Windows Defender

Discussion in 'other anti-malware software' started by Toby75, Jul 22, 2009.

Thread Status:
Not open for further replies.
  1. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    I know WD isn't popular here on Wilders but I wanted to share this anyway. I just found out you can use Windows Defender as a HIPS program WITHOUT being a member of their spynet community.

    Everyone that I have talked to in the past have said that you must be a member of this spynet community to fully unleash its potential. I have unchecked the spynet box and am still using it's full HIPS functionality. After I unchecked this box....I had to go to options and check off the HIPS part as deregistering as a member deactivated some features of the HIPS part.
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    Toby75, are you talking about, under Use real-time protection > Choose if Windows Defender should notify you about, both the Software that has not yet been classified and Changes made to you computer by software that is permitted to run boxes?

    The first box is usually checked when SpyNet is joined but normally, these 2 boxes are unchecked. Nothing wrong with checking them both.
     
  3. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Yes...this is what I mean.

    I don't see a difference in terms of HIPS functionality being a spynet member or not.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    What's wrong with SpyNet? Every single other product forces you to use their version. At least MS lets you disable it and even warn you about it instead of hiding it away in a EULA or whatever. SpyNet is a good thing.
     
  5. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Who said anything is wrong with Spynet?....I sure didn't. I'm referring to what people have stated in the past about Spynet improving HIPS functionality. I'm only pointing out that it makes no difference if you are a member or not.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Alright, could you show me an example/screenshot of it's HIPS functionality in action?
     
  7. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    MBAM loads its drivers and is allowed to do so as it's whitelisted under WD:
     

    Attached Files:

  8. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    This kind of HIPS is a part of the new MSE too right? Atleast I think I saw options for SpyNet... Does it deliver a lot of prompts or is it still very seamless? Does it consider what's trusted (and not) before prompting the user?
     
  9. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Not sure - sorry

    MS really does a great job whitelisting apps. When I installed the latest version of MBAM, it took MS just a few days to whitelist the app. No more prompts.

    Regarding trusted and non-trusted apps, you choose how WD should notify you. You could set it to notify on both. (like I have it set to)

    Also, WD is absolutely amazing at detecting trojans. Noone mentions it on Wilders but please test it for yourself. It is quite impressive.
     

    Attached Files:

    Last edited: Jul 22, 2009
  10. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    raven211, according to this MSE forum thread: How SpyNet works?, it looks like in the Beta version (I thought I saw it mentioned in your sig? :doubt: ), it is ON by default.
     
  11. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    There is no HIPS in MSE. Whether Microsoft will have Windows Defender in windows 7 for the HIPS component is unclear to me. SpyNet isn't the HIPS component, that's just the statistical component to help improve detection.
     
  12. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I'll give WD a go again Toby. Any recent tests on its performance/detection?
     
  13. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480

    I'm not familiar with any documented tests but I test it myself quite often. Go to the 1 site that has tons of malware (ya know the 3 letter abbreviation) and test it there.

    Make sure you have all of the boxes ticked like in my above screen shot.

    Happy Testing! :)

    Toby
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    As far as I know, WD uses the exact same signatures as MSE.
     
  15. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Interesting. I guess that's why it disables windows defender when it installs.

    Wouldn't windows defender be much lighter? Found WD uses under 10MB of ram.

    Toby, you might have to PM that site, my brain is dead today, so can't think which one you're referring to! ;)
     
  16. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567

    I did have it installed and in my sig. :D

    Seems like a very interesting HIPS alternative. Could I as well run it alone on my AM front together with my sandbox?
     
    Last edited: Jul 23, 2009
  17. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Oh right, and will WD always be available even when they release the final version of MSE, being an alternative HIPS? :doubt:
     
  18. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    raven211, perhaps this MSE forum sticky: Windows Defender and Microsoft Security Essentials, could answer your question, although, keep in mind that it's still in BETA (Beware Experimental Test Application) stage. ;)
     
  19. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Testing it out now alongside MSE, seems alright. WD doesn't appear to have any anti-malware real-time protection (where MSE comes in) it appears to use the current definitions as part of identifying processes for it's HIPS function. Signed up to advanced SpyNet for both.

    edit: Is there something I can do to test the popups? I've had none so far as I told it not to interfere with known trusted apps.

    edit2: I actually just noticed the above URL is working for me now. I can only assume they will add in the extra WD functionality in a later MSE beta, but then, why would they be bundling WD in windows 7? Guess only time will tell...
     
    Last edited: Jul 25, 2009
  20. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    funkydude, I've yet to see a detection popup, but have been notified to review actions. See below when hitman pro is run.

    1.jpg
    2.jpg
    3.jpg
     
  21. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Did it stop that action from happening in the first place, or is it permitting it and then ask you later? - cause if it's the latter, it's obviously failing completely in case of real, new malware and other threats. :D
     
  22. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Permitting then asking you during. If you don't respond, the action continues.

    I thought I'd select 'deny' this time, and the following prompts were available. Hitman Pro still finished its scan after deny was selected. Whether the updated driver is prevented from installing, won't know until restart.

    222.jpg
    333.jpg
     
  23. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    From what I can tell, after restart, driver reports it was last modified when Hitman Pro was last run. Loaded Hitman Pro, and it runs just fine. Anything else WD would have done?
     
  24. ASpace

    ASpace Guest

    Most likely the drivers no longer loads . Check with MS Autoruns.
     
  25. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Interesting, thank you.
     
Loading...
Thread Status:
Not open for further replies.