ConfigureDefender utility for Windows 10/11

shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
  • Like
Reactions: Deletedmessiah, vtqhtr413 and Andy Ful
Brie

Brie

Level 10
Verified
Well-known
Jan 1, 2018
493
nevermind. it was my 'norton web filter' that was deleting the download. thank you all. :oops:
 
Last edited:
  • Like
Reactions: Andy Ful
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Brie said:
my windows defender blocks the download of this file. solutions?
thanks in advance. (y)
Click to expand...
Using Admin Acct. Windows 10, go into Settings/Apps & Features and make sure Installing apps is maximum of "Warn me before installing apps from outside store". Also going into settings/Update & Security/Windows Security/App & browser control and make sure Check apps and files is set to warn, not block. Should make it possible to download and install. Hope it helps.
 
  • Like
Reactions: Brie, Deletedmessiah, Andy Ful and 3 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
Reldel1 said:
Using Admin Acct. Windows 10, go into Settings/Apps & Features and make sure Installing apps is maximum of "Warn me before installing apps from outside store". Also going into settings/Update & Security/Windows Security/App & browser control and make sure Check apps and files is set to warn, not block. Should make it possible to download and install. Hope it helps.
Click to expand...

Agreed. @Brie - ConfigureDefender will make all of this very simple since you may easily control all WD settings in one place.(y)
 
  • Like
Reactions: Brie, Deletedmessiah, shmu26 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,477
Brie said:
my windows defender blocks the download of this file. solutions?
thanks in advance. (y)
Click to expand...
This can happen if the user:
  • did not bypass the SmartScreen alert by choosing 'More info',
  • cannot bypass the SmartScreen alert because of non-default SmartScreen settings,
  • has non-default settings in Apps & Features which allow installation of apps only from Microsoft Store.
ConfigureDefender is whitelisted by Windows Defender signatures but not by SmartScreen, yet. If you have non-default SmartScreen settings in the Windows Defender Security Center, then change them to Warn - this will allow you to bypass SmartScreen alert.
Check also the settings in Apps & features (available from Power Menu) as in the post of @Reldel1.
You can restore your settings after running ConfigureDefender.
 
Last edited:
  • Like
Reactions: Brie, oldschool, silversurfer and 3 others
Nestor

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
I used BD for a while,before 4 months in windows 10, never had false positives, but every time i dowloaded a file,even small, it took ages to scan with smartscreen and the most annoying thing was that many times caused freeze.
 
  • Like
Reactions: Andy Ful and shmu26
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,477
oldschool said:
You are the Man Andy! This may add a bit of push to MS to implement it or similar in WD Home. Your dedication is greatly appreciated! (y):)
Click to expand...
Thanks. Actually, Microsoft is going to add ASR and maybe some other Defender settings to Windows Defender Security Center, in the next build. But, I doubt they noticed my little tool.(y)
 
  • Like
Reactions: military, oldschool, brambedkar59 and 4 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
If ASR rules are enabled for MS Office, is it recommended to avoid using 3rd party anti-exploit protection for MS Office, for instance, the Exploit Mitigation in HitmanPro.Alert?
 
  • Like
Reactions: Sunshine-boy, Andy Ful and oldschool
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
What is "block executable content from email client and webmail" all about? I mean, what webmail are they talking about?
If I use Gmail on Chrome, for instance, what will this rule block?
Or is it only for Outlook Online, on Microsoft browsers, and it blocks executable downloads?
 
  • Like
Reactions: oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,477
shmu26 said:
What is "block executable content from email client and webmail" all about? I mean, what webmail are they talking about?
If I use Gmail on Chrome, for instance, what will this rule block?
Or is it only for Outlook Online, on Microsoft browsers, and it blocks executable downloads?
Click to expand...
From the Microsoft article:
"
Rule: Block executable content from email client and webmail

This rule blocks the following file types from being run or launched from an email seen in either Microsoft Outlook or webmail (such as Gmail.com or Outlook.com):

  • Executable files (such as .exe, .dll, or .scr)
  • Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
  • Script archive files

Important
Exclusions do not apply to this rule.
"
Use Attack surface reduction rules to prevent malware infection
 
  • Like
Reactions: Sunshine-boy, silversurfer, oldschool and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,477
  • Like
Reactions: ForgottenSeer 85179, oldschool, silversurfer and 4 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
It looks like we will still need ConfigureDefender even after Redstone 5, because from what I read, it seems that Windows Security Center will just have one big button to toggle on and off for exploit protection, with no way to choose which particular ASR rules we want to use.
 
  • Like
Reactions: harlan4096, oldschool, silversurfer and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,477
There is an option in ConfigureDefender to activate Exploit Guard 'Network Protection'. There were some doubts if it works properly on Windows 10 Home and Pro, because the examples from the standard SmartScreen demo page (Demonstration malware website) were not blocked by 'Network Protection', and Microsoft claims that this feature is supported only on Windows 10 Enterprise (E3 and E5).
Use Windows Defender Exploit Guard to protect your network
First thing is that there is another demo page to test if 'Network Protection' is enabled:
SmartScreen Test
But still, there is the question if 'Network Protection' works in a similar way for non-Microsoft web browsers as SmartScreen for Edge and IE.
So I made the direct test on Windows 10 Pro ver. 1803:
  1. Found 20 phishing links that were blocked in Firefox by 'Network Protection' feature (FireFox native web filtering disabled).
  2. The fact of blocking the links was confirmed by checking Windows Event Log entry 1126.
  3. Any blocked link was also re-checked in Edge.
In all cases, the links were also blocked by SmartScreen in Edge.
Conclusion - 'Network Protection' uses SmartScreen and works for sure on Windows 10 Pro.

Edit.
Exploit Guard 'Network Protection' is supposed to work also outside web browsers. For example, if the malware tries to connect with the blacklisted web page, then it should be blocked, too.
I did not make the test for Windows 10 Home, but I am pretty sure that 'Network Protection' works also on the home version.
 
Last edited:
  • Like
Reactions: ForgottenSeer 85179, Sunshine-boy, oldschool and 6 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
There is an option in ConfigureDefender to activate Exploit Guard 'Network Protection'. There were some doubts if it works properly on Windows 10 Home and Pro, because the examples from the standard SmartScreen demo page (Demonstration malware website) were not blocked by 'Network Protection', and Microsoft claims that this feature is supported only on Windows 10 Enterprise (E3 and E5).
Use Windows Defender Exploit Guard to protect your network
First thing is that there is another demo page to test if 'Network Protection' is enabled:
SmartScreen Test
But still, there is the question if 'Network Protection' works in a similar way for non-Microsoft web browsers as SmartScreen for Edge and IE.
So I made the direct test on Windows 10 Pro ver. 1803:
  1. Found 20 phishing links that were blocked in Firefox by 'Network Protection' feature (FireFox native web filtering disabled).
  2. The fact of blocking the links was confirmed by checking Windows Event Log entry 1126.
  3. Any blocked link was also re-checked in Edge.
In all cases, the links were also blocked by SmartScreen in Edge.
Conclusion - 'Network Protection' uses SmartScreen and works for sure on Windows 10 Pro.

Edit.
Exploit Guard 'Network Protection' is supposed to work also outside web browsers. For example, if the malware tries to connect with the blacklisted web page, then it should be blocked, too.
I did not make the test for Windows 10 Home, but I am pretty sure that 'Network Protection' works also on the home version.
Click to expand...
Thanks, Andy. The point you mentioned in your edit is very interesting. Url protection in the browser is nothing new, but system-wide url protection like that is something you would expect to see only in an advanced firewall, AFAIK.
 
  • Like
Reactions: Sunshine-boy, oldschool, tsunami and 1 other person
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,139
Hi @Andy Ful

My Emsisoft AM just expired and I let it go. I'm lazy now to use other AV so currently using Windows Defender now.

The current Windows version is 1803 and I have HMPA too. Any issue with them?

I guess I have to read through all the pages now.

Just ran the x64 version and I think there's a bug

When the GUI is open and I press to minimize it minimizes to the lower task bar ie. there's an icon there. There's another icon in the system tray. Is this correct?

Should I close (or press the 'X') the GUI after setting to 'High' setting?

Should I just use default setting and let HMPA handles all exploit issues?

Thanks
 
Last edited:
  • Like
Reactions: Sunshine-boy, Andy Ful and shmu26

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,071
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,411
Hard_Configurator Tools
South Park
South Park
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,220
Video Reviews - Security and Privacy
tofargone
tofargone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top