Windows Defender

Discussion in 'other anti-malware software' started by Toby75, Jul 22, 2009.

Thread Status:
Not open for further replies.
  1. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    ASpace, just checked with MS Autoruns. No services or drivers.

    Checked with Hijackfree, and the HMP interface runs, but no driver.

    Installed Hitman pro again, checked with MS Autoruns, and Hitman Pro (support) driver appears. :thumb: So obviously Windows Defender removed a part of Hitman Pro, although not stopping it from running, I assume, prevented it from 'removing' files/items.
     
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Well WD has prevented it from making any major changes to your system, so I guess that was a success.
     
  3. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Hm... then I'm still unsure what would've happened in case of malware doing stuff on the system. :doubt: Infecting the MBR (wait... is that even monitored by WD!? :ninja:) - whatever. If it's like you say; permits it and then you can choose what should happen after that. I dunno... that just sounds very ineffective if this feature is obviously supposed to provide extra protection capabilities for advanced users.
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    As far as I see, it doesn't permit anything, it pauses it.
     
  5. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Okay, hehe - much better that it suspends it at least. :D First I was like "WTF? That doesn't solve anything!" :D So, what about one of the most serious infections today, the MBR Rootkit? (At least I guess it's one of the most serious... :doubt:) Does any of its monitors see an action like modifying the MBR?
     
  6. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,410
    Location:
    U.S.A.
    raven211, I don't believe WD protects against the MBR Rootkit; I could be wrong. Re: How Windows Defender identifies spyware and potentially unwanted software. I use GMER.
     
  7. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I'm not 100% sure on the specifics behind MBR rootkits, but if it can't install the driver because of WD, how could it do any damage?
     
  8. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Slightly off-topic, but if using Vista, and UAC is on, the following prevx blog page reports UAC prevents the MBR rootkit.

    http://www.prevx.com/blog/75/Master-Boot-Record-Rootkit-is-here-and-ITW.html

    Be interesting to see how WD would go.
     
  9. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,410
    Location:
    U.S.A.
    elapsed, after reading MBR rootkit changes itself and strikes again:
    I don't think WD can handle this rootkit. Perhaps a future MSE will.
     
  10. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
  11. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Interesting, I'm still running WD alongside MSE and W FW, I'm curious to see if we will just use WD in windows 7 alongside MSE or they will introduce that aspect in a later MSE release and use MSE standalone. Although, I'm not too bothered about a HIPS, I feel sufficiently protected with MSE alone.
     
  12. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Today I updated my Hosts file via HostsMan and it intercepted and blocked this action. I selected allow, but it's nice to see that being stopped.
     
  13. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Good stuff, elapsed - thanks for the information. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.