MRG Effitas 360 Degree Assessment & Certification Q4 2020 https://www.mrg-effitas.com/wp-content/uploads/2021/03/MRG_Effitas_360_2020Q4.pdf
On page 19 at the bottom of the performance test results it mentions that Malwarebytes was impacted due to unnecessary components enabled. Has anyone stumbled across what these unnecessary components are? I skimmed through the text and did not find the answer.
Quote by Pedro Bustamante from Malwarebytes. MRG Effitas - MRG Effitas 360 Degree Assessment & Certification Q4 2020 | Page 2 | MalwareTips Community
A couple of things that I noticed is that Win Defender did pretty good but it couldn't block all malware. It did however block 100% of the financial malware and ransomware samples. It also blocked all of the exploit/fileless malware samples. I was also surprised by the good performance of Malwarebytes. And I wonder how the heck Sophos Intercept X failed to block the financial malware simulator.
So you're saying that it would have probably failed to block the exploit/fileless samples? But from what I understood, with certain tools you can enable this setting for Win Defender AV, is this correct?
WD ASR rules can be enabled various ways depending on which OS version you're using: https://docs.microsoft.com/en-us/wi...-defender-atp/enable-attack-surface-reduction . In Win 10 Home, the only option available is manually via PowerShell use: https://docs.microsoft.com/en-us/wi...fender-atp/customize-attack-surface-reduction . Use can also use ConfigureDefender: https://github.com/AndyFul/ConfigureDefender to enable ASR rules.
The answer is simple. WD ASR rules will block whatever activity they are monitoring. This in turn could block some legit apps. MS assumes that ASR rule application is being done by system admins. that know what they are doing and the implications of what they are doing.
They are. Via PowerShell and Group Policy use. Also remember that WD is a "Band-Aid" product with many features not accessible via an integrated GUI as is the case for third party AV vendors.
I meant that it should be as easy as with certain third party tools that give access to these extra protection features. I don't want to mess around with PowerShell and Group Policy. In fact, I had to reset Win 10 because some PowerShell command broke all UWP apps.
Then use ConfigureDefender and set it to "MAX" setting and you're done: https://github.com/AndyFul/ConfigureDefender If your need further opinions on ConfigureDefender, go to Malwaretips where it is discussed extensively.
Well I actually can, so I chose not to use it. No, I just don't think it's smooth looking, I doubt he will redesign it just because one guy doesn't like it. I never use apps that don't look good.