Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,504
    Location:
    Italy
    Added with Powershell 2 rules:

    - Block execution of (potentially) obfuscated scripts.
    - Impede JavaScript and VBScript to launch executables.


    Immagine.jpg

    I have Windows 10 Home.
     
  2. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware
    Link : https://blogs.technet.microsoft.com...tack-surface-against-next-generation-malware/
     
  3. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Stopping ransomware where it counts: Protecting your data with Controlled folder access
    Link : https://blogs.technet.microsoft.com...ting-your-data-with-controlled-folder-access/
     
  4. plat1098

    plat1098 Guest

    Yes, also done, and added rule for blocking executables from email. Again, many thanks, this fills in some necessary gaps. :) Had to overcome my distaste of Powershell, though. :gack: Hopefully it's done properly and the rule is actually active. Edit: also on machine w/Home.

    Example:

    script rule PS.png
     
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,504
    Location:
    Italy
    Last edited: Oct 23, 2017
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,177
    Location:
    .
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,504
    Location:
    Italy
    Yes.
    The filter is available in other browsers.
     
  9. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Where can be seen when did Windows Defender download/check for update (Reliability Monitor?)?
    I set in GPE to check every 1h for update but i can see only 2-3 downloads update at day.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,224
    Location:
    The Netherlands
    I'm surprised they don't talk about ransomware that is using trusted processes to encrypt files, will Protected Folders also tackle this? And no real life showcase where it actually stops ransomware? Sorry, this isn't good enough and it might make M$ look bad once people start testing it. I hope they aren't really this dumb.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
    No.
    https://docs.microsoft.com/en-us/wi...fc-apps-to-make-changes-to-controlled-folders
     
  12. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Yes.
    I have the two new enhanced detection levels in Windows Defender activated. High+ on one pc and Zero Tolerance on another so far.

    I also actively use all four features in Windows Defender Exploit Guard. Both Attack Surface Reduction, Network Protection, Controlled Folder Access and Exploit Protection.

    No problems so far. Everything complementing each other nicely. :thumb:

    In all other browsers and on all other processes.
    The new Network Protection are implemented in the network stack and now covers everything that attempts to call out.
    No more hidden communication through other processes. :thumb:
     
  13. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    All Windows Defender logs are in Event Viewer.

    Event Viewer > Applications and Services Logs > Microsoft > Windows > Windows Defender Antivirus.

    In there you open the folder Operational, and you will find the logs.

    Also, no need to obsess to much with number of daily updates.
    There will be anywhere from a handful to a dozen main updates a day.
    Anything WD needs additionally in between those are pulled in dynamically as needed.
     
  14. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    BleepingComputer has 10 fresh tweets from yesterday about it, starting here : https://mobile.twitter.com/BleepinComputer/status/922584550978531328

    As you can see Windows Defender did a great job of detecting all ransomware they threw at the system, so they had to exclude the sample folder in Defender.
    After this, the test continued.
    Controlled Folder Access then blocked all ransomware samples they threw at the system, from altering anything in the protected folders.

    Verdict : Strongly recommended and 10/10. :thumb:

    The only caveat that users have to remember are, that when they first enable the feature then by default it protects their personal files stored in the default user folders the OS has.
    All folders a user has made themselves needs to be added, because naturally the feature needs to know on which drives/shares you have files that you want to protect.
     
  15. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Tnx

    I got these two things that are related to the update.

    1.png 2.png
     
  16. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,504
    Location:
    Italy
    Hi Martin_C.
    I have not yet configured "Controlled Folder Access".
    The reason this article published in my Country:

    https://www.ilsoftware.it/articoli.asp?tag=Ransomware-come-li-blocca-Windows-10_16310

    Could you check negative points with "Google Translate"?
    TH.

    ;):thumb::)
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,430
    Location:
    U.S.A.
     
  18. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,504
    Location:
    Italy
    Wow itman.
    You have perfectly written the negative points to be checked.
    TH.
    ;):thumb:
     
  19. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    I still have to upgrade to FCU, but rather than folder protection I'd enable:
    1. zero tolerance block level
    2. exploit protection
    3. network protection
     
  20. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,292
    Location:
    USA,IA
    I wonder why they didn’t add some of the features like the exploit guard and network protection into the UI and have to use power shell. I’m tempted to make a GUI for the power shell commands
     
  21. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
  22. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    There's really nothing to worry about.
    This feature runs Default-deny. And it doesn't care if offending process has user or admin privileges. Still Default-deny.

    Activate, reboot, use system normally. Then start adding your personal folders on other drives/shares.

    On a clean system, safe processes will be granted access.
    And as testing has shown - if vetting becomes blinded, then Default-deny translate into no new access granted.

    This is what you want from a modern approach to security. The assume breach mentality.
    Always go for a layered setup, which is what the four new features in Windows Defender Exploit Guard further strengthens.
     
  23. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,021
  24. madirish

    madirish Registered Member

    Joined:
    Oct 14, 2006
    Posts:
    4
    Location:
    USA
  25. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,359
    Is exploit prevention still active when using another free Antivirus? o_O
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.