ConfigureDefender utility for Windows 10/11

[Andy Ful]

Tried that, and I checked Get-MpPreference and see Network Protection enabled. Same result and still no notification. No matter, I have Traffic Light installed on Brave.:barefoot::barefoot::barefoot:

I tested how works the Defender Control tool. It writes one policy key to disable WD and stops two Defender services:

• Windows Defender Antivirus Network Inspection Service (WdNisSvc);
• Windows Defender Antivirus Service (WinDefend);

The interesting thing is that after disabling WD by Defender Control tool, the WD Network protection still works on my test machine (tested on Windows 10 Home ver. 1903), even after restarting Windows. But, the blocked events are not logged. This is not what follows from Microsoft documentation for Network Protection:

Windows 10 version	Windows Defender Antivirus
Windows 10 version 1709 or later	Windows Defender AV real-time protection and cloud-delivered protection must be enabled

This topic will require some additional research.

 

[Andy Ful]

Ha, Ha. I am really stupid.
Although WD was disabled in Virtual Machine, the web browser connection from Virtual Machine was in fact disabled by WD in the real system. I checked it by ConfigureDefender logs in Virtual Machine (no blocked event in the log) and in the real system (blocked event in the log).
Simply, my Virtual Machine is configured to use the Internet connection of the real system (default settings in Virtual Box ---> Connected to: NAT). So, I have to test it in the real system, or change the settings of VM.

 

[shmu26]

Ha, Ha. I am really stupid.
Although WD was disabled in Virtual Machine, the web browser connection from Virtual Machine was in fact disabled by WD in the real system. I checked it by ConfigureDefender logs in Virtual Machine (no blocked event in the log) and in the real system (blocked event in the log).
Simply, my Virtual Machine is configured to use the Internet connection of the real system (default settings in Virtual Box ---> Connected to: NAT). So, I have to test it in the real system, or change the settings of VM.

I use a bridged network connection.

 

[Andy Ful]

So, here is the test in the real machine (Windows 10 Pro ver 1903).

1. Use Defender Control to disable WD - Defender Control changes color to red and shows that WD is disabled. Two WD services disabled (WdNisSvc and WinDefend).
2. Open smartscreentest2.net in the web browser (not blocked by WD Network Protection).
3. Restart Windows - WD icon not visible on System Tray.
4. Open smartscreentest2.net in the web browser (blocked by WD Network Protection).
5. Run Defender Control - it shows that WD is enabled (????). I looked at Windows services and previously disabled WD services are running now (WdNisSvc and WinDefend).
6. Run Windows Security Center, it shows Real-time protection disabled (????).
7. You cannot enable Real-time protection via WSC!!!! Defender Control tool is not fully compatible with Windows 10 ver. 1903.

So, after using Defender Control your WD is screwed. :notworthy:
Anyway, somehow Network Protection still worked on my system (it should not with disabled WD Real-time protection).

How to restore the functionality of WD? I tried again Defender Control - turned Off and next turned On Windows Defender from it. WD started working again.

Edit.
It seems that after several minutes after reboot, Windows Defender is able to enable Real-time protection without using Defender Control. But, WD icon on the System Try is not recovered.

 

[oldschool]

How to restore the functionality of WD? I tried again Defender Control - turned Off and next turned On Windows Defender from it. WD started working again.

Thanks for testing all of this Andy. Last time (above post) I did not disable WD and then enable it again. Did you reboot after disable and again after enble WD?

 

[Azure]

@Andy Ful

Are all ASR rules completely available on Windows Home? Have you tested if there are in any difference between Home and Pro?

 

[Andy Ful]

Thanks for testing all of this Andy. Last time (above post) I did not disable WD and then enable it again. Did you reboot after disable and again after enble WD?

Yes. Most ASR rules require rebooting if the Real-time protection is changed.

 

[blackice]

Back to WD for me. I like how it just works in the background. Thanks again for ConfigureDefender. Set it to high and let it fly.

 

[Andy Ful]

@Andy Ful

Are all ASR rules completely available on Windows Home? Have you tested if there are in any difference between Home and Pro?

I tested most of them. They work on Windows Home. There is also no reason for working some of them and not working the rest.

 

[Azure]

I tested most of them. They work on Windows Home. There is also no reason for working some of them and not working the rest.

Thanks.

 

[oldschool]

Yes. Most ASR rules require rebooting if the Real-time protection is changed.

I disabled Network Protection in CD, rebooted and WdNisSvc still running. Is that switch in CD actually working?

 

[Andy Ful]

I disabled Network Protection in CD, rebooted and WdNisSvc still running. Is that switch in CD actually working?

This service works on WD default settings. It is related to Windows Defender Antivirus Network Inspection Service, not to ASR rules or WD Network Protection.

 

[oldschool]

This service works on WD default settings. It is related to Windows Defender Antivirus Network Inspection Service, not to ASR rules.

So, any ideas what's going on? Flags or extensions interfering. I still get that white smartscreen test page and no Windows notification.

 

[Andy Ful]

So, any ideas what's going on? Flags or extensions interfering. I still get that white smartscreen test page and no Windows notification.

There are some possibilities. One of them is that you use a kind of proxy. So, the web browser does not connect directly with SmartScreen Test, but via proxy server.
I can mimic it by using free proxy website to open SmartScreen Test (not blocked).

 

[oldschool]

One of them is that you use a kind of proxy.

I've never used one. Maybe this? -> My local and privacy-minded ISP rides piggyback on a very big Telecom company's ISP.

 

[Andy Ful]

@oldschool,
It would be very interesting if you could temporarily change your DNS to Adguard DNS (176.103.130.130) and test once again the smartscreen demo link on Edge and Brave.

 

[Andy Ful]

Please bear in mind that changing DNS takes some time. It is good to run this command from CMD before testing the demo link:
ipconfig /all
to see if DNS has changed.

 

[oldschool]

Please bear in mind that changing DNS takes some time. It is good to run this command from CMD before testing the demo link:
ipconfig /all
to see if DNS has changed.

I lost wifi connection using Adguard. I don't usually fool with these because I lack enough knowledge. Maybe I'd need to change it in the modem, but I bet I'd lose internet completely.

 

[oldschool]

@Andy Ful I just remembered that when I first tried this test I got the same page except the Bitdefender Trafficlight icon was in the left corner of the tab where tabbed page icons are. I disabled it with the same result, and then I removed BDTL and the tab icon was simply the generic page icon. Very strange.

 

[ForgottenSeer 72227]

@oldschool just want to clarify, have you disabled Network protection, rebooted, then re-enable and rebooted again with the same results? I've had this issue randomly pop up from time to time, but sometimes disabling it, reboot, then re-enable and reboot would fix it for me. Alternatively, maybe try setting all WD's setting back to default, reboot, then re enable all the settings you want, including network protection, reboot and see if that fixes it?