- Mar 29, 2018
- 7,596
No.
BTW: I always keep the executable in the Windows folder.
Last edited:
ConfigureDefender utility for Windows 10/11
- Thread starter Andy Ful
- Start date
No.
BTW: I always keep the executable in the Windows folder.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
I found out what was the issue. As I suspected it was related to WD whitelisting signatures. The portable CD is a simple NSIS installer which contains 3 files (2 signed executables: for Windows 64-bit and 32-bit + unsigned uninstaller). I send first the signed executables for whitelisting and after a day I noticed that uninstaller also has to be whitelisted. At the time you ran the application, WD did not have the whitelisting signatures for the uninstaller. So, when you ran the portable ConfigureDefender everything was OK, until you closed it. The uninstaller was blocked by ASR due to low prevalence, so you have two signed executables somewhere in "C:\Windows\Temp" folder - they were not cleaned by the uninstaller.
- Oct 1, 2019
- 1,120
Yesterday I did an old relatives tour and cooked them an old fashioned Dutch meal(boiled asperagus with butter sauce, ham and eggs - remember I was part time cook to pay for my study). As posted earlier, I have 8 older relatives on H_C running with my dangerous file type restrictions profile (comparable with H_C recommended basic) and Windows Defender on MAX.
So really wondering why/what is the caution in using the MAX setting, because people running plain Windows with free or microsoft office, don't install programs, so the MAX setting works extremely well.
So really wondering why/what is the caution in using the MAX setting, because people running plain Windows with free or microsoft office, don't install programs, so the MAX setting works extremely well.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Yes. That is true. Although, some of ASR rules in MAX settings can cause issues. For example, the factory firmware on some laptops uses WMI. Also, when the firmware wants to update, this can be prevented for some days by ASR due to the low prevalence.
Anyway, if one has a typical desktop computer with a simple setup based on Microsoft programs and Microsoft Store apps, then CD MAX settings can be highly recommended.
It can be also used with very popular software, because the application updates will not be prevented for more than one or two days. Of course, for non-casual users, there is no need to hide the Security Center, so the last ConfigureDefender option should be set to Visible.
Last edited:
- May 16, 2013
- 844
Manage Windows Defender with ConfigureDefender
The author released several updates for the program since then. ConfigureDefender 3.0.0.0 is the latest major release and reason enough to take another look at the program to see how it evolved.
You can download the latest version of ConfigureDefender from the project's GitHub repository. Note that you find the latest executable in the file listing and not under releases. You can run the program right after you have downloaded as it does not need to be installed. Note that you need to run it with elevated rights. If you ran the program before you may notice that the executable file is digitally signed.
The interface has not changed all that much but there are some meaningful changes. First, you find protection levels (presets) at the top that you may activate with a click. That's handy if you want to reset all protections to the default of Windows or switch to high or maximum security instead. The program does not reveal what high and maximum change, but you find the information in the help file on GitHub.
Another new feature of recent versions of ConfigureDefender is a new button that loads the Defender Security log.
source: 1. Windows Defender configuration tool ConfigureDefender 3.0.0.0 released - gHacks Tech News
2. AndyFul/ConfigureDefender
The author released several updates for the program since then. ConfigureDefender 3.0.0.0 is the latest major release and reason enough to take another look at the program to see how it evolved.
You can download the latest version of ConfigureDefender from the project's GitHub repository. Note that you find the latest executable in the file listing and not under releases. You can run the program right after you have downloaded as it does not need to be installed. Note that you need to run it with elevated rights. If you ran the program before you may notice that the executable file is digitally signed.
The interface has not changed all that much but there are some meaningful changes. First, you find protection levels (presets) at the top that you may activate with a click. That's handy if you want to reset all protections to the default of Windows or switch to high or maximum security instead. The program does not reveal what high and maximum change, but you find the information in the help file on GitHub.
All settings can be customized from within the interface. It is easy enough to turn features such as Behavior Monitoring, PUA Protection or Controlled Folder Access on or off using the program. Values of some settings can be modified, e.g. to change the cloud check time limit or average CPU load while scanning.
Another new feature of recent versions of ConfigureDefender is a new button that loads the Defender Security log.
source: 1. Windows Defender configuration tool ConfigureDefender 3.0.0.0 released - gHacks Tech News
2. AndyFul/ConfigureDefender
- Aug 12, 2015
- 1,255
I onced configured Defender and got this...
Last edited:
- Mar 29, 2018
- 7,596
- Jul 14, 2015
- 773
Hi,
We already have a topic with Configure defender .... see :
malwaretips.com
We already have a topic with Configure defender .... see :
ConfigureDefender utility for Windows 10/11
Is running Voodoshield along side WD on Configure Defender High Protection Level , compatible in the sense that it might catch things smart screen may miss? Technically it is possible but unlike as most malware is poorly made and exploit kits / signed malware isn't common.
malwaretips.com
- Aug 12, 2015
- 1,255
No need. I have already set up everything via GPE.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
You probably used one of the old CD versions, which was first whitelisted by Microsoft, and after 4 months flagged as malicious, after changing the malware criteria by Microsoft. The reason for this was an option that allowed the user to disable real-time protection. This story is well documented on the ConfigureDefender thread.
Here is my ironic comment to this detection:
https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/post-767631
Last edited:
- Aug 12, 2015
- 1,255
At that time, I downloaded the latest version from GitHub. But, the interesting part; alert was shown few days after changing settings. When detection occured, I didn't even have ConfigureDefender on my PC.You probably used one of the old CD versions, which was first whitelisted by Microsoft, and after 4 months flagged as malicious, after changing the malware criteria by Microsoft. The reason for this was an option that allowed the user to disable real-time protection. This story is well documented on the ConfigureDefender thread.
Here is my ironic comment to this detection:
https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/post-767631
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
At that time, I downloaded the latest version from GitHub. But, the interesting part; alert was shown few days after changing settings. When detection occured, I didn't even have ConfigureDefender on my PC.
Yeah. This alert is not related to ConfigureDefender application, but to the concrete setting in the registry. It seems that you somehow changed the WD settings (probably by ConfigureDefender) which were later reverted by WD Tamper Protection.
"With tamper protection, malicious apps are prevented from taking actions like these:
- Disabling virus and threat protection
- Disabling real-time protection
- Turning off behavior monitoring
- Disabling antivirus (such as IOfficeAntivirus (IOAV))
- Disabling cloud-delivered protection
- Removing security intelligence updates"
Protect security settings with tamper protection - Microsoft Defender for Endpoint
Use tamper protection to prevent malicious apps from changing important security settings.
docs.microsoft.com
The red entries are available in ConfigureDefender, but will be prevented if Tamper Protection is ON.
S M G
Level 2
- Feb 18, 2020
- 58
Did anyone notice high ping when Network Protection is enabled (HIGH settings)? I ran a speed test in Firefox and the first test I got normal ping (~7ms):
I ran several speeds tests immediately afterwards and I got really high ping with slightly lower up/down speeds:
I had to wait for 1-2 min for ping to go down to normal. I didn't run into this issue with Edge though. I'm not sure if it's WD or Firefox issue. I disabled Network Protection for now.
I ran several speeds tests immediately afterwards and I got really high ping with slightly lower up/down speeds:
I had to wait for 1-2 min for ping to go down to normal. I didn't run into this issue with Edge though. I'm not sure if it's WD or Firefox issue. I disabled Network Protection for now.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
This will require testing by others. But, WD Network Protection is by design independent of the application which connects to the Internet. It will work for web browsers, Internet Downloaders, script engines, etc. So, this issue (if it will be confirmed on other machines) would be probably related to the web browser or to the way it interacts with WD Network Protection. Anyway, I would not be surprised if protecting the network could slow down the connection a little.
S M G
Level 2
- Feb 18, 2020
- 58
Thanks Andy. Is there a way to allow single app to bypass WD Network Protection?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
I do not think that it could be possible. Anyway, this would be also not safe.
- Mar 29, 2018
- 7,596
Here's a nice overview of ASR functionality and the principles behind them.
Demystifying attack surface reduction rules - Part 1
An A to Z guide, to help you understand what are Attack Surface Reduction (ASR) rules and how to successfully adopt it.
techcommunity.microsoft.com
Demystifying attack surface reduction rules - Part 2
An A to Z guide, to help you understand what are Attack Surface Reduction (ASR) rules and how to successfully adopt it.
techcommunity.microsoft.com
Demystifying attack surface reduction rules - Part 3
An A to Z guide, to help you understand what are Attack Surface Reduction (ASR) rules and how to successfully adopt it.
techcommunity.microsoft.com
Demystifying attack surface reduction rules - Part 4
An A to Z guide, to help you understand what are Attack Surface Reduction (ASR) rules and how to successfully adopt it.
techcommunity.microsoft.com
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Yes I read them all. Unfortunately, I knew all of it already from Microsoft documentation.Here's a nice overview of ASR functionality and the principles behind them.
Demystifying attack surface reduction rules - Part 1
An A to Z guide, to help you understand what are Attack Surface Reduction (ASR) rules and how to successfully adopt it.techcommunity.microsoft.comDemystifying attack surface reduction rules - Part 2
An A to Z guide, to help you understand what are Attack Surface Reduction (ASR) rules and how to successfully adopt it.techcommunity.microsoft.comDemystifying attack surface reduction rules - Part 3
An A to Z guide, to help you understand what are Attack Surface Reduction (ASR) rules and how to successfully adopt it.techcommunity.microsoft.comDemystifying attack surface reduction rules - Part 4
An A to Z guide, to help you understand what are Attack Surface Reduction (ASR) rules and how to successfully adopt it.techcommunity.microsoft.com
- Sep 10, 2015
- 901
When I used WD, Network Protection made the dslreports bufferbloat test show absurdly high latency spikes
- Mar 16, 2019
- 3,862
Andy or anyone have any idea about this? This happens almost every 2 days for some reason and I'm getting sick of it. WD won't update and this is what I find in the log always. To fix this I have to manually download the update from their website. I had to do it yesterday also but now 24 hours later no updates and yet again this is what I found in the log. Manually clicking check for update doesn't fix it either. My internet is fine btw.
Similar threads
-
- Sticky
