Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,285
    Location:
    Canada
    I currently use H_C and foresee no reason to replace it.
     
    Last edited: Aug 14, 2021
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,624
    Location:
    U.S.A. (South)
    I know it's not likely but what I wouldn't give to see MS upgrade the nearly downgraded Windows 8 with this better version AV. But that's ok. It'll have to be.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    You know what I still don't understand? Is Win Defender AV really able to perform behavior monitoring on the local machine? It seems that if WD detects suspicous behavior it will send the process tree to the cloud and then it will come up with a verdict. This can be confgured by a tool like ConfigureDefender.

    But let's say that WD doesn't have access to the cloud, will it still protect the system against for example cross process injection? I'm guessing it will not. So that's why it's probably still a good idea to use a tool like HMPA and/or SpyShelter.

    But it's clear that Win Defender ATP is doing quite a good job, pretty impressive how they are able to block these code injection methods, see links. The thing is, I want Win Defender AV to be able to this also, with that I mean, even after malware is already running, post execution.

    https://www.microsoft.com/security/...-process-injection-with-windows-defender-atp/
    https://www.microsoft.com/security/...ender-atp-process-hollowing-and-atom-bombing/
    https://www.microsoft.com/security/...oading-with-windows-defender-atp/?source=mmpc
     
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,980
    ATP is not for consumers available.
    and "cloud" is only a synonym for evaluating unknown files from external capacities/servers. MS has its own, but VT is a similar one. however such feature is called, any current security software offers it. the rest is different, some feature more or less, not significant differences for signature scans.
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,624
    Location:
    U.S.A. (South)
    If I may, why in opinion is not ATP offered as a default integrated portion for MD home user. Could it be the freebie syndrome? Since Micro already assumes they are with liberty for users to enjoy the upgrade free of charge.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    Correct, WD ATP is not for consumers. But they clearly mention that it works together with Win Def AV. But the question is, do we also get the same detection capabilities for consumer PC's? So I'm guessing that cloud protection for home user is done with the help of WD ATP? Because clearly, when cloud protection is disabled, Win Def AV is missing lots of malware, so how advanced is the locally based behavior blocking engine? Let me answer that, it's clearly crap, so it's very confusing.

    Yes exactly, if WD ATP really is this good in detecting malware behavior, why not bring parts of it to home user PC's. Win Def AV should be able to spot malicious behavior even after malware is already running, but it needs the cloud for the final verdict. Why not make more advanced features available for power users.
     
  7. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    382
    Location:
    Milan, Italia
    MD benefits from WD ATP but remains dependent on the cloud. Here is a good example of how the two work together https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/page-56#post-902093
    And here are more examples and descriptions of how Defender works:
    https://malwaretips.com/threads/geminis3s-security-config-2020.97799/page-4#post-886218
    https://malwaretips.com/threads/how-the-hell-wd-works-on-windows-home-pro.95146/page-3#post-900437
    https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/page-37#post-837218
    https://malwaretips.com/threads/how-the-hell-wd-works-on-windows-home-pro.95146/#post-835847
    And there are others which you are free to research.
     
    Last edited: Aug 23, 2021
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    OK thanks, so I'm not the only one who got confused. So it seems that with the help of the cloud, WD is able to block malware based on their behavior, so without any known signature. But it's not a true behavior blocker in the sense of HMPA and SpyShelter. This quote is from one of the links that you posted:

     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,545
    Defender Control 2.0 (September 13, 2021)
    Website
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,624
    Location:
    U.S.A. (South)
    Sure wish since Micro is going to call it quits on Windows 8 in 2023 that they would upgrade the WD with some of the more sophisticated modules of Windows 10 ATP. I know that it doesn't quite seem prudent but still it would keep that version relatively Micro made less vulnerable since malware addicts focus mostly on the latest releases to play their disruption toys on. A relative note in defense of that would be the WannaCry ransomware that they patched all the way back to XP.
     
  11. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    382
    Location:
    Milan, Italia
    Don't hold your breath. Not going to happen. Plus, they're too busy making a mess of W11. :D
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,479
    Location:
    USA
    Agreed. If they did do such a thing they would probably have to charge for it. This thread would probably go completely dead if they started charging for Defender. :argh:
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,624
    Location:
    U.S.A. (South)
    Yeah wishful thinking in totality.

    Shame that Micro has the monopoly it does on the O/S market the way they do. Strong competition if allowed would probably sink Micro in the O/S market and they have government support until all those military systems get p0wned
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    Yes, it's still a bit unclear to me if we get the best protection when it comes to behavior blocking on home user PC's. I'm hoping that malware analyis in the cloud is done via Win Def ATP, this would mean that even on home user PC's they would block advanced malware like Astaroth, see link. Take note of all the stuff that is blocked by Win Defender's behavior monitoring engine.

    https://www.microsoft.com/security/...-next-gen-protection-exposes-astaroth-attack/

    LOL, I'm watching WarGames (1983) a movie that I hadn't seen in 20 years or so, all thanks to Prime Video. So funny to see those old computers from the 80's again. :p

    https://www.imdb.com/title/tt0086567/
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,624
    Location:
    U.S.A. (South)
    Reference noted! Thanks @Rasheed187
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.