ConfigureDefender utility for Windows 10/11

tsunami

tsunami

Level 3
Verified
Well-known
Jul 10, 2018
131
Win11 has additional security features like Smart App Control, Enhanced phishing protection etc.
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
Windows 11 has implemented several new security features, so: Windows 11 + ConfigureDefender > Windows 10 + ConfigureDefender
But, the advantage does not follow in any way from using ConfigureDefender.:)
 
Last edited:
  • Like
  • +Reputation
Reactions: Mercenary, ErzCrz, ForgottenSeer 100397 and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
rhythm said:
@Andy Ful Can I safely delete the logs in CD's Defender Security Log?
Click to expand...
Yes and No.
You cannot do it via ConfigureDefender (the CD Log file is created each time from Windows Event Log).
You can clear the Windows Defender from Event Viewer:

1692698217711.png

https://malwaretips.com/threads/man...oft-defender-in-windows-11.112970/post-980982

But, I do not think that this is necessary. The events in the CD Log are sorted by time, so the new events are easily visible.
 
Last edited:
  • Like
Reactions: ForgottenSeer 100397, simmerskool and oldschool
F

ForgottenSeer 100397

Andy Ful said:
Post updated.

If one wants to clear the Defender History or solve the problem with crashing Defender History there is a simple solution.
  1. Download the AdvancedRun:
    for Windows 32-bit: https://www.nirsoft.net/utils/advancedrun.zip
    for Windows 64-bit: https://www.nirsoft.net/utils/advancedrun-x64.zip
  2. Run AdvancedRun.exe once and close it - the file AdvancedRun.cfg will be created
  3. Edit the config file AdvancedRun.cfg as it is shown below
  4. Disable Defender Tamper protection >> Run AdvancedRun.exe to clear the Defender History >> Enable Tamper Protection.
After running AdvancedRun it will automatically apply the settings and command lines from the AdvancedRun.cfg and the Defender History will be cleared.

The modified content of AdvancedRun.cfg is as follows:

Code: 
...
EXEFilename=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
CommandLine=net stop windefend; $path = 'c:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db'; if (Test-Path -Path $path) {Remove-Item $path}; $path = 'c:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory'; if (Test-Path -Path $path) {Remove-Item $path -Recurse}; net start windefend
AutoRun=1
...
RunAs=8
...

The PowerShell is executed with CommandLine.
AutoRun=1 means that AdvancedRun does not show the application window and automatically applies the AdvancedRun.cfg
RunAs=8 means that the process will be run with TrustedInstaller privileges.

The CommandLine simply stops Windefend service, checks if the file/folder exists and deletes it, starts Windefend service again.
Click to expand...
I tried all the steps mentioned on Page 68 to clear Protection History on my fully updated Win 11 system, but nothing seems to work. You can't remove the mpenginedb.db file or clear the Protection History even if you delete the Service folder in Safe Mode. All the detections are still showing up. When I tried the quoted steps, I received an Error: 1058. However, PowerShell works fine when I start it manually. There is no third-party security software, optimizer, or scripts used on my system.
 
  • Like
Reactions: simmerskool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
rhythm said:
I tried all the steps mentioned on Page 68 to clear Protection History on my fully updated Win 11 system, but nothing seems to work.
Click to expand...

Microsoft blocked that method one year ago:
malwaretips.com

ConfigureDefender utility for Windows 10/11

protection history intented to keep history by purpose It should give an option to delete those on purpose too. That's what almost all other security products do. The protection history is also known to crash randomly or when there's a lot of entry. no try yourself let others do your work for...
malwaretips.com malwaretips.com
 
  • Like
Reactions: simmerskool, harlan4096, oldschool and 1 other person
F

ForgottenSeer 100397

They discontinued DefenderControl, right? You can only find it by searching on Sordum. I disabled MD using DC and then successfully deleted the .db file and DetectionHistory folder, which cleared Protection History. By using DefenderControl to disable Defender, I also hope to prevent Defender updates via Windows Updates.
 
  • Like
Reactions: simmerskool and Andy Ful
Digmor Crusher

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,400
Event[0]:
Time Created : 2023-11-20 7:30:21 AM
ProviderName : Microsoft-Windows-Windows Defender
Id : 5001
Message : Microsoft Defender Antivirus Real-time Protection scanning for malware and other potentially unwanted software was disabled.

Andy, just wondering why I would get this event everyday when starting computer?
Additional Info: Running CD on High setting, alongside Cyberlock, I have also stopped the scheduled Defender scans in Task Scheduler.
Thanks.
 
  • Like
Reactions: Andy Ful, simmerskool, Moonhorse and 2 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
Digmor Crusher said:
Event[0]:
Time Created : 2023-11-20 7:30:21 AM
ProviderName : Microsoft-Windows-Windows Defender
Id : 5001
Message : Microsoft Defender Antivirus Real-time Protection scanning for malware and other potentially unwanted software was disabled.

Andy, just wondering why I would get this event everyday when starting computer?
Additional Info: Running CD on High setting, alongside Cyberlock, I have also stopped the scheduled Defender scans in Task Scheduler.
Thanks.
Click to expand...
Check VS logs for a possible answer. Either that or possibly because you disabled scanning in TS.
 
  • Like
Reactions: Andy Ful, simmerskool, Freki123 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
Digmor Crusher said:
Event[0]:
Time Created : 2023-11-20 7:30:21 AM
ProviderName : Microsoft-Windows-Windows Defender
Id : 5001
Message : Microsoft Defender Antivirus Real-time Protection scanning for malware and other potentially unwanted software was disabled.

Andy, just wondering why I would get this event everyday when starting computer?
Additional Info: Running CD on High setting, alongside Cyberlock, I have also stopped the scheduled Defender scans in Task Scheduler.
Thanks.
Click to expand...
I can sometimes see such alerts. I think that they are related to the Defender updates. If so then this event should be followed by another event about enabling Real-time protection. But, I am not sure why you have this event every day when starting the computer.:unsure:
In the H_C < Blocked Events / Security Logs >, the event 5001 is skipped. It is present only in the CD Log.
 
Last edited:
  • +Reputation
Reactions: simmerskool
Digmor Crusher

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,400
I thought it may have something to do with Defender updates also as the Cyberlock log shows Windows downloading and installing a delta patch at the same time as the CD event. I've changed the setting in Task scheduler to allow the scan and no change, I still get the Defender event. I get this popup when starting the computer, not sure why it says I'm using another av program.
Screenshot 2023-11-20 161003.png
 
  • Like
Reactions: Andy Ful and simmerskool

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,059
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,405
Hard_Configurator Tools
South Park
South Park
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,212
Video Reviews - Security and Privacy
tofargone
tofargone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top