Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How the hell WD works on Windows Home & Pro?
Message
<blockquote data-quote="Andy Ful" data-source="post: 835847" data-attributes="member: 32260"><p><strong>Does WD use behavior blocking?</strong></p><p></p><p>It is funny, but many people think that WD cannot use behavior blocking. Yet, this is the most evident and sometimes annoying WD feature. If WD uses it, then the file <span style="color: rgb(184, 49, 47)"><strong>execution is temporarily blocked </strong></span>and WD usually shows the alert:</p><p></p><p>[ATTACH=full]225230[/ATTACH]</p><p></p><p>The time required for scanning is set by default to 10s and can be changed up to 60s. After finishing the scan WD takes the below actions:</p><ol> <li data-xf-list-type="ol">The file is allowed to run.</li> <li data-xf-list-type="ol">The file is not allowed to run. WD removes or quarantines it.</li> <li data-xf-list-type="ol">The file is allowed to run, but analysis in the cloud is continued. If the malware is recognized as malicious then WD tries to stop the malware. In some cases, the reboot is required to remove or quarantine the malware.</li> </ol><p>How does it work on Windows Home and Pro?</p><p>WD uses the local signatures and local Machine Learning (ML) models to find out if the file behavior can be malicious or suspicious. If it is suspicious, then the file metadata is sent to WD cloud for quick detection or analysis. This can take several milliseconds. If ML models in the cloud still cannot classify the sample, then it is uploaded to the cloud and analyzed by more comprehensive ML models - this can take several seconds.</p><p>Each suspicious action is scored and an overall score is computed for each process. High scoring will trigger the detection of the process as malicious. The threshold when the detection is triggered depends on WD setting (CloudBlockLevel).</p><p></p><p>On Windows E5 some more advanced features are available, which can take several minutes:</p><ul> <li data-xf-list-type="ul">Advanced machine learning and AI based protection for apex level viruses and malware threats</li> <li data-xf-list-type="ul">Advanced cloud protection that includes deep inspection and detonation</li> <li data-xf-list-type="ul">Emergency outbreak protection from the Intelligent Security Graph</li> <li data-xf-list-type="ul">Monitoring, analytics and reporting for Next Generation Protection capabilities</li> </ul><p>Here are some examples of ML behavior-based detections on Windows Pro (default, high or max ConfigureDefender settings):</p><p>[URL unfurl="true"]https://malwaretips.com/threads/mixed-threats-17-01-07-2019.93492/#lg=thread-93492&slide=39[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/malware-samples-24.93439/#lg=thread-93439&slide=7[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/malware-samples-17-9-08-2019.94252/#lg=thread-94252&slide=74[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/malware-samples-19-8-07-2019.93625/#lg=thread-93625&slide=3[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=3[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=4[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=6[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=9[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=10[/URL]</p><p>[URL unfurl="true"]https://malwaretips.com/threads/predator-stealer-21-09-2019.95137/post-835681[/URL]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 835847, member: 32260"] [B]Does WD use behavior blocking?[/B] It is funny, but many people think that WD cannot use behavior blocking. Yet, this is the most evident and sometimes annoying WD feature. If WD uses it, then the file [COLOR=rgb(184, 49, 47)][B]execution is temporarily blocked [/B][/COLOR]and WD usually shows the alert: [ATTACH type="full" alt="BB.png"]225230[/ATTACH] The time required for scanning is set by default to 10s and can be changed up to 60s. After finishing the scan WD takes the below actions: [LIST=1] [*]The file is allowed to run. [*]The file is not allowed to run. WD removes or quarantines it. [*]The file is allowed to run, but analysis in the cloud is continued. If the malware is recognized as malicious then WD tries to stop the malware. In some cases, the reboot is required to remove or quarantine the malware. [/LIST] How does it work on Windows Home and Pro? WD uses the local signatures and local Machine Learning (ML) models to find out if the file behavior can be malicious or suspicious. If it is suspicious, then the file metadata is sent to WD cloud for quick detection or analysis. This can take several milliseconds. If ML models in the cloud still cannot classify the sample, then it is uploaded to the cloud and analyzed by more comprehensive ML models - this can take several seconds. Each suspicious action is scored and an overall score is computed for each process. High scoring will trigger the detection of the process as malicious. The threshold when the detection is triggered depends on WD setting (CloudBlockLevel). On Windows E5 some more advanced features are available, which can take several minutes: [LIST] [*]Advanced machine learning and AI based protection for apex level viruses and malware threats [*]Advanced cloud protection that includes deep inspection and detonation [*]Emergency outbreak protection from the Intelligent Security Graph [*]Monitoring, analytics and reporting for Next Generation Protection capabilities [/LIST] Here are some examples of ML behavior-based detections on Windows Pro (default, high or max ConfigureDefender settings): [URL unfurl="true"]https://malwaretips.com/threads/mixed-threats-17-01-07-2019.93492/#lg=thread-93492&slide=39[/URL] [URL unfurl="true"]https://malwaretips.com/threads/malware-samples-24.93439/#lg=thread-93439&slide=7[/URL] [URL unfurl="true"]https://malwaretips.com/threads/malware-samples-17-9-08-2019.94252/#lg=thread-94252&slide=74[/URL] [URL unfurl="true"]https://malwaretips.com/threads/malware-samples-19-8-07-2019.93625/#lg=thread-93625&slide=3[/URL] [URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=3[/URL] [URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=4[/URL] [URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=6[/URL] [URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=9[/URL] [URL unfurl="true"]https://malwaretips.com/threads/malware-samples-15-4-07-2019.93559/#lg=thread-93559&slide=10[/URL] [URL unfurl="true"]https://malwaretips.com/threads/predator-stealer-21-09-2019.95137/post-835681[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
