Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,812
    Windows Defender deletes Citrix components mislabeled as malware
    https://www.bleepingcomputer.com/ne...etes-citrix-components-mislabeled-as-malware/
     
  2. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,291
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,843
    Location:
    The Netherlands
    That's the thing, it gets very confusing because it indeed seems that most behavior blocking is done by Win Def ATP, but this isn't correct. I have found the article, and apparently Win Def AV is able to spot certain malicious behavior on the local system and will then send it to the cloud to get confirmation. It sounds cool, but I don't know how it will work in practice. I rather have a third party behavior blocker that blocks stuff without relying on the cloud.

    https://argonsys.com/microsoft-clou...based-blocking-stops-attacks-in-their-tracks/
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,843
    Location:
    The Netherlands
  5. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    424
    Location:
    Milan, Italia
    I don't understand why you guys keep posting in this thread if you don't use WD and only want to bash it. Maybe pandemic fatigue?
     
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,774
    Location:
    USA
    I don't use the product on my personal machines as I prefer other options. I have to use it at work because the price is right. Sometimes there are issues and I post about them to keep it honest as I would any product. I can't speak for others but.. the thread title is a little bit troll bait. As are some of the posts. Some folks will ignore them. Others will not.
     
  7. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    424
    Location:
    Milan, Italia
    Indeed!
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Microsoft Defender ATP adds new malicious behavior blocking feature
    August 18, 2020
    https://www.bleepingcomputer.com/ne...adds-new-malicious-behavior-blocking-feature/
    Microsoft: Introducing EDR in block mode: Stopping attacks in their tracks
     
  9. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    Some of us ""bash it " exactly due to the fact we use it.We all know it could be better.Things get better when feedback is delivered also.
    When something gets thru, into your OS, you get reactive.
    I see that you are a user of BD, why would you care about Windows Defender "bashing"?
     
  10. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    424
    Location:
    Milan, Italia
    In that case, critiques are helpful.
    I only switched because of the Network Inspection Service bug.
     
  11. amico81

    amico81 Registered Member

    Joined:
    Oct 18, 2017
    Posts:
    97
    Location:
    Germany
    Can u please explain this bug? I'm using the high protection with configure-defender and the network protection is enabled.
     
  12. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,231
    Location:
    Brooklyn, NY
    Network Inspection Service is running for me again w/Memory Integrity enabled. :thumb:

    Just tried it again a couple days ago--enabling it under Core Isolation. I realize it might be a reliability issue for some, though.
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Microsoft makes it difficult to disable Windows Defender on Windows 10
    August 20, 2020
    https://www.ghacks.net/2020/08/20/m...lt-to-disable-windows-defender-on-windows-10/
    Microsoft is forcing people to use its Windows 10 antivirus software
     
  14. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,311
    I stopped reading this Tech Radar article when I saw this BS.

    This is done automatically, why the user should care?

    Microsoft Defender and Windows 10 finally put an end from those dark days when almost all PCs from average users were infected, nowadays it is really hard to find a Windows 10 up-to-date infected.

    I dont want this behavior to change, I dont want to see again machines being infected with expired pre-installed Nortons and McAfees alike.


    Ps: I guess the Tech Radar "Today's best antivirus deals" is saying enough for me.
     
  15. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,311
    There are many reasons for this behavior, mainly being the fact that most security forum users are geeks that have security as a hobby and unfortunately Microsoft Defender kills it (no need to buy, tweak or test it).

    If people could separate their paranoia needs and their "geekness" they would appreciate more what Microsoft has done in the security area.

    Some users are discussing for months that Microsoft Defender lacks a behavior blocker (even when evidence proved otherwise), how "weak" it is when it is offline (this is applicable for almost all products), but we dont see their posting those remarks about other products that are objectively inferior.

    The feedback from those users are not actually very meaninful because they have an agenda, this has been happening for years and despite their "hate", Microsoft is doing fine in the security area, the numbers dont lie.

    Meanwhile:
    Microsoft Defender is sharing the first place with Kaspersky in the last SE Labs test, both had flawless score.

    Source:
    https://selabs.uk/reports/epp-home-20q2-anti-malware-testing/
     
    Last edited: Aug 20, 2020
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,774
    Location:
    USA
    Just yesterday I was copying files between network shares when Defender decided it wanted to stop the process to delete a file. An old file that was not a threat. I had to shut it down to continue. I don't have time for these things. I was trying to recover data from an alternate backup after a server failure. No hate, no agenda, just another incident of a false positive. If it were any other product I would be making the same complaint. Fortunately most products don't do this.
     
  17. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,311
    This is a valid complaint, specially if you are a software developer, Microsoft Defender is far from being perfect and some very old and very new files are somewhat problematic (fortunately it doesnt matter for most users).

    Anyway, if this happen, submit the file for Microsoft:

    https://www.microsoft.com/en-us/wdsi/filesubmission


    I am talking about this kind of "user" and if you have time just read some pages before and after that post:

    https://www.wilderssecurity.com/thr...windows-10-needs.383448/page-101#post-2858175
     
  18. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    562
    Location:
    South Park, CO
    Even though I manually check for updates twice a day, mine hasn't updated beyond "Antimalware Client Version: 4.18.2007.8" (on 1909 Home), so I've left memory integrity off for now. I'm curious to see how memory integrity performs with my new SSD (that is, whether there's any noticeable slowdown).
     
  19. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    562
    Location:
    South Park, CO
    As the techie who spent many afternoons cleaning up my friends' computers with the expired 30-day trials of 3rd-party AV's, I agree 100%.
     
  20. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,231
    Location:
    Brooklyn, NY
    OK, you're on 1909, but this shouldn't make a difference in what version you are entitled to get, should it? There was another recent Platform update that was silent for me. Here's a snip of the recent versions--the Client is now 4.18.2008.4 and installed itself over a week ago, on August 12, 2004.

    Right now, Memory Integrity is enabled and Network Inspection Service is currently running without issues. Expanding the name in Services blocks the Running part. :rolleyes:

    amp wd.PNG

    memintnis.png
     
  21. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    562
    Location:
    South Park, CO
    This is so weird. The latest update for me as of today:
    WD.png

    My definitions are actually newer, but I'm still on an older version of the client and engine.

    ETA: The WD update site shows Platform Version: 4.18.2007.8 current as of 21 Aug 20, so the newer platform might be associated with an insider build. https://www.microsoft.com/en-us/wdsi/defenderupdates
     
    Last edited: Aug 22, 2020
  22. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    71,725
    Location:
    U.S.A.
  23. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    688
    Location:
    Island of Woman
    anyone who clicks on a link can, happpened to me when looking for an old programme, multiple malware of diff type the second I clicked link
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,843
    Location:
    The Netherlands
    If you have read my posts correctly, you can clearly see that I'm trying to figure out how behavior blocking in Win Def AV actually works, because I can't visualize it at the moment. One of the reasons is that most articles about this subject mention both Win Def AV and Win Def ATP.

    What's clear to me is that Win Def ATP is an excellent product and Win Def AV has also been improved a lot. I just prefer local based behavior blocking, I'm not real big on this cloud stuff, eventhough it does seem to be quite effective according to the latest tests. But I still have my doubts, M$ states that "Win Def AV monitors over 500 attack techniques", I would like to see a list of that.

    And yes, I will bash on tools if they fail in certain things, I bashed Cyclance when their AI was bypassed, just like I bashed on Avast for being bad for privacy. If Win Def produces a serious false positive then I will comment about it.

    Wow, this sounds bad. And I agree, if you criticize a product it doesn't always mean you're a hater. Actually, most products that I comment about on this forum, both good and bad, I don't actually use.
     
    Last edited: Aug 22, 2020
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,843
    Location:
    The Netherlands
    Wait a minute, so it never actually offered a way to auto-block stuff? I remember one of my first comments about Win Def ATP was exactly about this, I believe it was 1 or 2 years ago, go figure. I think this is quite odd, you would think that all EDR systems offered this an option.

    I don't get it, so you will now only be able to disable Win Def AV if you use another anti-malware product? This would be a problem for me since I haven't actually used an AV in over 12 years LOL. They all suck. :D
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.