ConfigureDefender utility for Windows 10/11

[SeriousHoax]

Hi Andy Ful, can you clarify the difference between Block At First Sight (BAFS) and Block executable files from running unless they meet a prevalence, age, or trusted list criteria. The second one sounds like a more aggressive version of BAFS.

 

[Andy Ful]

Hi Andy Ful, can you clarify the difference between Block At First Sight (BAFS) and Block executable files from running unless they meet a prevalence, age, or trusted list criteria. The second one sounds like a more aggressive version of BAFS.

BAFS blocks files which were detected as malicious.

The ASR rule is a kind of HIPS based on the file prevalence, age. or trust. After a few days, the blocked file can be allowed if more people will run it without problems.

 

[Andy Ful]

I lost wifi connection using Adguard. I don't usually fool with these because I lack enough knowledge. Maybe I'd need to change it in the modem, but I bet I'd lose internet completely.

Definitely, you have unusual Internet setup. If I correctly understand you do not also see the red alert webpage when opening the smartscreen demo page in Edge (I found one by googling)?

 

[Andy Ful]

@oldschool,
I have thought a little how to bypass your setup. Please try this command line in elevated PowerShell:

Import-Module bitstransfer;Start-BitsTransfer 'http://smartscreentestratings2.net/' $home\Downloads\test.txt;

It will try to connect with SmartScreen demo webpage without any web browser and download it to test.txt file in the Download folder. Normally, this connection is blocked by WD Network Protection and logged in ConfigureDefender Log - anyone can test it without issues (it is safe).

 

[oldschool]

@Raiden Tried it. No luck.

Definitely, you have unusual Internet setup. If I correctly understand you do not also see the red alert webpage when opening the smartscreen demo page in Edge (I found one by googling)?
View attachment 224032

Incorrect. I get the Smartscreen warning if it is enabled in browser.

 

[Andy Ful]

...
Incorrect. I get the Smartscreen warning if it is enabled in browser.

That is better.

 

[ForgottenSeer 72227]

@Raiden Tried it. No luck.

Boourns (Simpson's reference)

Sorry it didn't work for you. Sometimes it may just take time and it will start working again, annoying as it is. As long as it's working in the browser when enabled, you still have that protection.

 

[oldschool]

Boourns (Simpson's reference)

Sorry it didn't work for you. Sometimes it may just take time and it will start working again, annoying as it is. As long as it's working in the browser when enabled, you still have that protection.

No worries here. I have Smartscreen for Edge and BDTL for Brave. It's just a puzzle I don't mind investigating.

 

[oldschool]

@oldschool,
I have thought a little how to bypass your setup. Please try this command line in elevated PowerShell:

Import-Module bitstransfer;Start-BitsTransfer 'http://smartscreentestratings2.net/' $home\Downloads\test.txt;

It will try to connect with SmartScreen demo webpage without any web browser and download it to test.txt file in the Download folder. Normally, this connection is blocked by WD Network Protection and logged in ConfigureDefender Log - anyone can test it without issues (it is safe).

We are away on a brief holiday. I'll test it on my return.

 

[Andy Ful]

We are away on a brief holiday. I'll test it on my return.

Happy holiday.

 

[Andy Ful]

Some people (on another forum) think that the WD ASR rule "Block untrusted and unsigned processes that run from USB" is just SmartScreen forced on files executed from USB drives (similarly to "Run By SmartScreen"). But, it is not, in fact. For example, I can run without SmartScreen alert some unsigned applications with MOTW, downloaded to my hard disk from the Internet. But, the same files are blocked by this ASR rule when ran from the USB drive.

Furthermore, if the file is blocked on the USB drive, then it is also blocked on the hard disk after copying it to this hard disk. You can get rid of the block on the hard disk, by renaming the file on the hard disk.

 

[blackice]

Some people (on another forum) think that the WD ASR rule "Block untrusted and unsigned processes that run from USB" is just SmartScreen forced on files executed from USB (similarly to "Run By SmartScreen"). But, it is not, in fact. For example, I can run without SmartScreen alert some unsigned applications with MOTW, downloaded to my hard disk from the Internet. But, the same files are blocked by this ASR rule when ran from the USB drive.

Furthermore, if the file is blocked on the USB drive, then it is also blocked on the hard disk after copying it to this hard disk. You can get rid of the block, by renaming the file on the hard disk.

Thank you, I was just reading that discussion and wondering if it was truth or speculation.

 

[Andy Ful]

Thank you, I was just reading that discussion and wondering if it was truth or speculation.

Most of it is pure speculation, that can be proved/disproved in 5 minutes by performing easy tests.

 

[EndangeredPootis]

I get this error when I launch it, I have disabled all things that could possibly be blocking it, still the same error.

 

[Andy Ful]

I get this error when I launch it, I have disabled all things that could possibly be blocking it, still the same error.

Reboot the computer and try again. If you will get the same error, then something still blocks PowerShell from doing the job.

 

[EndangeredPootis]

Reboot the computer and try again. If you will get the same error, then something still blocks PowerShell from doing the job.

I rebooted twice, still the same error message, I can also launch powershell, I am going to load a restore point from 3 days ago and see if it helps.

 

[Andy Ful]

I rebooted twice, still the same error message, I can also launch powershell, I am going to load a restore point from 3 days ago and see if it helps.

Please, wait a moment.
You can also try to run as administrator PowerShell and use the command:
Get-MpPreference
If you get an error, then this is the sign that something still restricts PowerShell.

 

[EndangeredPootis]

Get-MpPreference : Invalid class
At line:1 char:1
+ Get-MpPreference
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Get-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Get-MpPreference
is the error I get when trying that command

 

[Andy Ful]

Get-MpPreference : Invalid class
At line:1 char:1
+ Get-MpPreference
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Get-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Get-MpPreference
is the error I get when trying that command

As you can see, your PowerShell still cannot gather the information about WD settings. It is probably restricted by something.

 

[EndangeredPootis]

As you can see, your PowerShell still cannot gather the information about WD settings. It is probably restricted by something.

Then I dont know what it could be, I have disabled all startup items(not windows ones of course) I have disabled windows defender, still the same powershell and install message..
Edit: tested it on my latop which has the same antivirus programs, it worked, so theres something on my desktop thats not an antivirus thats blocking it.