Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    No offence, but after using a fully W 10 Pro updated to the latest version, since November 2019, with this great Microsoft AV on and running, being quite civil in usage (no prns , downloaded files scanned in virustotal and so on), something has entered in the PC in March 2020.I have discovered the problem due to a simple/accidental scan with Hitman, after seeing a suspicious connection.
    Had to re-image.
    I am not using cracked software, i am browsing with Sandboxie and No Script ON (and other browser add-ons), but i haven t used unfortunately a complementary live 3-rd party antivirus.
    This AV seems useless without 3-rd parties.
    It gives a false sense of protection.
    If you have a Windows 10 copy, do yourselves a favor, make a back-up and use a complementary security software, to avoid crying after data.
    The little thing was not spotted by Malwarebytes Antirootkit either and neither HItman Pro was to clear about what it was in fact that installed in my PC.
    Never had such issues in Windows 7, since installing it for the first time, with a simple combo: Sandboxie and a proper firewall.
    Do NOT BELIEVE the HYPE !
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,767
    Location:
    UK
    What was it called, this thing on your PC?
     
  3. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,311
    What was detected in your PC? How do you know that it wasnt a false positive?

    There are millions of PC users running Windows Defender alone (without useless software like Sandboxie), using cracked software, downloading torrents and most of them ARE NOT infected.

    Even if it was really a piece of malware, somewhere, somehow you made a mistake that Sandboxie didnt save you (so why are you glorifing it anyway?).
     
  4. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    @Sm3K3R:
    HitmanPro the scanner, not HMP.Alert, is know for it's FPs.
    So without a evidence, or at least a explanation, it did not happen.
     
  5. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    958
    Well done Sandboxie
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,378
    Location:
    Milan and Seoul
    This is my feeling as well, how can one blame Windows Defender without implicating Sandboxie as well? Sandboxie should be the first to act if properly configured...
     
  7. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    196
    Without better information anything is speculation here. Sandboxie is no AV and the story really misses more technical info...
    And since all was uploaded to virus totall atleast 50+ other scanners missed it? Talking about MS Defender here...
     
  8. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,812
  9. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    Ok, i haven t expected feedback to my post, i can say more about it.The problem is solved now anyway.
    After this experience i would advice everyone to add something else to the default protection combo.

    A few things to describe.The machine had a security set-up formed of ONLY :
    -Windows Defender latest updates as they came from Microsoft;
    -Latest updates from Windows , i install them the day they are available;
    -Windows Firewall with WFC on and with those locks against modifications in place
    -Sandboxie latest versions, installed as fast as the builds were released lately
    -Malwarebytes-Antirootkit and CrapCleaner were run every evening, before shutting down the PC.

    The machine and the W10 was being used lately mostly for browsing and some 3D gaming - BF series, as the COVID lock is on for some time :)
    There was a Punk-Buster service (outdated most probable - some update came in late April i think) running in the background.

    The thing that made me look in the logs and do some research with some tools, to see whats happening, was a strange lag in games, failure to connect when trying to use FIrefox from time to time - even tough the router was working just fine, failures to connect to Windows Updates from time to time (this might be related to their own as a an update has a descriptions in relation to such scenario)..
    So one day I ve took a look in the firewall and router logs and observed a strange HTTP connection to a customer ip from a Swiss town.
    Then i ve started researching.
    HItmanPro showed something suspicious (not an infection) related to spoolsv service and the executable related to the Security Center Reporting.
    Dr.Web CureIT removed something that was considered a rootkit of some sort and needed a restart to remove it
    A strange WAN (?) interface (i have never connected the W10 machine directly to the ISP), that was not there in February 2020, (i tend to look in logs and device manager form time to time), was active in the Network section in the device manager and disappeared after the Dr Web Cure IT scan
    Spybot-Search and Destroy removed a registry key related to a firewall exception (the firewall had no modification as per WFC rules - everything looked fine).

    And some more info :
    I never execute or open downloaded files or archives without prior virustotal upload scan
    The browser is always sandboxed and up to date
    I do not do P2P or network sharing from this W10 PC
    Many dangerous and not needed Windows services are always off (remote registry, remote desktop, network sharing and so on, IP6 , 4to6, etc ).

    After the clean-up the computer started behaving normally, no more excessive CPU fan noise either.
    I have no idea what it was exactly and how it entered the PC :)

    After this i ve started looking more in logs and observed that :
    The windows Apps tend to update in the background while you play a 3D game for example
    Cortana tries to connect in the background even if it s off and i am not searching anything as i am in 3D game with full screen control
    CrapCleaner genuine update exes (it has 2 -free version user)) run in the background when you play a 3 D game
    Skype, even if not used on this machine, tries to connect in the background, while playing a 3D game.Why would do that in the background if it s for a specific visual communication purpose ? !
    OriginWebHelper will run in the backgorund when a playing a online 3D game and make connections even if you run Steam.

    I would say that software to secure W10 for real is needed more than ever.
     
  10. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    196
    Im happy your problem is fixed now :) When you plan to stay with Windows Defender maybe take a look at configure defender like anon posted #2833.
    For even more security maybe look at hard-configurator.com (some reading may be required, atleast for me it was)
    Just do a backup before in any case.
     
  11. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,231
    Location:
    Brooklyn, NY
    Yes, with Defender, I use the Firewall Hardening tool embedded in Hard_Configurator, with the Recommended and LOLbins settings. Very simple, from start to finish. I also enable logging but nothing exciting has happened to date. Oh well.

    The rest of H_C requires a bit of learning and reading, I think. Great tool. I consider it a part of my core security now.
     
  12. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,311
    @Sm3K3R

    You are free to post your experiences and opinions but FOR ME, what you posted has no value whatsoever and sounds pure derogatory and dramatic with a bit of paranoia.

    Malwares dont surge out of thin air, rootkits are a thing of the past, specially for someone using Windows 10 and practicing safe habits like you say that you do, not saying it is impossible but it pretty unlike that you had a real infection.

    Ps: Malwarebytes Antirootkit is pretty useless, Sandboxie is prone to conflicts, Spybot-Search and Destroy is just 10 years late in the game.

    Ps 2: I really doubt that you had a malware infection, it is more like to be a conflict between anti cheaters (most of them exhibit rootkit-like behavior), Sandboxie and other relic tools in your arsenal.
     
    Last edited: May 9, 2020
  13. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,291
    what is dangerous about ipv6? :cautious:
     
  14. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,291
    10 years? make it 15. at best. :D
     
  15. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,378
    Location:
    Milan and Seoul
    What is the function of Sandboxie on your system?
     
  16. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    In the former days, I used it to run keygens...
    Nowadays, I have no use for it.
    If any, I use Windows Sandbox.
     
  17. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,378
    Location:
    Milan and Seoul
    I don't use it anymore too as I use Shadow Defender all the time. My original question about the function of Sandboxie was related to the fact that SB properly configured is enough to protect Win10 without any other layer. Sm3K3R claims that even with SB, "software to secure W10 for real is needed more than ever". I think that SB and Windows Defender are almost impossible to bypass by malware, if SB is configured with restrictions.
     
  18. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    688
    Location:
    Island of Woman
    "Starting with the Windows 10 May 2020 update, which is set to roll out later this month, Microsoft said it added an option in the Windows 10 settings panel that can let users block the installation of known PUA threats.

    The feature is turned off by default, so users will have to manually enable it once they update to Windows 10 May 2020 (v2004)." Zdnet said
     
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,812
  20. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Demystifying attack surface reduction rules - Part 4.
    https://techcommunity.microsoft.com...k-surface-reduction-rules-part-4/ba-p/1384425
     
  21. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,378
    Location:
    Milan and Seoul
    I really think that Microsoft Defender has reached the level of sophistication (and more) of the paid competition. I see only slow performance on some computers being a problem (not on my machines), but then again big names like Kaspersky, Bitdefender to name a few, often perform sluggishly on some powerful machines...
     
  22. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    Browsing only/mostly.And if a PDF file is to be printed or read, it will be sandboxed as well, mostly if it's from a new source.Like a Datasheet or something like that.

    I have installed Kaspersky Free (in the cloud) to see how it goes.Strangely enough some Battlefield titles seem less laggy.I have an old six core machine.

    VoodooShield free has been add-ed as well.

    Keep in mind that when running VoodooShield, along the Windows Defender, pop-ups would start telling me that the executable of Windows Defender is doing something in the background, once i was in the game, in full screen.Never seen pop-ups regarding the avp.exe though and even more than that the PC seems to be working better/smoother with Kaspersky installed.
    The Windows 10 logic is flawed in my view.It starts updating apps and such and do various tasks while you are in a full screen app ,instead of doing this while in idle.

    With Windows XP or Windows 7, using proper firewalls and Sandboxie i was able to surf and do various things in the past, without an AV installed , the computer being completely clean of infections, with Defender disabled.

    Defender takes a lot of hardware resources in a useless way in my view.
     
    Last edited: May 17, 2020
  23. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,774
    Location:
    USA
    At the very least. I think it peaked somewhere around 2002 - 2003.
     
  24. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,767
    Location:
    UK
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,420
    Location:
    Under a bushel ...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.