I don't have to find anything, not playing your game. That part is for you two boys to battle out, i have far better things to do in my freetime. It is funny to watch though because you two are equally opinionated and won't give an inch!!! I can say as i already posted: I use Defender at home with two other apps and those two have saved me from infection twice and i am very security conscious...may not seem like a lot, but worth the money IMHO. I simply said i genuinely value Rasheed's opinion in posts as much as yours....doesn't mean anything else. But i do not like the way you attack the person when you feel your points aren't respected. To me discuss the subject, don't belittle the poster that doesn't agree and yes, that sometimes can be difficult when you don't share values.
You are right. You don't. You can just sit in the dark and don't bother to verify any facts for yourself. That is totally up to you. If you choose to believe that Norton, BitDefender, McAfee, Kaspersky and all the others can "simply be terminated", that's up to you. If you wish to believe that malware is able to "bypass" AVG, Avira, TotalAV, Avast, and Trend Micro and the others, that again is up to you. If you want to believe someone who claims, more than once, that "a certain someone" said something, when they never did, then again, that's up to you. But the "truth" is, no one said, AVs are "impossible" to bypass. No one said Defender is "unbeatable". If you feel more secure, that's fine! It really is. But doesn't it at least seem odd to you, if these popular security solutions can "simply" be terminated or bypassed that forums like Wilders aren't inundated with requests for help and complaints - ESPECIALLY by those who hate Microsoft and Defender - that their security software failed them? Where are all the "Help I'm Infected" threads we used to see with XP and before? Right. Because I didn't join this thread to accuse "a certain person" of "lacking knowledge", right? All I did was ask for supporting evidence. Why? Because I can't find any to support those claims - and I bothered to look. But hey! Glad to see you've taken an unbiased opinion on this.
This thread has some points regrading by passing AV's if anyone is interested in reading it. https://malwaretips.com/threads/av-edr-challenge.134349/
You don't get it do you, i am not taking sides. Your war with Rasheed has nothing to do with me. I just posted something that did happen to me, you can ignore that of course. Whether AV's can be terminated or bypassed as a topic is so 15 years ago, boring and useless IMO because you or he will never be able to prove it to both yours & his satisfaction. Come on, are you really this thin-skinned? He's playing with you and you walk right into it.
Before this topic swings too far wide right, or left i'm curious to the OP's initial question. If it's a common run of the mill AV then MS Defender and the List @digmor crusher posted seems a useful starting point. Aside from those a likely candidate would be Third Party ALL-IN-ONE or something akin. I think if we wait long enough Ai Security Researchers might find a suitable response eventually.
It's an effective program as far as I can tell. It doesn't seem to conflict with any of my other security software. One of my favorite features is Geofence, where you can specify countries to which your PC will refuse connections. You can even check off Antarctica to put on the list to block.
@digmor crusher - Thanks for that. I feel it is important to note in the article, it says, "if an adversary is able to write Group Policy Objects (GPS), then they would be about to distribute this throughout the domain and systematically stop most, if not all, security solutions on all endpoints in the domain, potentially allowing for the deployment of post-exploitation tooling and/or ransomware." So will a bad guy be able to right GPOs? They must have physical access to the network, or gained remote access with administrative access. Then note the authors comment in his next post when he says, "non-enterprise users on SUA (standard user account) may sleep soundly because they are no targets of such attacks." Next, if one follows the link Victor M posted to the full article, we learn several things. (1) The bad guy must have local access to the machine. Or (2) the bad guy must have remote access to the machine. Or (3) the bad guy must have administrative access to an Active Directory domain. How likely is any of that on a home computer? If you follow the link to the Defender's challenge, note the authors comment HE posted in Red. Now if one takes the time to investigates the ThrottleStop issue and learn the "true" facts, they could see in the article, Driver of destruction: How a legitimate driver is being used to take down AV processes and note the following (my bold underline added), In other words, some how, this piece of malware must get by all the computer's security software first, then deliver its payload, then execute its payload all without being detected. How likely is that? Also, lets not forget this is not some newly discovered vulnerability. So are we to assume that none of the major anti-malware solution providers have done anything to address it? Why not if so critical? Some common sense is needed here. I'm afraid it is you who don't get it. The claim is it is happening now, not 15 years ago. It would be easy for him to prove his position - just show some (ANY) news article, security blog, white paper, etc. that shows this is an ongoing and prevalent threat. How hard can that be - if true? For once again, there would be 10s, 100s of millions of users, if true. But you, on the other hand, want me to prove a negative. You want me to prove Bigfoot doesn't exist. I can't. I can only point out there are no bones. No DNA. No scat. No teeth. No bodies. But one can "reasonably" assume they don't exist, even if absolute proof is non-existent. The burden on proof lies with the person making the claim. Where is it? LOL It is not about me being thin-skinned. It is about you claiming to be unbiased because you did not like my response to his unsupported claims and falsehoods. Now to the mods, I really am done here. To all, have a good day.
Thank you, i guess i'll try it soon....actually again. Tried it when it came out, interesting to see if they have improved. I'm glad to see we can block Antarctica, they have been a problem for years! Btw. If i remember correctly one of the Emsisoft developers worked from there!
I understand just fine, point being i find the subject as boring now as when i participated myself 15 years ago, you two guys will never agree anyway. Claiming? I stated more than once yours and his posts are valued the same. Never said anything about you or him being wrong. You have a nice day too.
It's no point arguing with these ''WD is all you need'' people. Even when you present them proof how WD is sometimes bypassed, they will come up with excuses that the chances of this happening is quite small, or they will blame it on the user ''being way too click happy'' LOL. Or they will say that they never claimed that WD was unbeatable. Well, if they didn't claim this, why do they claim that ''WD is all that you need?'' Because if WD is in fact bypassable, which is clearly proved on The PC Security Channel, which is strangely enough completely ignored LOL, then this makes a great argument to combine WD with these ''extra lock on the door'' tools. I did my part, now I would like to see proof that tools like HMPA and OSArmor won't be able to protect the system in case AV fails, where is it?
Also, it's implied by a ''certain someone'' that people assume that millions of PC's are getting hacked everyday. Did you see anyone claiming this? But what type of weak argument is this anyway? So because millions of people are NOT getting hacked, these ''extra lock on the door'' tools are not needed? What about the thousands that do get hacked? You must ask yourself, why do thousands of companies, both major corporations and small/midsize businesses spend close to $10 billion a year on so called EDR tools? Why don't they just simply rely on Windows Defender Home Edition? I will tell you why, because you never know WHEN and IF disaster will strike, and they are not taking any chances. Sooner or later AV's will get bypassed, and then you need to have a second (or perhaps even third) layer of protection, which hopefully will not be bypassed too. But not taking any chances, that's the same what a lot of people on WSF do, so my suggestion to certain folks is to spare us the ''WD is all you need'' mantra LOL. Especially if you don't even have enough knowledge, and blindly assume that when AV's are bypassed, other layers will most likely be bypassed too.
BTW, fun fact, I have been using Windows Defender (on Win 10) for the last 5 years and it has never blocked anything. So I'm one of those millions of PC's that are NOT infected, but NOT because of Windows Defender, but most likely because I didn't encounter any malware. Actually, I can't say this for sure, because I always scan downloaded files via VirusTotal, and sometimes I did see files being flagged, not sure if these were false positives. But in the past, behavior blockers have alerted me about suspicious app behavior so I decided not to use those apps, even when my AV told me the files were clean.
Yes exactly, but you don't necessarily have to be high-profile individual. Last year, one of the system utilities that I'm using (Copywhiz) was trojanized, hackers were able to hack the server hosting these legitimate apps. So this has nothing to do with ''being click happy.'' But I never actually downloaded this version, so I wasn't able to test if Win Defender could detect the malware that was imbedded. But based on what I've read, I'm pretty confident that my behavior blocking tools would have blocked it in case WD would have missed it. Don't forget, only one hacked PC might already cause major financial damage to people, for example when their crypto wallet credentials are stolen via some infostealer, assuming it's able to bypass AV. See second link for some more info. https://thehackernews.com/2024/07/indian-software-firms-products-hacked.html https://www.cnbc.com/2025/06/26/exp...aler-malware-after-login-details-exposed.html
Yes, these EDR terminating tools are a huge problem, at least in the corporate space. I wonder how Microsoft is plannning to solve this problem. Their newest plan is to move security tools from the kernel space to user space, not sure if this means that they won't be using any drivers anymore. But how on earth will these security tools protect themselves against tampering? I'm guessing they will still be able to use the ''Protected Process Light'' feature. Or perhaps app sandboxing will be improved. https://www.theverge.com/news/692637/microsoft-windows-kernel-antivirus-changes
BTW, I just saw there was even a second test where more AV's were tested against this ransomware simulator. Seems like ESET and Malwarebytes also failed to detect file encryption to my surprise. And to clarify, I'm not saying that tools like HMPA and AppCheck can't be bypassed, Cruelsister (I hope she's still active) has done tests in the past where they failed to block ransomware too, this was like 5 years ago or so. Overall, WD is a pretty good AV, and you can even harden it with tools like ConfigureDefender or DefenderUI, which unlocks a couple of hidden behavior blocking features. But what certain people don't understand is that once malware is able to bypass WD Home Edition, it's mostly blind to all kinds of malicious behavior. And that's where tools like HMPA, AppCheck, OSArmor and SpyShelter come in play.
BTW, here are some more examples of Windows Defender bypasses from a couple of years ago. The Zloader infostealer was able to terminate WD, I sure do hope that ''tamper protection'' has been improved since then. And there was this flaw in WD that let malware bypass protection by adding themselves to the ''exclusions'' list! This bug has been fixed in 2022, but lurked around since 2014! You see why I advice people not to put all of their eggs in one basket? https://threatpost.com/zloader-google-adwords-windows-defender/169448/ https://www.bleepingcomputer.com/ne...akness-lets-hackers-bypass-malware-detection/ https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.html
Oh yeah, absolutely. Even my most modern, up-to-date PC has both resident antivirus and resident anti-malware (HMP.A), and then gets checked once a week by an on-demand scanner.
Yes exactly, and to clarify, I don't have any problem at all when people advice to stick with WD and to be cautious. It's true that you can stay safe with this approach. But obviously, there are no guarantees that you will never encounter malware that's able to bypass WD. So I do have a problem with people acting like it's completely pointless to have a multi layered protection strategy. Also, even experienced users like myself can be tricked sometimes, there are a lot of fake but convincing websites that spread malware, remember the trojanized MSI Afterburner attack? I believe that in this particular case, WD was able to detect it, but it's widely known that when it comes to ''zero day'' malware, AV's might fail once in a while. When you think about it, even Microsoft knows that it can't guarantee a 100% detection rate against let's say ransomware. So that's why they added Controlled Folder Access, but you already guessed it, this is bypassable too.
To be honest, I don't think you need BlackFog because it seems to overlap with HMPA. And I'm sorry to say, but BlackFog also stays a bit vague about how their protection exactly works. To clarify, Win Defender's behavior blocking (which is mostly cloud based) should normally not conflict with tools like HMPA and AppCheck Anti-Ransomware.
Different tools. I like the way they are not obsessed about stopping "at the door" although those options is there, but instead stopping an attacker from actually stealing data. So far an unobtrusive app which is how i like it.
So BlackFog is more like a firewall? I personally don't like tools who don't clearly explain how they work. If you would like protection against infostealers, then HMPA + TinyWall would do the same job.
