ConfigureDefender utility for Windows 10/11
- Thread starter Andy Ful
- Start date
Did anyone see it working?
Configure low CPU priority for scheduled scans
This policy setting allows you to enable or disable low CPU priority for scheduled scans.
admx.help
It never worked for me. Here is a screenshot (Defender's full scan):
Last edited:
The setting proposed by Azazel is different from that in ConfigureDefender.
A feature enabling threat detection and response might be worth considering.
A subset of managed detection and response.
If you're running Microsoft Defender for Business, you'd need to upgrade to Microsoft Premium for Business to get them for an extra $11 a month.
While it offers a lot of value for the money, it also overlaps and duplicates apps I already have.
A subset of managed detection and response.
If you're running Microsoft Defender for Business, you'd need to upgrade to Microsoft Premium for Business to get them for an extra $11 a month.
While it offers a lot of value for the money, it also overlaps and duplicates apps I already have.
If I recall correctly, Threat Detection and Response (TDR) requires a Security Operations Center, which is unavailable for consumers, except for some Enterprises:
What Is Threat Detection and Response (TDR)? | Microsoft Security
Threat detection and response (TDR) is the proactive process of identifying and mitigating security risks or malicious activity to protect an organization's assets.
Features like TDR require a paid version of Microsoft Defender (with an incident console). For example:
Last edited:
ConfigureDefender ver. 4.0.0.1
1. Added new certificate (July 2024).
2. Adjusted the code to work with Windows Hybrid Hardening.
1. Added new certificate (July 2024).
2. Adjusted the code to work with Windows Hybrid Hardening.
I tested two new ASR rules on Windows 11 Home ver. 24H2:
- Block rebooting machine in Safe Mode
- Block use of copied or impersonated system tools
Nice. I've been trying to compare CD with DefenderUI recently.
"Block use of copied or impersonated system tools" blocked the manual install of HP Compaq Pro 6300 Graphics driver"
One (DefenderUI) has a fancier GUI and one is just down to business (ConfigureDefender). DefenderUI also has a couple added features and a background process running if you want. I prefer CD. That’s my two cents.any conclusion(s) yet?
Alsol CD is portable, DefenderUI needs to be installed.
This rule must be improved for several reasons. For example, it also blocks the installation and updates of Photoshop 25.5.0. The blocked file is "convert.exe" which is a renamed ImageMagick. The ASR rule wrongly thinks that "convert.exe" is a Windows system file convert.exe. There can be more such file name collisions.
Last edited:
Sort of difficult to compare as not the same names for things but DefenderUI has additional features like DefenderGuard to automatically reactivate protection. I like it, just was trying to see what the differences were and using only 14mb of ram is nothing.any conclusion(s) yet?
ConfigureDefender 4.0.1.1 beta
- Added two new ASR rules.
- Some corrections in the help files.
- Minor GUI changes.
I keep getting this block now Andy, anything to worry about? I assume its because I'm using the Interactive setting? Thanks.
Event[0]:
Time Created : 2024-10-25 7:46:09 AM
ProviderName : Microsoft-Windows-Windows Defender
Id : 1121
Message : Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
ID: 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
ConfigureDefender option: Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Detection time: 2024-10-25T12:46:09.878Z
User: NT AUTHORITY\SYSTEM
Path: C:\Windows\System32\taskhostw.exe
Process Name: C:\Windows\System32\lsass.exe
Target Commandline: taskhostw.exe -RegisterDevice -SettingChange
Parent Commandline:
Involved File:
Inheritance Flags: 0x00000000
Security intelligence Version: 1.419.704.0
Engine Version: 1.1.24080.9
Product Version: 4.18.24080.9
Event[0]:
Time Created : 2024-10-25 7:46:09 AM
ProviderName : Microsoft-Windows-Windows Defender
Id : 1121
Message : Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
ID: 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
ConfigureDefender option: Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Detection time: 2024-10-25T12:46:09.878Z
User: NT AUTHORITY\SYSTEM
Path: C:\Windows\System32\taskhostw.exe
Process Name: C:\Windows\System32\lsass.exe
Target Commandline: taskhostw.exe -RegisterDevice -SettingChange
Parent Commandline:
Involved File:
Inheritance Flags: 0x00000000
Security intelligence Version: 1.419.704.0
Engine Version: 1.1.24080.9
Product Version: 4.18.24080.9
Last edited:
In the HIGH Protection Level this ASR rule is disabled because the block is triggered for many benign applications that try to enumerate running processes and attempt to open them with exhaustive permissions. In your case, some service based on DLL tries to change settings.
Been thinking of swapping over to CD from DefenderUI. Just one less 3rd party that needs to run though I like the continuity of using DUI with CL.
I'm using CD over DefenderUI because its one less program to install, even though they both pretty much do the same thing.
You may also like...
-
Windows 11 Defender Tuning: Safer Settings That Don’t Hurt Performance- Started by Bot
- Replies: 1
-
Microsoft finally admits almost all major Windows 11 core features are broken- Started by Brahman
- Replies: 18
-
-
Windows 11 Patch Tuesday January 2026 (KB5074109, KB5073455)- Started by silversurfer
- Replies: 18
-
AExtending Bluetooth® LE Audio on Windows 11 with shared audio (preview)
- Started by Amanda Langowski
- Replies: 0