- Jul 14, 2015
- 781
The setting proposed by Azazel is different from that in ConfigureDefender.CPU setting is Always been there.
A feature enabling threat detection and response might be worth considering.
A subset of managed detection and response.
If you're running Microsoft Defender for Business, you'd need to upgrade to Microsoft Premium for Business to get them for an extra $11 a month.
While it offers a lot of value for the money, it also overlaps and duplicates apps I already have.
Nice. I've been trying to compare CD with DefenderUI recently.I tested two new ASR rules on Windows 11 Home ver. 24H2:
These rules work well, so I will add them in the next ver. of ConfigureDefender.
- Block rebooting machine in Safe Mode
- Block use of copied or impersonated system tools
any conclusion(s) yet?Nice. I've been trying to compare CD with DefenderUI recently.
"Block use of copied or impersonated system tools" blocked the manual install of HP Compaq Pro 6300 Graphics driver"I tested two new ASR rules on Windows 11 Home ver. 24H2:
These rules work well, so I will add them in the next ver. of ConfigureDefender.
- Block rebooting machine in Safe Mode
- Block use of copied or impersonated system tools
One (DefenderUI) has a fancier GUI and one is just down to business (ConfigureDefender). DefenderUI also has a couple added features and a background process running if you want. I prefer CD. That’s my two cents.any conclusion(s) yet?
Alsol CD is portable, DefenderUI needs to be installed.One (DefenderUI) has a fancier GUI and one is just down to business (ConfigureDefender). DefenderUI also has a couple added features and a background process running if you want. I prefer CD. That’s my two cents.
"Block use of copied or impersonated system tools" blocked the manual install of HP Compaq Pro 6300 Graphics driver"
Sort of difficult to compare as not the same names for things but DefenderUI has additional features like DefenderGuard to automatically reactivate protection. I like it, just was trying to see what the differences were and using only 14mb of ram is nothing.any conclusion(s) yet?
I keep getting this block now Andy, anything to worry about? I assume its because I'm using the Interactive setting? Thanks.
Event[0]:
Time Created : 2024-10-25 7:46:09 AM
ProviderName : Microsoft-Windows-Windows Defender
Id : 1121
Message : Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
ID: 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
ConfigureDefender option: Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Detection time: 2024-10-25T12:46:09.878Z
User: NT AUTHORITY\SYSTEM
Path: C:\Windows\System32\taskhostw.exe
Process Name: C:\Windows\System32\lsass.exe
Target Commandline: taskhostw.exe -RegisterDevice -SettingChange
Parent Commandline:
Involved File:
Inheritance Flags: 0x00000000
Security intelligence Version: 1.419.704.0
Engine Version: 1.1.24080.9
Product Version: 4.18.24080.9