ConfigureDefender utility for Windows 10/11

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,603
@Andy Ful I think you can add the GPO tweak to disable on-access scan.
I could do it if I would work for MS to persuade people to use WD.:)
For some reason, MS does not want to apply this tweak by default in Windows Home and they know exactly how it works (but maybe they are just lazy).

This tweak can only solve the problem of some people with opening folders with many executables. This problem can be easily solved by using subfolders, without compromising the security. Most people do not store many executables in one folder and do not have such a problem. Other performance problems (copying files, installing/uninstalling applications, etc.) will be still present. Furthermore, it is not clear if the WD BAFS feature will work properly (it can be tested). The last problem is that MS could flag ConfigureDefender as a hack-tool, because of such an option that decreases the default security.
So, there are some pros and cons. I will investigate it in the feature.:)(y)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,603
Hi, Andy Ful, few days ago in another thread I showed you that on my PC, WD was making connection to smartscreen even for files without MOTW. I forgot to mention that my Cloud protection level is set to Block mode and max time to 60 secs via Configure_Defender. Did it make the difference?
It should not. It can probably depend on the privacy settings. SmartScreen events can be logged, and then it is evident that it can collect some data on the execution of any supported file (even without MOTW).
But, on my computer, the outgoing connections to SmartScreen servers are done only for files with MOTW. It is probable that I have more restrictive privacy settings.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,878
It should not. It can probably depend on the privacy settings. SmartScreen events can be logged, and then it is evident that it can collect some data on the execution of any supported file (even without MOTW).
But, on my computer, the outgoing connections to SmartScreen servers are done only for files with MOTW. It is probable that I have more restrictive privacy settings.
My Privacy settings are pretty restrictive too. Uninstalled almost every preinstalled app via Windows10Debloater script, hardened many settings via Windows Privacy Dashboard and O&O ShutUP10 too. You're in Europe and I'm in Asia so maybe it's a region thing, maybe WD collects more stuff from here :unsure:
 
F

ForgottenSeer 85179

It is probable that I have more restrictive privacy settings.

My Privacy settings are pretty restrictive too. Uninstalled almost every preinstalled app via Windows10Debloater script, hardened many settings via Windows Privacy Dashboard and O&O ShutUP10 too. You're in Europe and I'm in Asia so maybe it's a region thing, maybe WD collects more stuff from here :unsure:

Maybe you both guys can make some posts on Tutorial - Protect your privacy in Windows 10 ? <3
 
F

ForgottenSeer 85179

Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,603
My Privacy settings are pretty restrictive too. Uninstalled almost every preinstalled app via Windows10Debloater script, hardened many settings via Windows Privacy Dashboard and O&O ShutUP10 too. You're in Europe and I'm in Asia so maybe it's a region thing, maybe WD collects more stuff from here :unsure:
Who knows ...?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I got a series of blocks as shown in screenshot.
Andy, can you make any sense out of this?
Annotation 2020-02-20 123325.png
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
using some office browser tools?
Bingo!
I remember unsuccessfully trying to log in to OneDrive for Business. Now I tried it again, and yeah, the same security event is logged by Windows Security.
I just tried logging in while using Microsoft Chromium, and the login fails, but the event is not logged.
Windows security is driving me buggers.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,603
I got a series of blocks as shown in screenshot.
Andy, can you make any sense out of this?
View attachment 233837
One of your Office applications tried to inject code to Chrome and was blocked by ASR rule. You can get more information from the ConfigureDefender Log. You can use ASR exclusions to allow injections or disable this ASR rule.
Chromium Edge has got probably some anti-exploit mitigations that can block such injections without ASR.
 
Last edited:

Bryan320

Level 8
Oct 11, 2019
293
It would be interesting to know now that the latest version of microsoft edge gives you the option to "block unwanted apps" does this mean the tweak for windows defender should be the same? do they run from the same databases/cloud? Would tweaking defender by the utility still serve a purpose?
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
It would be interesting to know now that the latest version of microsoft edge gives you the option to "block unwanted apps" does this mean the tweak for windows defender should be the same? do they run from the same databases/cloud?
From their documentation, it seems like there's no difference in how Microsoft classifies PUAs between Edge or Defender so I'd be confident in assuming they use the same database.

Would tweaking defender by the utility still serve a purpose?
It would still serve the purpose of protecting against PUAs that are downloaded by other applications.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,603
It would be interesting to know now that the latest version of microsoft edge gives you the option to "block unwanted apps" does this mean the tweak for windows defender should be the same? do they run from the same databases/cloud? Would tweaking defender by the utility still serve a purpose?
The Edge Chromium features ("Microsoft Defender SmartScreen" and "Block potentially unwanted apps") work even if WD real-time protection is disabled and SmartScreen for Edge or for Explorer is disabled.
If one disables "Microsoft Defender SmartScreen" in Edge Chromium then also "Block potentially unwanted apps" is automatically disabled. So, it seems that "Block potentially unwanted apps" is a part of SmartScreen protection.
It is not clear if "Block potentially unwanted apps" in Edge Chromium works exactly as WD PUA protection. From the description, this feature blocks downloading applications that have a low reputation. But, low reputation applications are blocked by SmartScreen App Rep.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,603
The Edge Chromium features ("Microsoft Defender SmartScreen" and "Block potentially unwanted apps") work even if WD real-time protection is disabled and SmartScreen for Edge or for Explorer is disabled.
If one disables "Microsoft Defender SmartScreen" in Edge Chromium then also "Block potentially unwanted apps" is automatically disabled. So, it seems that "Block potentially unwanted apps" is a part of SmartScreen protection.
It is not clear if "Block potentially unwanted apps" in Edge Chromium works exactly as WD PUA protection. From the description, this feature blocks downloading applications that have a low reputation. But, low reputation applications are blocked by SmartScreen App Rep.
After some digging, I found the extended description of policies related to Edge:
"SmartScreenPuaEnabled
Configure Microsoft Defender SmartScreen to block potentially unwanted apps
Supported versions:

  • On Windows and macOS since 80 or later
Description
This policy setting lets you configure whether to turn on blocking for potentially unwanted apps with Microsoft Defender SmartScreen. Potentially unwanted app blocking with Microsoft Defender SmartScreen provides warning messages to help protect users from adware, coin miners, bundleware, and other low-reputation apps that are hosted by websites. Potentially unwanted app blocking with Microsoft Defender SmartScreen is turned off by default.
...
"

It seems that without this setting SmartScreen in Edge will allow downloading popular applications bundled with PUA.
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,710
Maybe you can give a answer to my (related?) question: Microsoft Edge - Chromium-Edge Flags

I don't know if Edge flags can be added from outside, but that would then be a nice feature for your ConfigureDefender?

It would only be bloat and it's already in Edge. Just block PUAs by enabling the setting in "Privacy and services." > Block potentially unwanted apps.

Edit: PUA settings is already in CD.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top