Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. fmon

    fmon Registered Member

    Joined:
    May 5, 2013
    Posts:
    1,155
    That's good because there is no need for supermegamastercleaner. :D

    I really like Windows Defender and I don't miss all the ad pop ups from Avira and Avast. :thumb:
     
  2. AMDGamer2016

    AMDGamer2016 Registered Member

    Joined:
    Jul 20, 2016
    Posts:
    3
    Location:
    Gibraltar Michigan United States
    Slowly Getting Used to Defender, Enabled Pua Protection for all Windows 10 Systems, not sure on Controlled Folder access, as my data is stored off the C:\drive, and backed up weekly, Other machines not much data on them. Is there anything else I should enable to have the maximum protection without any system lag or slowdowns

    System specs are
    Intel I7 7700 (main system) 8gb of ram, 2gb Video ram, Windows 10 Pro ((Main and Secondary system currently using Defender))), Others still with Avast til i'm comfortable fully with it
    Secondary system--AMD FX 8310 8gb of ram, Windows 10 Home
    Family System: HP P6-2133W WIndows 10 pro, AMD A6-3620 with Radeon 6530D, 8gb of ram
    and 4th System, Intel Atom Celeron M 1.60ghz, Windows 7 SP1, 2gb of ram (might need to work on the page file for that one) very very slow system, can hardly open Avast UI right now

    Once i'm fully used to Defender I think I will stay with it, am tired of the Avast ads, and having to upgrade to new version monthly, but if it's not a good idea to switch, then i'll leave the other PC"s with Avast
     
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    What i don't like on Windows Defender is this ever-existing slowdown "issue" on enumerating folders with big exes, i have one with 20+ big installers and explorer took 10sec to fully load the folder because of WD...with EAM or other softs this doesn't happen...
     
  4. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    421
    Virtualization-based protection of code integrity now available on non-Enterprise SKUs.

    As Jeffrey Sutherland tweets :
    https://mobile.twitter.com/j3ffr3y1974/status/935570487328911360

    Currently the way to enable are to follow instructions on Microsoft Docs here :
    https://docs.microsoft.com/en-us/wi...ualization-based-protection-of-code-integrity

    Jeffrey Sutherland also mentions :
    https://mobile.twitter.com/j3ffr3y1974/status/935660183165865984

    Dave Weston tweets :
    https://mobile.twitter.com/dwizzzleMSFT/status/935657242413510656

    This is absolutely amazing news!!
    Security features that used to be restricted to Windows 10 Enterprise are now available to Windows 10 1709 Fall Creators Update users on 10 Pro and 10 S !! :thumb::thumb:

    This is not available on Windows 10 Home, since that SKU does not include hypervisor. But an upgrade from Home to Pro are not expensive and will bring you goodness like this.

    Keep in mind - read activation instructions carefully, especially the troubleshooting section just in case you have a driver or something causing you problems afterwards.
     
  5. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,154
    Location:
    Toronto, Canada
    @Martin_C This recent development regarding more wide-spread VBS is absolutely huge for the security community. No doubt, it does require more modern hardware to support this generally. But absolutely worth it. Kernel Control Flow Guard and more, oh my! :thumb:
     
  6. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,154
    Location:
    Toronto, Canada
    Looks as though Windows Defender Application Guard may very well be coming to other Windows SKU's (and other browsers) in the near future. Virtualization based security will most definitely have some significant importance in the coming years.
     
  7. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    421
    @WildByDesign :
    Yes, it does require recent hardware.
    But hardware backed security like this are 100% worth it.

    I also noticed the mentioning of Windows Defender Application Guard coming to more SKUs.
    Lets hope to hear something more on that soon. That will be an amazing addition to the protection stack on Windows 10 Pro. :thumb:
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,559
    Location:
    The etherlands
    I have an unopened Dell XPS13 8th Gen Intel Win 10 Pro laptop, but ...

    Unless these new security developments are implemented by default (like Exploit protection), or are simple to implement, I think I'll pass ... they may become more widely available, but they look as if they are more suited to being implemented by enterprise admins, rather than 'non-experts' ... ?
     
  9. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    421
    @paulderdash :
    With an 8th generation Intel laptop, you ought to meet requirements.

    The virtualization-based protection are not enabled by default. You have to do so yourself.

    Advising on if you should take it upon yourself to do so - I think you should read through the Microsoft Docs on it and judge for yourself.
    It's straight forward and well documented, but you have to go through the few steps listed.

    I will say this - with a brand new laptop, you are in the best possible position.

    If you want to enable, then first boot into BIOS and make a note of its version.
    Next go to BIOS/firmware/driver site from manufacturer and see if there are any updates for BIOS.
    If yes, then download and do the update.
    Next boot into BIOS and see if virtualization features are enabled.
    Often they are not.
    Enable and reboot.
    Boot into Windows and update to Windows 10 1709 Fall Creators Update, if not already installed on laptop. Next make sure it's fully updated.
    Then in Device Manager, check for driver updates - just to be sure. Reboot as necessary.

    Now check if your hardware meets the requirements for running Windows 10 Pro 1709 Fall Creators Update with virtualization-based protection enabled - follow instructions here

    If requirements are meet, then follow Microsoft Docs instructions on how to enable virtualization-based protection
    Reboot.

    Laptop should now be running Windows 10 Pro 1709 Fall Creators Update with virtualization-based protection of code integrity enabled.

    One caution - there's a risk that laptop came preloaded with a driver or application that turns out to be incompatible. So be prepared to deal with this. Just in case.
     
  10. rpsgc

    rpsgc Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    307
    Location:
    Portugal
    Hmm... after enabling HVCI and rebooting, Malwarebytes' exploit protection was automatically disabled.
     
  11. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,177
    Location:
    Adelaide
    This annoyed me also. I got around it by checking my backed up .exe files with a few different scanners to be sure all files were legit, then added said folder to WD's Exclusions list.
     
  12. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    421
    As an appetizer for anyone that wonders what enabling virtualization-based protection of code integrity as mentioned here will bring them, here's a few links :

    https://www.blackhat.com/docs/us-16/materials/us-16-Weston-Windows-10-Mitigation-Improvements.pdf
    https://blogs.technet.microsoft.com...ith-windows-10-virtualization-based-security/
    https://blogs.technet.microsoft.com...annacrypt-ransomware-smb-exploit-propagation/

    Kernel Control Flow Guard, HVCI, Hyper Guard added to your Windows 10 Pro or 10 S setup - that is huge.

    With recent hardware.
    A clean installation of Windows 10 x64 1709 Fall Creators Update.
    HVCI enabled as mentioned here.
    And all the native security available to consumers in 1709 Fall Creators Update activated as summarized here.
    That is a extremely powerful combination. :thumb:
     
  13. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    For those who can afford it...many can't sadly.
     
  14. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    421
    Windows 10 S comes with new hardware purchases - no additional expenses.
    Upgrading from Windows 10 Home to Windows 10 Pro is a one time expense. :thumb:

    Third-party security are never ending yearly payments, constant bombarding with ads, popups and banners and the occasional revealing of vendors who do data-mining of their customers meta-data and sell it to advertisers. :gack:
     
  15. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    In non-western/rich countries like i am, it would cost 1-2months of salary, most can't buy; and those who can, have other priorities.

    mostly a geek westerners concerns, here they use free products and even flagship like KIS have prices adapted to the local market.
    Privacy & ads? here most people don't care.

    In the absolute you are right, one time expense will be cheaper on long term compared to paid 3rd party products; but here free products, offering same or better security, reign.
    Spending for Pro version that add few things is too impacting on the wallet, so inherently out of reach from basic users.
    For me Windows Pro shouldn't even exist... Home user and enterprise, that is it. MS won't make a fortune with Pro users.
     
  16. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,295
    Yeah, so many Editions...:confused:
     
  17. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,154
    Location:
    Toronto, Canada
    Source: https://twitter.com/tiraniddo/status/936395027839778816

    Windows Defender: Controlled Folder Bypass through UNC Path
    Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=1418

     
  18. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    421
    Relax. :) Bug found, reported, seems to be marked vnext by MSRC. Life goes on.

    Forshaw are good at poking where others didn't. That's a good thing.
    (Now, if only he would tone down the drama in his reports. Not every single bug report needs to be Broadway material).
     
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,476
    Location:
    U.S.A.
    Could not have said it better myself:
    https://bugs.chromium.org/p/project-zero/issues/detail?id=1418
     
  20. fmon

    fmon Registered Member

    Joined:
    May 5, 2013
    Posts:
    1,155
    With PUA enabled I get some "false positives" - I think I will deactivate it.
     
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    863
    Location:
    Italy
    Last edited: Dec 3, 2017
  22. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,533
    It also produces false negatives, for example PDF Shaper Free.
     
  23. fmon

    fmon Registered Member

    Joined:
    May 5, 2013
    Posts:
    1,155
    I agree, I hope Microsoft will fix it soon. :(
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,042
    WD is scanning files "on-access" (it scans files when they are read by any program) and there will be always a delay. For example after opening a folder with a lot of installers.
    Other products might use a different scan method (files are only scanned after being created, modified or when they started) and this leads to no delay after opening a folder.
    It can be "fixed" if WD would use a different scan method or if the user were able to select a different scan method.
     
  25. fmon

    fmon Registered Member

    Joined:
    May 5, 2013
    Posts:
    1,155
    Nearly no delay with other free AV, an option for different scan method would be great. I don't want to reduce the performance of my Samsung SSD. :(
     
Loading...