ConfigureDefender utility for Windows 10/11

[Andy Ful]

Is not these two are the required for BAFS?
They are enabled by default!

View attachment 295800

BAFS is triggered after file download via Edge/Chrome browsers. It does not work on Malware tests when files are executed from flash drives or from network shares.

 

[Andy Ful]

The prevalence/age criteria ASR rule works for DLLs when they are executed via such LOLBins as:
Netsh, Odbcconf, OfflineScannerShell, Pcalua (DLL --> CPL), RunDLL32, Register-CimProvider, RegSvr32, Control (DLL --> CPL), etc.

 

[simmerskool]

It is not related in any way. So yes, keep it on High.

side note @Kongo & @Andy Ful I ran ConfigureDefender 4100 on win10 and it was blocked: DeepInstinct (secondary av)
threat prevented powershell ...s Defender; was identified as a trojan and is now blocked...
... DI Behavioral Analysis / malicious powershell command execution

so I went into the console and disabled DeepInstinct and re-enabled after the required reboot.
Just something to know...

 

[Parkinsond]

side note @Kongo & @Andy Ful I ran ConfigureDefender 4100 on win10 and it was blocked: DeepInstinct (secondary av)
threat prevented powershell ...s Defender; was identified as a trojan and is now blocked...
... DI Behavioral Analysis / malicious powershell command execution

so I went into the console and disabled DeepInstinct and re-enabled after the required reboot.
Just something to know...

Some security solutions are hypersensitive to running PS commands, regardless of the command nature.

 

[Andy Ful]

side note @Kongo & @Andy Ful I ran ConfigureDefender 4100 on win10 and it was blocked: DeepInstinct

Yes. That is normal. DeepInstinct does not know that ConfigureDefender is a friend, not an enemy (as @Parkinsond noted).