Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

This is an example of malware that's trying to disable Win Defender but also other AV's, but it's not clear to me if it's really that simple. I do know that for example a tool like OSArmor might interfere with this kind of stuff because it monitors processes like cmd.exe and powershell.exe, those are often used for all kinds of malicious tricks.

https://www.bleepingcomputer.com/ne...ws-11-upgrade-installs-info-stealing-malware/

 

it is that simple. users are forced to use/give admin access and in that case they have already lost the game. it is malware which is tested against a lot of engines not to be detected. here it is a sum of several hacks to gain and hold sufficient rights. but the first fail was to think the domain is property of microsoft. in my case i would think why MS wont speak german with me, only englisch, similar for any other not-english speaking users. not microsoft(dot)com? must be a fake..

 

I have been using MS Defender for about 6 months now along with Configure Defender on High. It may be overkill but I have also been using Voodoo Shield free edition. However with VS free disappearing is my set up without VS still secure enough for one whose browsing and activity is pretty safe? If additional info is needed my preferred browser is Firefox with uBlock Origin and Decentraleyes extensions. Sandboxie and Shadow Defender installed but rarely used. Thank you for the replies.

 

As long as you keep Windows updated and are careful what files you open, then it's fine to just use Microsoft Defender (or any big name antivirus) by itself.

 

Windows Defender Application Control Recommended blocking rules
https://docs.microsoft.com/en-us/wi...ion-control/microsoft-recommended-block-rules

Spoiler: Microsoft recommended block rules

Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.

Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including Windows Defender Application Control:

• addinprocess.exe
• addinprocess32.exe
• addinutil.exe
• aspnet_compiler.exe
• bash.exe
• bginfo.exe1
• cdb.exe
• cscript.exe
• csi.exe
• dbghost.exe
• dbgsvc.exe
• dnx.exe
• dotnet.exe
• fsi.exe
• fsiAnyCpu.exe
• infdefaultinstall.exe
• kd.exe
• kill.exe
• lxssmanager.dll
• lxrun.exe
• Microsoft.Build.dll
• Microsoft.Build.Framework.dll
• Microsoft.Workflow.Compiler.exe
• msbuild.exe2
• msbuild.dll
• mshta.exe
• ntkd.exe
• ntsd.exe
• powershellcustomhost.exe
• rcsi.exe
• runscripthelper.exe
• texttransform.exe
• visualuiaverifynative.exe
• system.management.automation.dll
• wfc.exe
• windbg.exe
• wmic.exe
• wscript.exe
• wsl.exe
• wslconfig.exe
• wslhost.exe

 

Yes, if the relevant protections are enabled, OSA will interfere with - at the very least - the malicious Powershell command, and that is regardless whether or not the executable is elevated by the user.

 

But you would think that AV's would also be monitoring for tampering with realtime protection via LOLBins like cmd.exe and powershell.exe, but perhaps it would be too much of a hassle. That's why overall I think that local behavior blocking offered by AV's has barely been improved, they all still need the cloud for this stuff.

 

Well perhaps it really is that simple to bypass AV's, because I have been watching anti-malware testing videos on YouTube where certain malware samples were modified to stay invisible for Win Defender. On a side note, I also wasn't impressed with malware blocking capabilities from Malwarebytes and AppCheck Anti-Ransomware.

 

New cloud-based Microsoft Defender for home now generally available

https://www.bleepingcomputer.com/ne...ft-defender-for-home-now-generally-available/

 

I wonder if there's any additional configuration/protection options with the new release.

 

No, this article from How-To-Geek sums it up nicely:

https://www.howtogeek.com/812124/microsoft-defender-expands-to-mac-iphone-and-android/

 

Is there a way to stop this yellow excalamation mark showing up periodically in the Windows Defender taskbar icon because I didn't do a recent scan?

 

if you're using a sys cleaner tool, exclude msd protection history from cleaning.

 

You are perfectly right, it is definitely annoying to say the least, but I don't think one can do anything about it except to deal with it or ignore it...

 

right, I'm gonna try that and yes @Osaban it is VERY annoying. I don't mind if it's like once a week or so but every day is too much especially since I did a full scan and it hasn't found any threat in between.

 

Go into Task Scheduler, keep expanding the menu on the left until you find Windows Defender, click on it then disable task in main menu.

 

That's unusual. I only get this if I download an unusual, usually very new file. @imdb may be right about the system cleaning. I never use 3rd party cleaners myself.

 

Not recommended.
Disabling scheduled scan rises risk.

Edit:
@Spatan:
My recommendation:
Uninstall your "cleaner".

Instead of third party "cleaners":

1. Open the Start menu and select Settings > System > Storage. Open Storage settings.
2. Turn on Storage sense to have Windows delete unnecessary files automatically.
3. To delete unnecessary files manually, select Change how we free up space automatically. Under Free up space now, select Clean now.

 

For some people it may be a risk for for most here not really, I rarely do a scan anyways, thats what "real time protection" is for.

I do not have a cleaner installed, and have no idea what that has to do with Defender doing a scan.

 

I edited my post, to make clear, that uninstalling "cleaner" is addressed to Spartan.

 

The scan reminder hasn't shown anymore after I remove the Windows Defender checkbox in CCleaner! Thank you so much!

 

If it works for you It should work for me, let's see... A great piece of information.

 

you're welcome.

 

LOL, surprise, surprise so now M$ also wants to make money from its consumer based AV. However, it does offer protection not only for Windows, but also for macOS and smartphones with Android and iOS. I can feel an antitrust lawsuit coming up, or perhaps third party AV companies have already given up the consumer based market?