badboy
Level 2
- Jan 20, 2025
- 74
I'm add Lolbins and recommended H_C. And turn on logging events. It's enough?
ConfigureDefender utility for Windows 10/11
- Thread starter Andy Ful
- Start date
- Mar 29, 2018
- 8,061
- Apr 16, 2017
- 3,137
@Andy Ful without me reading all 91 pages of posts... (I normally use danb's DefenderUI but on this VM I only use MSD and your tools), and my Defender systray icon has a yellow flag 
and it says Tamper Protection is Off. I assume I ran ConfigureDefender at default (or max or recommended) so should Tamper protection be off. should I just turn it ON from system Windows Security, or open ConfigureDefender and run it again? ie, is it normal for Tamper to be off after running CD?
and it says Tamper Protection is Off. I assume I ran ConfigureDefender at default (or max or recommended) so should Tamper protection be off. should I just turn it ON from system Windows Security, or open ConfigureDefender and run it again? ie, is it normal for Tamper to be off after running CD?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,970
ConfigureDefender does not change Tamper Protection. If I recall correctly DefenderUI does.
You should turn ON Tamper Protection.
- Apr 16, 2017
- 3,137
ThanksConfigureDefender does not change Tamper Protection. If I recall correctly DefenderUI does.
You should turn ON Tamper Protection.
& done!!
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,970
It looks like ConfigureDefender can also be downloaded from the WinGet repository:
winstall.app
WinGet installs ConfigureDefender into the directory:
%LocalAppData%\Microsoft\WinGet\Packages\AndyFul.ConfigureDefender_Microsoft.Winget.Source_8wekyb3d8bbwe
WinGet adds this directory to the PATH environment variable, so ConfigureDefender can be executed from anywhere by invoking the configuredefender variable (similarly to system executables).
Install ConfigureDefender with winget - winstall
Utility for configuring Windows 10 built-in Defender antivirus settings.
WinGet installs ConfigureDefender into the directory:
%LocalAppData%\Microsoft\WinGet\Packages\AndyFul.ConfigureDefender_Microsoft.Winget.Source_8wekyb3d8bbwe
WinGet adds this directory to the PATH environment variable, so ConfigureDefender can be executed from anywhere by invoking the configuredefender variable (similarly to system executables).
Does the Cloud Protection Level or "Block executables..." use the ISG or SmartScreen backend?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,970
It is possible that the "Block executables..." ASR rule somehow depends on "ISG without a SmartScreen backend (files with no MOTW)". But this rule also depends on the file age. If the file is known in the Microsoft cloud for more than 24 hours, it will be allowed even if ISG still blocks it.
There is no direct connection to SmartScreen. Both Cloud Protection Level and "Block executables..." ASR rule can block executables allowed by SmartScreen. For example, the ASR rule blocked my digitally signed applications a few times (allowed by SmartScreen).
Edit.
The ASR rule "Block executables ..." does not block MSI files and DLLs loaded by EXEs (cannot prevent DLL hijacking), but SAC (and WDAC ISG) can.
When protecting happy clickers with an enabled rule "Block executables ...", enabling also SAC makes sense.
Last edited:
Similar threads
