ConfigureDefender utility for Windows 10/11

[Digmor Crusher]

you misunderstood something

Oldschool wondered/questioned why DefederUI was running in memory while every Defender setting can be set via registry or powershell (as Configure Defender does).

I meant that DefenderUI Pro is more like a Cyberlock lite, most here know that both DefenderUI and Configure Defender adjust Defenders settings.

 

[Andy Ful]

Guys, I hope than you do not post much about ConfigureDefender in the DefenderUI thread.

 

[Digmor Crusher]

Guys, I hope than you do not post much about ConfigureDefender in the DefenderUI thread.

And vice versa.

 

[LinuxFan58]

I meant that DefenderUI Pro is more like a Cyberlock lite, most here know that both DefenderUI and Configure Defender adjust Defenders settings.

Again misundestanding

Oldschool posted that for Defender settings tweaks everything could be set without needing a program running in the background.

I mentioned PRO, because it offers other protections and the free and pro sharing code is probably the reason it runs in memory.

As you stated

 

[rashmi]

I mentioned PRO, because it offers other protections and the free and pro sharing code is probably the reason it runs in memory.

Running in real-time allows DefenderUI and the Pro version to generate alerts and configure changes without a system restart, among other functions.

Please avoid cluttering this thread; instead, post questions or information in the DefenderUI thread.

 

[Parkinsond]

Can the ASR rule of "Block use of copied or impersonated system tools" stop this step?

The installer then started a fake svchost.exe (PID 9964) to begin stealing my data

 

[Andy Ful]

Can the ASR rule of "Block use of copied or impersonated system tools" stop this step?

"The installer then started a fake svchost.exe (PID 9964) to begin stealing my data"

Yes.

 

[Parkinsond]

What can the rule "Block executable files from running unless they meet a prevalence, age, or trusted list criterion" add more than WHHL WDAC for evaluating an exe file?
Are not both using the same backend?

 

[Andy Ful]

What can the rule "Block executable files from running unless they meet a prevalence, age, or trusted list criterion" add more than WHHL WDAC for evaluating an exe file?

Not much. However, the ASR rule is more dependent on the file prevalence, and WDAC on file reputation.

Are not both using the same backend?

Yes, but in a slightly different way.

 

[bazang]

CD is still 5A1. Thx @Andy Ful . Much appreciated. Better than Intune/Entra ID - at least for non-enterprise/government Windows.

 

[Parkinsond]

Not much. However, the ASR rule is more dependent on the file prevalence, and WDAC on file reputation.



Yes, but in a slightly different way.

I think using such ASR rule with WDAC/SAC is redundant to some extent; the ASR rule represents a relatively good substitue for WDAC, when WDAC could not be applied.

 

[Andy Ful]

CD is still 5A1. Thx @Andy Ful . Much appreciated. Better than Intune/Entra ID - at least for non-enterprise/government Windows.

You're welcome.