Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

They appear to be Microsoft files. It is nice of them to use Defender to tell us they are planting browser setting hijackers on our systems.

 

I know we're not supposed to post any results of VirusTotal or Jotti but what do those say about the files?

Just curious if Microsoft is the only one "flagging" its own files or if there are copycat engines doing the same.

Edit: never mind. Prob. cleared by now.

 

No detections. I didn't expect there to be. This is from the Dev channel on Windows 11. All I did was boot it and I started getting popups about these files. This VM is kept in a mostly clean state. Snapshots are created after a Windows update and any 3rd party software is removed by rolling back to the snapshot after testing.

 

well, at least they're honest about it.

 

@itman --thank you for your response here concerning the vulnerable driver block list and HVCI. If HVCI is the same as Core Isolation/Memory Integrity, then yes, it's enabled on here with zero issues and my memory is over-clocked via xmp. I already got an answer on Malwaretips that OSA could not step in like the MS block list because it's "not as strong."

My question to you or anyone is: does the vulnerable driver block list come automatically with Core Isolation/Memory Integrity on Windows Home version? It seemed in the MT discussion it could only be enabled on paid Windows versions. Perhaps I misread this. I hope I did.

 

How to configure Defender updates frequency via GPEdit? I have windows updates set to notify before download, but for whatever genius reason MS treats Defender updates as regular Windows updates. I want to receive signature updates automagically, without bundling them with regular Windows patches.
Attached Policy doesn't seem to work.

EDIT: I forgot that I had my mobile network set as a metered connection, signatures are now downloaded on schedule set in GPEdit

 

Has anyone experienced an absurdly fast Defender scan before? I can recall one such instance a few years ago that turned out to be some kind of bug but that's been long fixed.

9 seconds is pretty short--it's usually around 30-45 seconds for the same amount of files. Just ran it again to see if it was repeatable. No, this time it was 8 seconds. Not complaining but it's a little off the track from the usual.

Spoiler

 

I've never seen that one personally before.

 

Never ever and that does not sound good.

 

i'd seen it once or twice on 10 but haven't seen it on 11.

 

OK, thanks for replies. That's somewhat reassuring, imdb. Guess all one can do is keep an eye on it. Things like this, many people will likely report it if it's an anomaly.

 

I've seen it before but I wouldn't worry about it unless it is an ongoing problem.

 

yep, you got that right.

 

My 'quick scan' is usually under 2 minutes but always more than a minute...

 

On Windows 10 desktop with slower HD, quick scan took 2:46 and reported 22,333 files scanned.
On Windows 11 laptop (super fast everything), quick scan took 3:00 and reported 18,238 files scanned.

So it appears my scans are longer than what members have reported.

 

Microsoft Defender's protective capabilities suffer offline
https://www.ghacks.net/2022/04/22/microsoft-defenders-protective-capabilities-suffer-offline/

--------------
Malware Protection Test March 2022 - AV-Comparatives

 

first quickscan after bootup is normally 2-3 minutes.....
next quickscans are then 45-55 seconds (as I'm guessing it's smart enough to not rescan what hasn't changed) and maybe stores in memory....
reboot again and quickscan 2-3 mins

 

just another pointless article on ghacks. running WD offline means windows running offline, both having no updates. by purpose admin(s) can provide updates via WSUS or similar.
but this one is important:

guess why. dont you think thats reason that market is fighted that hard?

 

I did some tests out of curiosity, as reported in my post this morning my quick scan was under 2 minutes. Now, about 9 hours afterwards my quick scan lasted 50 seconds for 23,797 files. performing another quick scan a few minutes later, it lasted 19 seconds for 20,255files, which is almost as fast as plat1098 reported... Therefore it is possible that MS Defender might keep a record of previous scans if they are performed frequently enough... I usually have a quick scan once a month, therefore I've never noticed any discrepancy with scanning times.

 

You are right- it must be keeping records. I just did the scan again on my desktop and what took 2:46 took 1:34 four hours later for the same number of files.

 

This is what I was wondering but couldn't find any documentation for. Your results sound about right, but clearly didn't happen for me. Just now it's 20 sec for 38658 items--about double. Nothing has changed software-wise from prev. Hmmm.

 

No matter what others may say, I think this is a bit troubling especially from a technical point of view. Because this means that the locally based AV engine is garbage and all scanning including behavioral analysis is done in the cloud. M$ should really improve it and lately I have been reading more and more about hackers/malware being able to bypass Win Defender by simply disabling it.

 

@Rasheed187, if what you say about how easy hackers can disable WD then it is scary

 

Check this out.

https://vanmieghem.io/blueprint-for-evading-edr-in-2022/

 

No, it is not, Rasheed has been ********** Microsoft Defender for years and always moving the goalposts.

Microsoft Defender has been tested for years and it is been proved that its protection is on par or even better than many paid antivirus solutions; actually it is very easy to see how good Windows native security is now and how it was disruptive to third party security vendors and malicious actors.

The problem is that he thinks that somehow an antivirus should be perfect, impenetrable, infallible, capable of proactively protecting against targeted attacks, but in real world and for home users its protection is more than fine; an antivirus is just one piece in a security strategy.