ConfigureDefender - for configuring Windows built-in Defender settings

Discussion in 'other anti-malware software' started by ichito, Jan 17, 2018.

  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    https://github.com/AndyFul/ConfigureDefender

    And the page of Hard_Configurator
    https://github.com/AndyFul/Hard_Configurator
     
  2. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,266
    Location:
    sweden
    What does - WAM - mean, that is an option under Admin: Smartscreen?
    The Child protection button, what does it really do?

    Anyone knows
     
  3. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  4. guest

    guest Guest

    ConfigureDefender: Windows Defender configuration tool
    October 29, 2018
    https://www.ghacks.net/2018/10/29/configuredefender-windows-defender-configuration-tool/
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    dd.jpg

    Which is A-OK since it might come in handy for the Win 10 unit that will never be used that much anyway. Plus we still have the older version that disables :p
     
  6. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    The dev was forced by Microsoft to remove the button for disabling Real Time Protection. When that button is present, Windows Defender flags it as malware.
     
  7. guest

    guest Guest

    ConfigureDefender v2.0 Released (October 30, 2018)
    Website
     
  8. guest

    guest Guest

    ConfigureDefender v2.0.0.1 Released (June 4, 2019)
    Website
    Version 2.0.0.1
    1. Added icon.
    2. Added the section PROTECTION LEVELS which includes the renamed buttons:
    <Defender default settings> ----> <DEFAULT>
    <Defender high settings> ----> <HIGH>
    <Child Protection> ----> <MAX>
    3. Added the button <Defender Security Log>, which allows seeing last 200 Windows Defender events. It also
    shows the names of ASR rules alongside GUIDs.
    4. Added the splash alert when applying time-consuming features.
    5. Renamed option "Reporting Level (MAPS membership level)" to "Cloud-delivered Protection" (the name used
    in the WD Security Center) and renamed its "Advanced" setting to "ON".
    6. Extended the abilities of <REFRESH> button.
    7. Updated the changes made by Microsoft to allow file & folder exclusions for some additional ASR rules.
    8. Corrected the issue with closing the application.
    9. Extended the help.
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    about WD. You can check what the tiny tool does like so:
    https://getadmx.com/?Category=Windo...licies.SmartScreen::ShellConfigureSmartScreen

    some imported rules that I recognize:
    [HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection\DpaDisabled]
    "DpaDisabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender Security Center\App and Browser protection]
    "DisallowExploitProtectionOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
    "MpCloudBlockLevel"=dword:00000006
    "MpBafsExtendedTimeout"=dword:00000032

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Account protection]
    "UILockdown"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection]
    "DisallowExploitProtectionOverride"=dword:00000001
    "UILockdown"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health]
    "UILockdown"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security]
    "UILockdown"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options]
    "UILockdown"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Firewall and network protection]
    "UILockdown"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection]
    "UILockdown"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "BlockDomainPicturePassword"=dword:00000001
    "EnableSmartScreen"=dword:00000001
    "ShellSmartScreenLevel"="Block"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter]
    "EnabledV9"=dword:00000001
    "PreventOverride"=dword:00000001

    not 100% sure about
    HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates\SignatureType = 0x0
    HKLM\SOFTWARE\Microsoft\WindowsDefender\Scan\DaysUntilAggressiveCatchupQuickScan = 0x1E
    HKLM\SOFTWARE\Microsoft\WindowsDefender\Scan\AggressiveCatchupQuickScanReattemptElapsed = 0x17
    HKLM\SOFTWARE\Microsoft\Windows Defender\ProductType = 0x2
    HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\MAPSconcurrency = 0x1
    HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\MAPSconcurrencyDss = 0xA
    also can't find any Office or Adobe reg improt log, maybe because I don't have them (software ignored tweaks?)

    the most annoying rule is the "block" on smartscreen and the locking of the secuirty GUI
     
    Last edited: Jun 13, 2019
  10. guest

    guest Guest

    ConfigureDefender v2.0.1.1 Released (August 21, 2019)
    Website
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,191
    Location:
    Among the gum trees
    Network Protection does not work in Firefox after enabling it in ConfigureDefender (or by PowerShell) on my Win10 x64 1903 machines.
     
    Last edited: Aug 31, 2019
  12. guest

    guest Guest

    ConfigureDefender v3.0.0.0 Released (May 2020)
    Website
     
  13. guest

    guest Guest

    Windows 10 Defender's hidden features revealed by this free tool
    May 18, 2020
    https://www.bleepingcomputer.com/ne...s-hidden-features-revealed-by-this-free-tool/
     
  14. guest

    guest Guest

    ConfigureDefender v3.0.0.1 Released (May 19, 2020)
    Website
     
  15. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Version 3.0.0.0
    2. Removed events Id=1117 and Id=5007 from Defender Security Log.

    Version 3.0.0.1
    3. Removed event Id=5007 from Defender Security Log.

    Okay then...
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Windows Defender and two engines from Virus Total have flagged this latest update as a trojan.
     
  17. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    When I checked Virus Total for 3001 I got these two detections:
    Malwarebytes: Malware.Heuristic.1003
    eGambit: Unsafe AI_Score_72%
     
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    I forget what I saw, but probably the same as you.

    EDIT

    I forgot to mention, the downloads from both Github and Majorgeeks were flagged.
     
  19. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    No detection by WD.
    eGambit-Ai-Score: false
    Malwarebytes-heuristic: false

    Configure Defender is open source.
    Audit it yourself.
     
  20. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,152
    Location:
    Canada
    From Andy:

    Guys, did anybody have Windows Defender alert about ConfigureDefender like in this post:
    https://www.wilderssecurity.com/thr...ilt-in-defender-settings.399788/#post-2984487

    I checked on my computers with Edge SmartScreen + PUA protection, Smartscreen Application Reputation, and Windows Defender (ConfigureDefender on MAX). All allowed download and execution without any warnings. I downloaded the ConfigureDefender from my GitHub repository:
    https://github.com/AndyFul/ConfigureDefender/raw/master/ConfigureDefender.exe
    or
    https://github.com/AndyFul/ConfigureDefender/raw/master/ConfigureDefender3001.zip

    It is possible that someone tried to download ConfigureDefender via a kind of download assistant from the website which hosts applications. In such a case, the assistant executable can be flagged as PUA. upload_2021-1-22_18-47-12.gif
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    I did not use any download assistant. Sure, I realize it could very well be a false positive, but I got no such warnings with the previous version. I just reported what Windows Defender and Virus Total alerted me to. Please don't shoot the messenger ;)

    This is what Windows Defender quarantined:

    configureDefender_Alert.png
     
    Last edited: Jan 22, 2021
  22. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    @wat0114,
    When I scanned on VT (my post 17) it was just of the configuredefender.exe.
    I didn't scan the zip file. The zip file I have is ConfigureDefender3001.zip.
    Yours has "-master" in the filename. Strange.

    I did a plain download through SeaMonkey. No download utilities here.
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    That was from GitHub. I tried another from Softpedia, ConfigureDefender3001.zip, and it also is flagged by Defender, but no detections with VirusTotal, so I'm guessing a FP with Defender.
     
  24. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,152
    Location:
    Canada
    From Andy again.

    Finally, I could find out what happened. For an unknown reason, WD flagged all ConfigureDefender repository on GitHub as malicious (false positive), despite the fact that all files in the repository (including ConfigureDefender installers) are detected as clean. This situation could probably happen when the files were uploaded to GitHub and next whitelisted in Microsoft via the Developer channel. If one of them was flagged in the beginning as malicious (false positive) then also was all zipped repository (ConfigureDefender-master.zip). This file has independent detection and whitelisting all files in the repository in Microsoft does not remove the false positive.
    I have just submitted this repository to Microsoft for whitelisting - the false positive will be removed soon. upload_2021-1-23_10-53-29.gif
     
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Thank you, digmor.

    I figured there was a good chance it was a FP. I was just a bit more concerned when VT also flagged it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.