Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Best Antivirus vs Windows Defender: What's the difference? (PC Security Channel)
Message
<blockquote data-quote="Vitali Ortzi" data-source="post: 1114632" data-attributes="member: 57714"><p>Basically you had a shell and we're able to do at least limited operations without raising behavior monitoring to flag the operation as malicious </p><p></p><p>So it's something you made so no signature , behavior wasn't malicious enough to cause av software to filter it and since av software by default are configured to have low false positives and auto allowed based on emulation,behavior , signatures and maybe more tricks depending on the av </p><p></p><p>The reason Andy asked for an any.run is because that sandbox automates every action of an executable , command and shows what mitre tactics were used and it helps a lot in understanding if and wich malicious behaviors are used </p><p></p><p>You're totally correct that default settings especially on defender </p><p> allows shell even with privileges and future malicious behavior can be executed (no malicious behavior at first )</p><p></p><p>Yes it is a security issue and there is no solution that isn't aggressive and Microsoft is working on vbs , adminless (security by default ) that should not allow privilege access (under vbs , standard user privileges or lower )</p><p>Unfortunately the solution Microsoft is working on is aggressive but should make windows more like other consumer os systems like chrome os , android , iOS where every third party process is restricted in a sandbox with limited permission</p></blockquote><p></p>
[QUOTE="Vitali Ortzi, post: 1114632, member: 57714"] Basically you had a shell and we're able to do at least limited operations without raising behavior monitoring to flag the operation as malicious So it's something you made so no signature , behavior wasn't malicious enough to cause av software to filter it and since av software by default are configured to have low false positives and auto allowed based on emulation,behavior , signatures and maybe more tricks depending on the av The reason Andy asked for an any.run is because that sandbox automates every action of an executable , command and shows what mitre tactics were used and it helps a lot in understanding if and wich malicious behaviors are used You're totally correct that default settings especially on defender allows shell even with privileges and future malicious behavior can be executed (no malicious behavior at first ) Yes it is a security issue and there is no solution that isn't aggressive and Microsoft is working on vbs , adminless (security by default ) that should not allow privilege access (under vbs , standard user privileges or lower ) Unfortunately the solution Microsoft is working on is aggressive but should make windows more like other consumer os systems like chrome os , android , iOS where every third party process is restricted in a sandbox with limited permission [/QUOTE]
Insert quotes…
Verification
Post reply
Top
