It seems 1.16 is out: https://defenderui.com/Download/InstallDefenderUI116.exe https://defenderui.com/Download/InstallDefenderUIPro116.exe
BTW, did you guys see the latest video on The PC Security Channel? Basically, Win Defender failed to block a certain ransomware sample with standard settings, but when DefenderUI was enabled it did block this sample. I wonder why on earth aren't these extra settings visible in Win Defender's GUI in the first place? You can of course also use a tool like ConfigureDefender, which doesn't need to run in memory all of the time. You can see the video on the DefenderUI website: https://www.defenderui.com https://www.softpedia.com/get/PORTABLE-SOFTWARE/System/System-Enhancements/ConfigureDefender.shtml
OK thanks, very sad to see that MT is more active than WSF. But Andy Ful's (from ConfigureDefender) comment was quite interesting, according to him this is not how real attacks work:
BTW, I decided to take a look at the latest version, and it seems to be improved, it works just fine. But does anyone know how the ''block abuse of exploited vulnerable signed drivers'' (ASR Rules) feature works? Is this something that was developed by VoodooSoft themselves, or a feature that was already hidden in Win Security?
I can't tell you how it works but I'm pretty sure Configure Defender also has this feature and since it is listed as an ASR rule by microsoft I would say it is native in windows. https://learn.microsoft.com/en-us/m...reduction-rules-reference?view=o365-worldwide
The missed sample is probably because of a gangbang (throw malware so fast at defender) that was skipped by defender... but with DefenderUI or configuredefender seems pretty hard to get infected.
OK thanks, it seems like I'm using an older version of ConfigureDefender, which didn't offer this feature. And I have found some more info, apparantly it blocks apps from creating/loading signed drivers, but apps can still abuse vulnerable drivers that are already present on the system. And I assume this list of vulnerable drivers is updated when you update Win Defender. https://hackdefense.com/publications/met-asr-regels-houd-je-criminelen-buiten-de-deur/ Yes, I also don't believe that most malware works like this, on the other hand, I did read on MT that according to someone, certain malware downloaders can download/execute multiple samples quite fast. But it's strange that MS hides these hardening features in Windows.
Hi @ Wilders I need some advice please. I have just started using DefenderUI v1.22 so I am unfamiliar with it. I am on Windows 10 latest version. I have chosen the recommended profile and I notice on the Advanced Tab there are Threat Default actions. These are seen when Tamper Protection is disabled. In my case for the 4 threat levels i.e. Low to Severe all are set at DEFAULT as opposed to 1) Remove 2) Quarantine 3) Clean 4) Block 5) Allow 6) No Action 1) I am unsure whether to leave at DEFAULT or whether to select from 1 to 5 above or is the default setting set elsewhere if so where? 2) If you have to select from 1to 5 above what would be the appropriate settings for the 4 threat levels? Thanks Terry
Todays v1.20 update seems to conflict with 0patch on both my Win 11 and 10 rigs. Any time 0patchLoaderX64.dll is accessed I get a warning that it is not safe according to the WhitelistCloud The file is from 2022 ~ Removed VirusTotal Results as per Policy ~ Adding the folder as an exception hasn't helped.
Looks like the cloud based check is now passing the file as Safe. . . .which is nice but doesn't stop Defender asking me if I want to allow 0patchloader every time it is accessed. Web browsers are the worst due to spawning lots of instances
I'm running DefenderUI Pro integrated with WDACLockdown. Plays well with Microsoft Defender for Business.