not sure bud, I don`t use it (may look into it in the coming days), Hopefully Southpark can tell you. Using Get-MpPreference is a good way to tell if the settings have changed though. Screenshot a before and after...
     
  20. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    735
    Location:
    South Park, CO
    Hi there. By default, if you set Configure Defender to High it enables the maximum cloud protection settings, as shown in the screenshot below. (The default cloud check time limit has since been changed to 20 sec.)

    An important note from the author: Most settings available in ConfigureDefender are related to Windows Defender real-time protection and work only when Windows Defender real-time protection is set to "ON". Important: These two settings (below) should never be changed because important features like "Block at First Sight" and "Cloud Protection Level" will not work properly: "Cloud-delivered Protection" = "ON" "Automatic Sample Submission" = "Send"

    ConfigureDefender1.png
     
  21. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi SouthPark & Mattchu

    Thank you both for your help much appreciated

    Terry
     
  22. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
    Microsoft patches Defender antivirus zero-day exploited in the wild
    https://www.bleepingcomputer.com/ne...der-antivirus-zero-day-exploited-in-the-wild/
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  24. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Patched. Phew! Zero-day sounds ominous.

    defender engineversion.PNG
     
  25. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Worst av ever lol. My grandma asked me to download her photoshop lightroom, so I wanted the newest version which wasnt on piratebay and I went to this site **malware link removed** (ITS A RANSOMWARE DONT DOWNLOAD). So I thought, she has windows defender right, what could go wrong? Cuz with cracks ure always risking to get malware and I wasnt sure if the site is legit but I was like, worth a try right? Well the file name should have given it away but I thought, hey lets try, what could go wrong? WRONG. Everything got .coos file extension, all txt images photoshop movies docs excel words etc. And windows defender completely gone, didnt even bleep or any popup or ANYTHING. I open Windows Security window, it stays completely empty, nothing. Not even showing AV or Firewall provider etc. Now im gonna get her a real av or maybe voodooshield.

    P.S. tips for cleaning up appreciated
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.