ConfigureDefender utility for Windows 10/11

[shmu26]

The importance of 'Cloud Protection Level' and 'Cloud Check Time Limit' can be seen here:
Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Do some of these layers apply only to Enterprise users?

 

[Andy Ful]

Care to be more specific about what - child protection - is?
And also, what does - WAM - mean, that is an option under Admin:Smartscreen?

WAM = Warn = W a r n
Child protection setup can be seen in the attachments below.

 

[In2an3_PpG]

Thanks for making this utility. Makes it so easy to configure defender now.

Great work.

 

[Andy Ful]

Do some of these layers apply only to Enterprise users?

In Windows Pro and Enterprise editions 'Big Data Analytics' is also supported by Advanced Threat Protection (paid subscription service).

 

[Daniel Keller]

New link to ConfigureDefender ver. 1.0.0.1
ConfigureDefender/ConfigureDefender_1.0.0.1.zip at master · AndyFul/ConfigureDefender · GitHub
The file contains the ConfigureDefender_x32.exe (Windows 32-bit) and ConfigureDefender_x64.exe (Windows 64-bit).

Hi Andy,
great great tool - as usual. Just want to mention, that my WD deleted the zip file right after download because of a heavy threat: Trojan:Win32/Fuerboos.C!cl.
I know, that your tools are safe but it seems WD does not like your configuration efforts

 

[shmu26]

Hi Andy,
great great tool - as usual. Just want to mention, that my WD deleted the zip file right after download because of a heavy threat: Trojan:Win32/Fuerboos.C!cl.
I know, that your tools are safe but it seems WD does not like your configuration efforts

That's interesting, because I just scanned the file now with WD manual scan, and it came out clean. Maybe it is whitelisted by now? On Virus Total it has a detection rate of 1/67 and the false positive is not coming from Microsoft. It is from Antiy-AVL, whatever that is. (I never heard of them.)

 

[Andy Ful]

Hi Andy,
great great tool - as usual. Just want to mention, that my WD deleted the zip file right after download because of a heavy threat: Trojan:Win32/Fuerboos.C!cl.
I know, that your tools are safe but it seems WD does not like your configuration efforts

Thanks.
.​

That's interesting, because I just scanned the file now with WD manual scan, and it came out clean. Maybe it is whitelisted by now? On Virus Total it has a detection rate of 1/67 and the false positive is not coming from Microsoft. It is from Antiy-AVL, whatever that is. (I never heard of them.)

It is normal. Hard_Configurator and ConfigureDefender change Windows security settings. So, if I do not upload the executables to Microsoft for manual analysis, they are recognized as dangerous. I will send the ConfigureDefender files to Microsoft today.
For now, it seems to be a local AI intervention, because I can download the program without issues, yet.

 

[mlnevese]

Great tool... all these options should be present in the WD GUI though...

 

[shmu26]

Great tool... all these options should be present in the WD GUI though...

If it would be in the GUI, inexperienced people would be enabling advanced protections, and the Microsoft forums would be flooded with desperate requests for support because X Y and Z is not working.

 

[woomera]

wow this is amazing. thanks alot for sharing.

 

[Av Gurus]

Please use the version 1.0.0.1
ConfigureDefender/ConfigureDefender_1.0.0.1.zip at master · AndyFul/ConfigureDefender · GitHub

I just download and WD immediately remove it.

 

[Andy Ful]

I just download and WD immediately remove it.

View attachment 178216

I have just sent the files for manual analysis to Microsoft. So, we have to wait a couple of days.

 

[Andy Ful]

By the way, the local Defender AI is an interesting feature, because it works differently on different computers. I noticed this while testing script trojan downloaders, and Defender caught the script on @Av Gurus computer, but not on mine computer.
The analysis of ConfigureDefender_1.0.0.1.zip is partially finished by Cloud and Client, and waits for final determination.

 

[Av Gurus]

Try to run it but got error:

 

[shmu26]

Try to run it but got error:

View attachment 178231

Do you have any security software that blocks or restricts powershell? For instance, Hard_Configurator? It won't work without powershell.

 

[Av Gurus]

...only Comodo Firewall but no alert from him.

 

[shmu26]

...only Comodo Firewall but no alert from him.

Comodo Firewall definitely has powershell protection, under the advanced tab or whatever they call it. I am surprised you got no alert, but try disabling Comodo and see what happens?

 

[Av Gurus]

Comodo Firewall definitely has powershell protection, under the advanced tab or whatever they call it. I am surprised you got no alert, but try disabling Comodo and see what happens?

You are right.
Comodo have block file, now i set to Trusted and disable Sandbox and is working

 

[Andy Ful]

Try to run it but got error:

View attachment 178231

I added this alert, because some security software can block or restrict PowerShell. Hard_Configurator allows ConfigureDefender to work, but it is possible to configure SRP in such a way that will block PowerShell actions in ConfigureDefender. OSArmor in default settings does not block PowerShell actions in ConfigureDefender, so they can work together.

 

[pxxb1]

WAM = Warn = W a r n
Child protection setup can be seen in the attachments below.

Thanks for the reply. Ok, Warn, not Wam. Ha