Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.
I currently use H_C and foresee no reason to replace it.
I know it's not likely but what I wouldn't give to see MS upgrade the nearly downgraded Windows 8 with this better version AV. But that's ok. It'll have to be.
You know what I still don't understand? Is Win Defender AV really able to perform behavior monitoring on the local machine? It seems that if WD detects suspicous behavior it will send the process tree to the cloud and then it will come up with a verdict. This can be confgured by a tool like ConfigureDefender.
But let's say that WD doesn't have access to the cloud, will it still protect the system against for example cross process injection? I'm guessing it will not. So that's why it's probably still a good idea to use a tool like HMPA and/or SpyShelter.
But it's clear that Win Defender ATP is doing quite a good job, pretty impressive how they are able to block these code injection methods, see links. The thing is, I want Win Defender AV to be able to this also, with that I mean, even after malware is already running, post execution.
ATP is not for consumers available.
and "cloud" is only a synonym for evaluating unknown files from external capacities/servers. MS has its own, but VT is a similar one. however such feature is called, any current security software offers it. the rest is different, some feature more or less, not significant differences for signature scans.
If I may, why in opinion is not ATP offered as a default integrated portion for MD home user. Could it be the freebie syndrome? Since Micro already assumes they are with liberty for users to enjoy the upgrade free of charge.
Correct, WD ATP is not for consumers. But they clearly mention that it works together with Win Def AV. But the question is, do we also get the same detection capabilities for consumer PC's? So I'm guessing that cloud protection for home user is done with the help of WD ATP? Because clearly, when cloud protection is disabled, Win Def AV is missing lots of malware, so how advanced is the locally based behavior blocking engine? Let me answer that, it's clearly crap, so it's very confusing.
Yes exactly, if WD ATP really is this good in detecting malware behavior, why not bring parts of it to home user PC's. Win Def AV should be able to spot malicious behavior even after malware is already running, but it needs the cloud for the final verdict. Why not make more advanced features available for power users.
MD benefits from WD ATP but remains dependent on the cloud. Here is a good example of how the two work together https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/page-56#post-902093
And here are more examples and descriptions of how Defender works:
And there are others which you are free to research.
OK thanks, so I'm not the only one who got confused. So it seems that with the help of the cloud, WD is able to block malware based on their behavior, so without any known signature. But it's not a true behavior blocker in the sense of HMPA and SpyShelter. This quote is from one of the links that you posted:
Defender Control 2.0 (September 13, 2021)
Sure wish since Micro is going to call it quits on Windows 8 in 2023 that they would upgrade the WD with some of the more sophisticated modules of Windows 10 ATP. I know that it doesn't quite seem prudent but still it would keep that version relatively Micro made less vulnerable since malware addicts focus mostly on the latest releases to play their disruption toys on. A relative note in defense of that would be the WannaCry ransomware that they patched all the way back to XP.
Don't hold your breath. Not going to happen. Plus, they're too busy making a mess of W11.
Agreed. If they did do such a thing they would probably have to charge for it. This thread would probably go completely dead if they started charging for Defender.
Yeah wishful thinking in totality.
Shame that Micro has the monopoly it does on the O/S market the way they do. Strong competition if allowed would probably sink Micro in the O/S market and they have government support until all those military systems get p0wned
Yes, it's still a bit unclear to me if we get the best protection when it comes to behavior blocking on home user PC's. I'm hoping that malware analyis in the cloud is done via Win Def ATP, this would mean that even on home user PC's they would block advanced malware like Astaroth, see link. Take note of all the stuff that is blocked by Win Defender's behavior monitoring engine.
LOL, I'm watching WarGames (1983) a movie that I hadn't seen in 20 years or so, all thanks to Prime Video. So funny to see those old computers from the 80's again.
Reference noted! Thanks @Rasheed187
Separate names with a comma.