ConfigureDefender utility for Windows 10/11

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
@Lenny_Fox,
In reply to your question (from another thread) about the maliciousness of TXT files.
malwaretips.com

Advice Request - Can a txt file be malicious?

Recently found 2 files one is message.txt And the other is message-1.txt (I assume was a copy of the first one) I saw that they were in my downloads folder and with an almost 1 year old date (8-8-2020) I opened one of them and it was a 3-4 lines of gibberish text I quit the text viewer that was...
malwaretips.com malwaretips.com

If the system is already infected, then some TXT files can be malicious on that system. For example, the malware can simply change the file extension association, so Explorer will treat TXT files as BAT, VBS, or HTA, etc.
If the malware is properly removed from the system, then the default association is restored and the TXT file alone cannot be executed directly from the Explorer.

Thanks to @struppigel for the suggestion of sending the file to VirusTotal and only a link to MT. The user who has an API key with access to VirusTotal Intelligence can use this link to download and investigate the file without sending it to MT. Sending malicious files to MT is usually prevented, but if successful then this might decrease the reputation of MT website.:sick:
 
Last edited:
  • Like
  • Wow
  • Thanks
Reactions: Nevi, SeriousHoax, struppigel and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
Moonhorse said:
Its kind of impressive how such tool can live for year without any problems

Will give it a go later today i think , thanks for update
Click to expand...

It is only a configurator, so the chances of conflicts are much smaller compared to 3rd party real-time protections. Anyway, some advanced settings can produce problems with false positives, especially in the Business environment.

1627807588052.png


blog.palantir.com

Microsoft Defender Attack Surface Reduction Recommendations

Palantir’s Infosec team shares their tips and best practices
blog.palantir.com blog.palantir.com

In the Home environment, the HIGH settings can rarely be an issue.
 
Last edited:
  • Like
  • +Reputation
  • Applause
Reactions: Nevi, SeriousHoax, oldschool and 7 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
A few days ago, I tested the possibility of installing the Chrome OS (CloudReady) on my old laptop. This required preparing a special USB stick by using Chromebook Recovery Utility (web browser extension). I tried to do it from my desktop Windows machine and noticed that sector modifications on the USB stick were blocked by Controlled Folder Access (Block Disk Modifications Only).
 
  • Like
Reactions: Nevi, SeriousHoax, KonradPL and 2 others
B

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
668
Andy Ful said:
Edit2
Simple conclusion. In AV-Comparatives tests, the protection of Defender on HIGH settings is comparable to KIS on default settings. I think, that a similar comparison is probably true in the daily life of Home users.
Click to expand...
KIS has a firewall with application control. Would I have to add some kind of application control to get comparable protection?
 
  • Like
Reactions: Moonhorse, Nevi, Andy Ful and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
Back3 said:
KIS has a firewall with application control. Would I have to add some kind of application control to get comparable protection?
Click to expand...
Do you want to increase KIS protection or Defender protection? What config is your model to compare with?:unsure:
 
  • Like
Reactions: Nevi
B

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
668
Andy Ful said:
Do you want to increase KIS protection or Defender protection? What config is your model to compare with?:unsure:
Click to expand...
I have Microsoft Defender with Configure Defender High on my PC. To get a comparable protection to KIS, would I have to add some kind of application control like H_C or just tweak CD....or both.... If I set CD to Interactive mode, is it a mild form of application control?
 
Last edited:
  • Like
Reactions: Andy Ful and Gandalf_The_Grey
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Back3 said:
I have Microsoft Defender with Configure Defender High on my PC. To get a comparable protection to KIS, would I have to add some kind of application control like H_C or just tweak CD....or both.... If I set CD to Interactive mode, is it a mild form of application control?
Click to expand...

Microsoft Defender at high settings via CD is comparable to KIS at default settings and H_C is probably superior to KIS at "maximum" settings.
 
  • Like
  • +Reputation
Reactions: plat, Azure, Moonhorse and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
Back3 said:
I have Microsoft Defender with Configure Defender High on my PC. To get a comparable protection to KIS, would I have to add some kind of application control like H_C or just tweak CD....or both.... If I set CD to Interactive mode, is it a mild form of application control?
Click to expand...
In the Home environment:
MD HIGH ~ KIS default.
MD INTERACTIVE ~ moderately tweaked KIS
MD + H_C Recommended ~ KIS (@Harlan settings) > SWH + MD INTERACTIVE > moderately tweaked KIS

Please consider that the above comparison is not science, but only my opinion. Furthermore, it cannot be extended to the Business environment.
The "comparable protection" means here that chances of infection are similarly small. It does not mean that both products have comparable features.

For most MT members, the ConfigureDefender HIGH settings and reasonable caution are recommended. The Default settings and some more caution are OK too.
The ConfigureDefender INTERACTIVE settings are stronger (for PE files) as compared to HIGH settings, due to the ASR prevalence rule.

SWH + MD INTERACTIVE is an interesting setup if one is patient enough to manage more blocked events.:)(y)
 
  • Like
  • Thanks
Reactions: plat, ErzCrz, Gandalf_The_Grey and 7 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
@Andy Ful Can you clarify the warn mode for us?
Here's what I found in MS document.
With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. When a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes.
Click to expand...
What is meant by the word "content" in this case? Is it the particular blocked content or the whole ASR rule will be unblocked for 24 hours if I select allow.
 
  • Like
Reactions: plat, Andy Ful, Gandalf_The_Grey and 2 others

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,063
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,410
Hard_Configurator Tools
South Park
South Park
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,215
Video Reviews - Security and Privacy
tofargone
tofargone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top