ConfigureDefender utility for Windows 10/11

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
SeriousHoax said:
...
WD is still weak at signature based detection, they are late at creating signatures but their investment in the cloud is being paid of.
Click to expand...
They do not haste with signatures to keep a low rate of false positives in Enterprises. Many computers in Enterprises are connected to Intranet and have not got an Internet connection.
False positives in such a network can be more dangerous than malware. The computers which have the Internet connection are more vulnerable so they have to be protected by more aggressive and fast detection of WD cloud.
 
  • Like
Reactions: ForgottenSeer 85179, simmerskool, Burrito and 4 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Andy Ful said:
They do not haste with signatures to keep a low rate of false positives in Enterprises. Many computers in Enterprises are connected to Intranet and have not got an Internet connection.
False positives in such a network can be more dangerous than malware. The computers which have the Internet connection are more vulnerable so they have to be protected by more aggressive and fast detection of WD cloud.
Click to expand...
Interesting.
 
  • Like
Reactions: oldschool
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Hi, Andy Ful
Any idea about this? I've seen this twice today for the very first time
de.PNG
 
  • Like
Reactions: harlan4096, simmerskool, Andy Ful and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
SeriousHoax said:
Hi, Andy Ful
Any idea about this? I've seen this twice today for the very first time
View attachment 225197
Click to expand...
There can be many sources of this alert. It is probably a false positive, when you use 3rd party application which uses a service to do something on disk. In rare cases, it can be also a malware hiding under svchost.
If you can find out the application which uses a service to something in Video folder, then you can probably exclude this folder in that application.
Do you use SCPToolkit?
 
Last edited:
  • Like
Reactions: harlan4096 and SeriousHoax
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Andy Ful said:
There can be many sources of this alert. It is probably a false positive, when you use 3rd party application which uses a service to do something on disk. In rare cases, it can be also a malware hiding under svchost.
Click to expand...
Hmm probably a false positive as there shouldn't be any malware on my system. But I'll do some scanning.
Here's another strange one related to Ccleaner about accessing protected memory. Notified the last two time I opened CCleaner but never before. CCleaner hasn't been updated either.
de.PNG
 
  • Like
Reactions: notabot, Pat MacKnife, harlan4096 and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
SeriousHoax said:
Hmm probably a false positive as there shouldn't be any malware on my system. But I'll do some scanning.
Here's another strange one related to Ccleaner about accessing protected memory. Notified the last two time I opened CCleaner but never before. CCleaner hasn't been updated either.
View attachment 225202
Click to expand...
That is normal for such applications. Similar issues were observed when using Hard Disk Sentinel. Just exclude CCleaner64.exe in Controlled Folder Access.
 
  • Like
  • Thanks
Reactions: harlan4096, simmerskool, oldschool and 1 other person
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
@Andy Ful or other members, can you please comment on this Wilders' post, especially the last phrase?:unsure: Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs
If malware can never run, then you don't need any security tools. But you should always cover all kinds of scenarios. What if you get tricked into running malware? Then AV and behavior blocker should come into action. And I don't believe that Win Def has got any behavior blocker, so once malware is allowed to run, it's indeed game over, but feel free to correct me.
Click to expand...

Edit: added italics.
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey, Pat MacKnife, harlan4096 and 2 others
N

notabot

Level 15
Verified
Oct 31, 2018
703
  • Like
Reactions: harlan4096, blackice and oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
  • Like
Reactions: simmerskool, notabot, harlan4096 and 2 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
Andy Ful said:
The guy believes in something. He does not say that he knows how WD works and what is the reason for his beliefs. He does not say that we must share his beliefs. Everyone has the right to have personal beliefs which do not hurt others.:giggle:(y)
Click to expand...

Yes, I realize this but I was asking for a more detailed or expanded description of WD behavior-blocking features. I ask for my own education and not to debate or defeat the OP.
 
  • Like
Reactions: simmerskool, Andy Ful, harlan4096 and 2 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,867
Andy Ful said:
The guy believes in something. He does not say that he knows how WD works and what is the reason for his beliefs. He does not say that we must share his beliefs. Everyone has the right to have personal beliefs which do not hurt others.:giggle:(y)
Click to expand...
He has many strong opinions, some popular, some not so much. It fosters discussion. :ROFLMAO:
 
  • Like
Reactions: Andy Ful and oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
notabot said:
ASR is behaviour blocking, exploit Guard rules is also behaviour blocking, I'd like to see a more expanded ruleset ( hence my other thread on behaviour blockers ) but it's not like WD doesn't have any.
Click to expand...
oldschool said:
Yes, I realize this but I was asking for a more detailed or expanded description of WD behavior-blocking features. I ask for my own education and not to debate or defeat the OP.
Click to expand...
Like most modern AVs, WD has behavior blocking capabilities included in Machine Learning models (locally and in the cloud). The ASR, Exploit Guard, Controlled Folder Access and other WD features are just extensions of it.
 
  • Like
Reactions: simmerskool, shmu26, oldschool and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
The term 'Behavior Blocker' is not clear nowadays. So it is hard to comment if someone uses it.
I posted about it in the thread:
malwaretips.com

What Behavior Blocker is, and what it is not.

I read many posts on MT forum and some other forums about using Behavior Blockers. It seems that there is no general agreement on what are the capabilities of Behavior Blocker (BB) and which AVs use Behavior Blockers (BBs). So, I made a little research to clarify this. I did not find any widely...
malwaretips.com malwaretips.com

Many vendors use the term behavior-based detections, behavior-based heuristics, etc..
For example, behavior-based features are used by Windows Defender (behavior-based ML, AMSI ML), Trend Micro (OfficeScan), Symantec (Sonar), Kaspersky (System Watcher), F-Secure (DeepGuard), Eset (DNA), BitDefender (Advanced Threat Defense), Avast (Behavior Shield).
 
  • Like
Reactions: simmerskool, blackice and harlan4096
N

notabot

Level 15
Verified
Oct 31, 2018
703
Andy Ful said:
Like most modern AVs, WD has behavior blocking capabilities included in Machine Learning models (locally and in the cloud). The ASR, Exploit Guard, Controlled Folder Access and other WD features are just extensions of it.
Click to expand...

Isn't machine learning part of ATP only ? or you've found a way unlock yet another enterprise feature for home/pro users (at least locally) :unsure:
 
  • Like
Reactions: simmerskool and oldschool
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
  • Like
Reactions: Handsome Recluse, simmerskool and notabot

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,091
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,418
Hard_Configurator Tools
South Park
South Park
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,229
Video Reviews - Security and Privacy
tofargone
tofargone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top