Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    309
    Location:
    USA
    Is there a way to make the set-up one drive yellow warning from coming up?
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,875
    I wanted to try Windows Defender Application Guard

    I love smart solutions, like EMET and Exploit Mitigation. So what gives with this new thing called Application Guard? Indeed, I've sculpted a short article and preliminary review of the Windows Defender Application Guard usage attempt in Windows 10, covering convoluted setup with multiple sources, no Internet in Firefox during the extension configuration, security benefits of the solution, some snags, other details, and more. Do take a look.

    https://www.dedoimedo.com/computers/windows-10-application-guard.html


    Mods: if this should live in a thread of its own, please move it.

    Cheers,
    Mrk
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    105,812
    Location:
    Texas
    Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,121
    Location:
    U.S.A.
  5. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    469
    Location:
    USA
  6. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    59,100
    Location:
    U.S.A.
     
  7. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    309
    Location:
    USA
    Anyone with Windows Defender SFC errors might find this helpful: https://support.microsoft.com/en-us...-flags-windows-defender-ps-files-as-corrupted

    Cause

    This is a known issue in Windows 10, version 1607 and later versions, and Windows Defender version 4.18.1906.3 and later versions.

    The files for the Windows Defender PowerShell module that are located in %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender ship as part of the Windows image. These files are catalog-signed. However, the manageability component of Windows Defender has a new out-of-band update channel. This channel replaces the original files with updated versions that are signed by using a Microsoft certificate that the Windows operating system trusts. Because of this change, SFC flags the updated files as "Hashes for file member do not match."

    Future releases of Windows will use the updated files in the Windows image. After that, SFC will no longer flag the files.

    Workaround

    Because SFC incorrectly flags the files in %windir%\System32\WindowsPowerShell\v1.0\Modules\Defender, you can safely ignore the SFC error messages regarding these files.
     
  8. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    New machine learning model sifts through the good to unearth the bad in evasive malware.
    Much more in blog post here : https://www.microsoft.com/security/...e-good-to-unearth-the-bad-in-evasive-malware/
     
  9. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    609
    Location:
    Brooklyn, NY
    One is reading lots more about malicious ransom attacks on hospitals, power grids, town halls in cities large and small, and so on. It's really thought-provoking, it can affect anyone at any time. The article above is impressive and good reading--showing 95% precision rate. I would like to know how Defender ATP stacks up against third party competitors that are enterprise-focused. Anything published lately to that end?
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,985
    Location:
    USA
    Those are the big targets. Never try to extort money from poor people when you can collect millions. The problem is paying at all. There should be regular backups in place. The backups should run under an account nobody else has access to and an offline copy should be kept. Worst case you should never lose more than a couple of days worth of data depending on how old your offline backups are. Prevention is good but recovery is a must as 100% prevention is obviously impossible.
     
  11. guest

    guest Guest

    Their creators doesn't care, ransomware are like landmines, you throw as many as you can and wait the unaware victims to step on it. Poor or rich alike.

    That is the theoretical and what should be done, but most companies/organizations can't or won't pay a full time security-qualified admin, they just need their obsolete OS, MS Office and their printer to work, the rest is superfluous.
     
  12. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    609
    Location:
    Brooklyn, NY
    guest: this is harsh but no doubt true. I see Windows 7 running in my local dental clinic; it had malware on its systems during my appt there. :cautious: If someone was to go physically to a target location, freeze the systems and leave a ransom note, it's the pretty much the same high crime as deploying the malware remotely (trespassing aside). It's becoming like a war.

    I'm way less interested in home security routines, I'm OK there. But, Baltimore City was recently hit in a bad way, ultimately affecting many and officials blamed the NSA for its woes but in reality, it's dirt poor, riddled with corruption and terribly complacent. Low hanging fruit. Con Edison, the power provider for much of NYC, had better have its act together otherwise because it's bumbling and fumbling a little too often when the weather gets nasty. These attacks are becoming more common, all over the place. That's why I'm pleased to see an article detailing such protection, like Defender ATP.

    Edit: theoretical question: would a ransom-crook or national actor knowingly deploy malware that would knock out power to an entire municipality during a heat wave, leaving thousands to swelter without air conditioning? Oh, but if it isn't happening now, it ain't gonna happen, right??! .
     
    Last edited: Jul 26, 2019
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,985
    Location:
    USA
    They don't always know who they will get but obviously they would prefer high dollar targets. Like the time they found out they had a hospital and raised the ransom.

    True, nobody wants to spend the money for qualified staff. Too bad the ransom will cost more.
     
  14. guest

    guest Guest

    Cybercriminal profiles have evolved, it shifted long ago from hacking geeks wanting to get fame and renown to mercenaries hired by various mafias or shady (governmental or not) organizations.
    Those don't care of the well-being of people, they just want achieve their goal, their end justifify their means.

    And people running unpatched outdated OS (for whatever silly reasons) are accomplices by inaction of those criminals and part responsible of the actual malware propagation. An unpatched outdated OS which is exploited (quite easily with kernel exploits) is one more zombie in a botnet and more firepower for the controller.
     
  15. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,794
    Location:
    Mexico
    Are you insinuating to me? Because I **** on W10. W8.1 for the win! :ninja:
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That would include me too, as I am still on Win7 pro. And I have no plans to change. I can defend against the malware, but some Microsoft capricious actions are tougher to defend against/
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,121
    Location:
    U.S.A.
    I have a question about WD on Win 10 Home x(64) 1903.

    I thought the "Suspicious Files" option was supposed to be available on all vers. of 1903? I even added its associated reg. key value and still it does not show. Does an ASR mitigation have to be added for this? Perhaps the "Block exec. files from running unless they meet prevalence, age, or trusted list criteria" ASR mitigation?

    Appears this was an experimental setting since removed.
     
    Last edited: Jul 26, 2019
  18. guest

    guest Guest

    Problem in Wilders and forums is that people read post too fast and miss important elements.
    I wrote "unpatched outdated OS", I guess both of you are applying security updates, right?

    You can protect against malware more or less efficiently based on your skills but you have no protection against kernel exploits, only an OS patch can fix it.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi guest

    I did see that. As you know I am running Win 7 x64 Pro. For the most part I've kept up with Security updates, but a couple wouldn't install so I didn't bother. I think you know my security setup, and that is what I rely on.
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,794
    Location:
    Mexico
  21. guest

    guest Guest

    Yes I know your setup so I'm not worried about you or @Mr.X :)
     
  22. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,246
    Windows Defender got the TOP Product award in the last (June 2019) test from AV-TEST with a perfect score in all areas.

    https://www.av-test.org/en/antivirus/home-windows

    I wont be surprised if WD gets nominated as the antivirus of the year in 2020 by AV-Comparatives.
     
  23. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,239
    Location:
    Milan and Seoul
    Definitely getting better with every new test. I wonder how competitors are going to react and offer to attract new and old customers...
     
    Last edited: Jul 29, 2019
  24. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,631
    Location:
    Sneffels volcano
    Hi everyone, omg it's been a while since my last connection here in Wilders. So how are you guys doing with the great WD, I personally have had zero problems with malware whatsoever under Windows 10 since.

    Greetings all
     
  25. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,239
    Location:
    Milan and Seoul
    Hi Mac good to hear from you! I still have a year of subscription with Avira therefore I'll take a rain check with WD for the time being....
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.