ConfigureDefender utility for Windows 10/11

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Hi Andy Ful, can you clarify the difference between Block At First Sight (BAFS) and Block executable files from running unless they meet a prevalence, age, or trusted list criteria. The second one sounds like a more aggressive version of BAFS.
BAFS blocks files which were detected as malicious.

The ASR rule is a kind of HIPS based on the file prevalence, age. or trust. After a few days, the blocked file can be allowed if more people will run it without problems.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I lost wifi connection using Adguard. I don't usually fool with these because I lack enough knowledge. Maybe I'd need to change it in the modem, but I bet I'd lose internet completely.
Definitely, you have unusual Internet setup. If I correctly understand you do not also see the red alert webpage when opening the smartscreen demo page in Edge (I found one by googling)?
SmartScreen-Filter-Protection-758x400.png
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
@oldschool,
I have thought a little how to bypass your setup. Please try this command line in elevated PowerShell:

Code:
Import-Module bitstransfer;Start-BitsTransfer 'http://smartscreentestratings2.net/' $home\Downloads\test.txt;
It will try to connect with SmartScreen demo webpage without any web browser and download it to test.txt file in the Download folder. Normally, this connection is blocked by WD Network Protection and logged in ConfigureDefender Log - anyone can test it without issues (it is safe).(y):giggle:
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
@Raiden Tried it. No luck.
Definitely, you have unusual Internet setup. If I correctly understand you do not also see the red alert webpage when opening the smartscreen demo page in Edge (I found one by googling)?
View attachment 224032

Incorrect. I get the Smartscreen warning if it is enabled in browser.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Boourns (Simpson's reference:p)

Sorry it didn't work for you. Sometimes it may just take time and it will start working again, annoying as it is. As long as it's working in the browser when enabled, you still have that protection.;)

No worries here. I have Smartscreen for Edge and BDTL for Brave. It's just a puzzle I don't mind investigating.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
@oldschool,
I have thought a little how to bypass your setup. Please try this command line in elevated PowerShell:

Code:
Import-Module bitstransfer;Start-BitsTransfer 'http://smartscreentestratings2.net/' $home\Downloads\test.txt;
It will try to connect with SmartScreen demo webpage without any web browser and download it to test.txt file in the Download folder. Normally, this connection is blocked by WD Network Protection and logged in ConfigureDefender Log - anyone can test it without issues (it is safe).(y):giggle:

We are away on a brief holiday. I'll test it on my return.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Some people (on another forum) think that the WD ASR rule "Block untrusted and unsigned processes that run from USB" is just SmartScreen forced on files executed from USB drives (similarly to "Run By SmartScreen"). But, it is not, in fact. For example, I can run without SmartScreen alert some unsigned applications with MOTW, downloaded to my hard disk from the Internet. But, the same files are blocked by this ASR rule when ran from the USB drive.

Furthermore, if the file is blocked on the USB drive, then it is also blocked on the hard disk after copying it to this hard disk. You can get rid of the block on the hard disk, by renaming the file on the hard disk.(y)
 
Last edited:

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Some people (on another forum) think that the WD ASR rule "Block untrusted and unsigned processes that run from USB" is just SmartScreen forced on files executed from USB (similarly to "Run By SmartScreen"). But, it is not, in fact. For example, I can run without SmartScreen alert some unsigned applications with MOTW, downloaded to my hard disk from the Internet. But, the same files are blocked by this ASR rule when ran from the USB drive.

Furthermore, if the file is blocked on the USB drive, then it is also blocked on the hard disk after copying it to this hard disk. You can get rid of the block, by renaming the file on the hard disk.(y)
Thank you, I was just reading that discussion and wondering if it was truth or speculation.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I get this error when I launch it, I have disabled all things that could possibly be blocking it, still the same error.
Reboot the computer and try again. If you will get the same error, then something still blocks PowerShell from doing the job.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I rebooted twice, still the same error message, I can also launch powershell, I am going to load a restore point from 3 days ago and see if it helps.
Please, wait a moment.
You can also try to run as administrator PowerShell and use the command:
Get-MpPreference
If you get an error, then this is the sign that something still restricts PowerShell.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Get-MpPreference : Invalid class
At line:1 char:1
+ Get-MpPreference
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Get-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Get-MpPreference
is the error I get when trying that command
As you can see, your PowerShell still cannot gather the information about WD settings. It is probably restricted by something.
 

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
As you can see, your PowerShell still cannot gather the information about WD settings. It is probably restricted by something.
Then I dont know what it could be, I have disabled all startup items(not windows ones of course) I have disabled windows defender, still the same powershell and install message..
Edit: tested it on my latop which has the same antivirus programs, it worked, so theres something on my desktop thats not an antivirus thats blocking it.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top