Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    The author of Hard_Configurator has posted some test data on H_C specifically--have a look:
    Updates - Hard_Configurator - Windows Hardening Configurator | Page 163 | MalwareTips Community

    Agreed, absolutely! A monopoly can have its own special circumstances.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Probably not sufficient nor intended to be BUT with the always present danger of the methods practiced at Microsoft Defender, does anyone have any ideas whether MSRT is or can be in a support role of some fashion to prevent the MD files from becoming tampered with like REVil Ransomware is just proved it can. Adding Tamper Prevention apparently was inert and neutral as a few of the core AV Anti-Malware files were overtaken and used to fudge entire systems.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I don't purpose it at all. Effective immediately, many feel it's Microsoft's responsibility to better shore up it's much heralded AV better then it has after it's been proven easily overcome by notorious ransomware and actually was used to perpetrate a disaster.

    To me and worse yet others who lost systems in mass, that is NOT "Becoming the Powerful Antivirus That Windows 10 Needs"
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    You asked a question and I answered it. That is all.
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I understand. And responded.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    By the way, if you scroll down on the link I posted above it shows a list of the malware the latest MSRT scans for.
     
  8. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    In my opinion MD, formerly WD, tuned with Configure Defender, is already the best protection,
    if uBlock is used in the browser.
    From my experience with hundreds of customer PCs, non was compromised.

    But I know, that the discussion will go on and on..., until only a few will care.
     
  9. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Most comprehensive testing has been done @ Malwaretips Malware Hub AFAIK.
     
    Last edited: Jul 16, 2021
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    To clarify, I'm not saying that all people should be using all of these tools. In theory, if you never encounter malware you don't need any security at all. And AV+firewall will probably block 99% of all attacks. But I'm strictly speaking about advanced malware attacks, I think that's what most of the people on this forum are trying to tackle, it's about the 1% of the time that most AV's will fail to protect.

    That's why I used the CCleaner "supply chain attack" as an example, the chances of ever seeing such an attack were slim to none, yet it did happen and it could have been disastrous for millions of home users. Lucky for us those hackers were only interested in corporations. So if you don't care about advanced malware attacks, you probably don't need any additional tools, but I personally don't take any chances.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, it happened again. I sometimes update signatures after a few weeks and once again I saw svchost.exe download at least 100MB. So are those updates so big or is the whole Win Def engine being updated or something, I find it to be quite weird.
     
  12. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks, I think this is probably it, some kind of platform update.

    Correct, trojans might be able to access and upload private data, so backups aren't good enough protection.
     
  14. guest

    guest Guest

    Defender Control - Open source windows defender disabler
    Website
    Download
     
  15. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    a piece of bad scripting, it kills the smartscreen.exe in a bad manner and leave the system not stable behind.

    https://github.com/qtkite/defender-control/blob/main/src/defender-control/dcontrol.cpp
    Code:
      void kill_smartscreen()
          {
            auto pid = util::get_pid("smartscreen.exe");
            auto proc = OpenProcess(PROCESS_TERMINATE, FALSE, pid);
            TerminateProcess(proc, 0);
          }
        
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Wishful thinking but it sure would fare better all way around if Microsoft would (please) visit (offer) Windows 7 & 8 series with current Windows 10 Microsoft Defender and of course before doing that revamp and really strengthen it's Windows 10 AV with smarter innovation and move along that progression.

    Reason being it would show Microsoft cares enough to reach back a little as a final farewell for those users who you now will be many that will stay on 7 & 8 after 'extended' support (at least as it reaches it's support conclusion time limit on them.

    Don't get me wrong. Microsoft is on the right track, trying hard, and is made positive strides in that area.
     
  17. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I've already spoken to the thread title being bait for arguments, anyway are we blaming their AV for being overcome by ransomware or the OS itself? I feel there should be more OS level protection for that. And no, blocking all unrecognized files is not a reasonable solution. They should probably be moving in the direction of making sure that anything the encrypts or mass deletes files is not malicious. Difficult? Probably. Impossible? No.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Hey @xxJackxx - Would you think its just out of their realm of possibility or a cost measure that prevents them from integrating a powerful virtualization feature? I mean look at all the malware-free intrusion-free happy campers who use third party Shadow Defender and it really works efficiently. Something of that nature might even lighten the burden AND always present overconfident expectations placed on Microsoft Defender AV. When it's bypassed they catch the heat big time and even puts them on the spot/hot seat. A virtualization feature (to me anyway) seems perfectly more logical than chasing the mouse around it's O/S when some penetrator achieves the joy of either breaking it or infiltrating past it's AV.

    I dunno. Maybe that's grasping at straws but it seems a very viable option for them to explore at some point.
     
  19. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    It's strange that they would name it that, where there is an existing tool which does the same thing, which has the same name,
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    You are right, I actually thought this was un update to the 'existing tool' but the website is different. I gave it up anyway, as MS Defender always manages to flag it as malware and disactivates it even if it is in the exclusion list...
     
  21. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    It sounds like a good idea. It will never happen. Unless they can find a way to make it an OS feature that can't be claimed to be anti-competitive.
     
  22. guest

    guest Guest

    Microsoft Defender ATP now secures removable storage, printers
    July 26, 2021
    https://www.bleepingcomputer.com/ne...r-atp-now-secures-removable-storage-printers/
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Great tool. I exclude it and also use it. Not to carelessly turn off Windows Defender (I run mine ON) but because it becomes instances when WD interferes with deep dive program tools I need such as if you delete a very large Gb folder/file and simply delete it still hangs up in $Recycler on disk even after Empty, and causes a defragmenter to stumble & stall because it remains on disk. Then I use a Power User program like PC Hunter or another to Force Delete effectively pulling it off disk where it can no longer interfere with being considered a file.

    Sometimes if not always, Windows keeps attached software protection on the deleted files in that .old Folder especially after REFRESH. In such situation you insert a UFD and reboot to the parallel screen and it removes easily. (inactive disk) For example on Windows 8 doing a REFRESH Windows leaves Windows.old folder of still protected Program Files/Windows Folder etc. You MUST clear that folder off disk entirely or the silly machine code of windows gets confused (still applies protection token to the system files in it) and I seen programs junction to files/processes in it.

    Mind you please, this only applies to Windows 8 (refresh feature) as far as I know but definitely so.
     
    Last edited: Jul 26, 2021
  24. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    That .old folder can be easily removed by Windows disk-cleanup, when started with admin rights.
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    On one of my refresh runs it left over 10Gb of files and out of expediency I just rebooted and used a PE to quickly remove it. Disk-cleanup is rather slower.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.