Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="Andy Ful" data-source="post: 777764" data-attributes="member: 32260"><p>I made many similar tests like in the post <a href="https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/post-777268" target="_blank">Q&A - ConfigureDefender utility for Windows 10</a>.</p><p>The testing environment included two systems:</p><ul> <li data-xf-list-type="ul">S1, the fresh Windows 10 Home 64-bit ver. 1809 installed in the virtual machine;</li> <li data-xf-list-type="ul">S2, the real system: Windows 10 Pro 64-bit ver. 1809.</li> </ul><p>Some results were new for me.</p><ol> <li data-xf-list-type="ol">The WD demo from the webpage <span style="color: rgb(0, 168, 133)"><strong>demo.wd.microsoft.com/Page/BAFS</strong></span>, did not work for FireFox web browser as compared to how it had worked for Edge and Google Chrome. In the case of FireFox, it worked as if the "Block at first sight" feature was disabled (but it was not).</li> <li data-xf-list-type="ol">If the "Block at first sight" feature was disabled, then the samples created by <span style="color: rgb(0, 168, 133)"><strong>WD demo</strong></span> for Edge or Google Chrome, were not blocked after download at all (both S1 & S2). Those files were also not blocked after executing them from the Explorer (if the user bypassed SmartScreen). So, I left them on the disk and made a copy online by using OneDrive.<br /> After enabling the "Block at first sight" (system reboot required), some of the previously-not-blocked files were blocked on execution (from disk) and quarantined (both S1 & S2). The same samples were usually blocked when downloading them from OneDrive.</li> <li data-xf-list-type="ol">The <span style="color: rgb(0, 168, 133)"><strong>WD demo</strong></span> worked with Windows Defender default settings in the Windows 10 Home ver. 1809 (S1 system). Some files were blocked, and some were not. If I executed the missed samples (in S1) then none of them were blocked.</li> <li data-xf-list-type="ol">Next, I executed the missed samples in the real system with Defender high settings (S2 system) and about half of them were blocked and quarantined.</li> <li data-xf-list-type="ol">I returned to the virtual machine (S1 system), opened the folder with before-not-blocked samples, and the samples which were blocked in the real system (S2 system) were quickly detected and quarantined in the virtual machine (S1 system).</li> </ol><p></p><p><strong>Conclusions</strong></p><ol> <li data-xf-list-type="ol">"Block at first sight" works well with Edge and Google Chrome on all Windows 10 editions ver. 1809 (including Windows Home).</li> <li data-xf-list-type="ol">It is enabled by default (default WD settings, no tweaks).</li> <li data-xf-list-type="ol">The files missed by "Block at First sight" are usually missed on execution if the user bypass SmartScreen.</li> <li data-xf-list-type="ol">If the sample was blocked by "Block at first sight" on any particular machine, then all other machines can detect that sample, if they have enabled "Block at first sight" (induced detection). The 'induced detection' works on file access, so the sample copied from the pendrive can be detected too.</li> <li data-xf-list-type="ol">The 'induced detection' can have the important impact on the detection of 'a few-day' malware samples, but not on detection of 'never seen' samples. That can be also concluded from some tests done on Malware Hub by [USER=64646]askalan[/USER], [USER=28210]Av Gurus[/USER], and <a href="https://malwaretips.com/members/evjls-rain.51905/" target="_blank">Evjl's Rain</a> .</li> </ol><p>From Microsoft documentation, follows that the below (among others) Next Generation Protection advanced features are not available in Windows 10 Home and Pro editions (available only in Windows 10 E5):</p><ol> <li data-xf-list-type="ol">Advanced machine learning and AI based protection for apex level viruses and malware threats.</li> <li data-xf-list-type="ol">Advanced cloud protection that includes deep inspection and detonation.</li> </ol><p>Yet, the above features can still provide the 'induced protection' (see point 4 in Conclusions) for the users with Windows Home and Pro editions, if "Block at first sight" is enabled. Such protection can be important against the advanced threats like WannaCry or NotPetya, which first attack Enterprises (Windows 10 E5 installed).</p><p>Furthermore, many of MS Office threats are also directed to attack enterprises via embedded macros or scripts. They can usually be detected by 'Advanced cloud protection' and provide the 'induced protection' for Windows 10 Home and Pro editions, too.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 777764, member: 32260"] I made many similar tests like in the post [URL='https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/post-777268']Q&A - ConfigureDefender utility for Windows 10[/URL]. The testing environment included two systems: [LIST] [*]S1, the fresh Windows 10 Home 64-bit ver. 1809 installed in the virtual machine; [*]S2, the real system: Windows 10 Pro 64-bit ver. 1809. [/LIST] Some results were new for me. [LIST=1] [*]The WD demo from the webpage [COLOR=rgb(0, 168, 133)][B]demo.wd.microsoft.com/Page/BAFS[/B][/COLOR], did not work for FireFox web browser as compared to how it had worked for Edge and Google Chrome. In the case of FireFox, it worked as if the "Block at first sight" feature was disabled (but it was not). [*]If the "Block at first sight" feature was disabled, then the samples created by [COLOR=rgb(0, 168, 133)][B]WD demo[/B][/COLOR] for Edge or Google Chrome, were not blocked after download at all (both S1 & S2). Those files were also not blocked after executing them from the Explorer (if the user bypassed SmartScreen). So, I left them on the disk and made a copy online by using OneDrive. After enabling the "Block at first sight" (system reboot required), some of the previously-not-blocked files were blocked on execution (from disk) and quarantined (both S1 & S2). The same samples were usually blocked when downloading them from OneDrive. [*]The [COLOR=rgb(0, 168, 133)][B]WD demo[/B][/COLOR] worked with Windows Defender default settings in the Windows 10 Home ver. 1809 (S1 system). Some files were blocked, and some were not. If I executed the missed samples (in S1) then none of them were blocked. [*]Next, I executed the missed samples in the real system with Defender high settings (S2 system) and about half of them were blocked and quarantined. [*]I returned to the virtual machine (S1 system), opened the folder with before-not-blocked samples, and the samples which were blocked in the real system (S2 system) were quickly detected and quarantined in the virtual machine (S1 system). [/LIST] [B]Conclusions[/B] [LIST=1] [*]"Block at first sight" works well with Edge and Google Chrome on all Windows 10 editions ver. 1809 (including Windows Home). [*]It is enabled by default (default WD settings, no tweaks). [*]The files missed by "Block at First sight" are usually missed on execution if the user bypass SmartScreen. [*]If the sample was blocked by "Block at first sight" on any particular machine, then all other machines can detect that sample, if they have enabled "Block at first sight" (induced detection). The 'induced detection' works on file access, so the sample copied from the pendrive can be detected too. [*]The 'induced detection' can have the important impact on the detection of 'a few-day' malware samples, but not on detection of 'never seen' samples. That can be also concluded from some tests done on Malware Hub by [USER=64646]askalan[/USER], [USER=28210]Av Gurus[/USER], and [URL='https://malwaretips.com/members/evjls-rain.51905/']Evjl's Rain[/URL] . [/LIST] From Microsoft documentation, follows that the below (among others) Next Generation Protection advanced features are not available in Windows 10 Home and Pro editions (available only in Windows 10 E5): [LIST=1] [*]Advanced machine learning and AI based protection for apex level viruses and malware threats. [*]Advanced cloud protection that includes deep inspection and detonation. [/LIST] Yet, the above features can still provide the 'induced protection' (see point 4 in Conclusions) for the users with Windows Home and Pro editions, if "Block at first sight" is enabled. Such protection can be important against the advanced threats like WannaCry or NotPetya, which first attack Enterprises (Windows 10 E5 installed). Furthermore, many of MS Office threats are also directed to attack enterprises via embedded macros or scripts. They can usually be detected by 'Advanced cloud protection' and provide the 'induced protection' for Windows 10 Home and Pro editions, too. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
