Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Thank you for all the replies.

 

I couldn't agree more, like others mentioned a daily image backup (even one every other day) will just give you peace of mind without loading too much crap on your computer...

 

I personally do believe in adding multiple layers of protection, AV's aren't fool proof, it's as simple as that. I was never a big fan of VS, but a tool like OSArmor will considerably improve computer security and has a low footprint.

This is true, but I believe most of the people on forums like WSF know that they are not under constant attack. But it's always nice to be able to protect against more advanced attacks that we may or may not ever encounter. I don't believe in relying solely on AV's like Win Defender.

 

I prefer to keep it simple and use less software and make daily system images. My preference however is not everyone else's so everyone should do what pleases them and/or works best on their system.

 

Yes, it depends on your preferences and risk assessment. The reason why I joined WSF back in 2004 is because I felt like an AV wasn't enough to protect me from more advanced malware attacks and I still believe this. That's why I started using tools like Process Guard and Sandboxie back in 2004. As long as security measures don't annoy me (like UAC alerts) and system speed and stability isn't affected, I see no reason not to add mulitiple layers of protection.

 

I also believe in a layered approach ( 2 programs at most though), I also believe its best to keep programs installed on your computer to a minimum (especially security programs) as your computer will have less issues/conflicts etc and run much better. Good web habits should stop 98% of any potential malware issues and being a home user I could care less about any advanced attacks that aim for high value targets.

 

I agree, back then it probably wasn't.

 

Hi stapp: never saw this message before myself. The NisSrv is in both locations as you described. Hmmm.

 

Agree, definitely.

 

Yip. The Program Files one 07 Dec, and the ProgramData one is dated 3 Nov.
In the Win 10 instance where I have VS, it flags this file on start up ...

 

Not always though - not sure what it depends on ...

Edit: See https://www.wilderssecurity.com/threads/voodooshield.313706/page-746#post-3056232

 

Microsoft fixes bug blocking Defender for Endpoint on Windows Server

https://www.bleepingcomputer.com/ne...king-defender-for-endpoint-on-windows-server/

 

I never really fully understood how VS worked, that's the biggest problem. In my view it was a bit more complex than EXE Radar, a whitelisting tool that I used to use. But OSArmor is set and forget. Of course occasionally it might cause a false positive, but I haven't had many of those. It's a nice second line of defense in case Win Defender fails to block malware from running.

I agree, but we must not forgot that we don't know anything about people who post on this forum, who knows, perhaps they are bigtime crypto traders that might be a target? Fact or the matter is that AV's will never be able to catch ALL malware as we often see in anti-malware tests.

 

This is actually a good example, the Phorpiex malware was able to steal half a million dollar by simply hijacking the clipboard of crypto traders. The malware was spreaded by USB-sticks, freeware and phishingmails and of course you might say that users should have been more careful, but I also doubt they weren't using any AV. A tool like SpyShelter would have most likely blocked it from monitoring the clipboard.

https://research.checkpoint.com/202...zt-hijacking-hundreds-of-crypto-transactions/

 

Did you also see that not only does it evade VM's, but also Sandboxie as well:

https://research.checkpoint.com/2020/phorpiex-arsenal-part-i/

 

I guess this means that the malware simply fails to run when launched inside the sandbox? That's why I'm always suspicious of simple apps that can't run sandboxed, because this means they probably need too many privileges or are trying to evade detection.

 

Microsoft Defender Log4j scanner triggers false positive alerts

https://www.bleepingcomputer.com/ne...log4j-scanner-triggers-false-positive-alerts/

 

Yeah, not surprising. Although I'm low risk, this is yet another suggestion and justification to augment Defender with something (H_C, OSA, etc). So light they have no impact (not on here) and add some protection that is otherwise lacking or can be bypassed.

 

This is exactly my setup for the last 6 months, WD, H_C and OSA and as you say, (at least on my PC) no impact.

 

Another combination can be WD default settings and VoodooShield (also minimal impact).