Q&A ConfigureDefender utility for Windows 10

Bundled with PUP
None

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,419
OS
Windows 10

Brie

Level 4
Joined
Jan 1, 2018
Messages
170
OS
Windows 10
Antivirus
Bitdefender
nevermind. it was my 'norton web filter' that was deleting the download. thank you all. :oops:
 
Last edited:
Likes: Andy Ful
Joined
Jun 12, 2017
Messages
10
my windows defender blocks the download of this file. solutions?
thanks in advance. (y)
Using Admin Acct. Windows 10, go into Settings/Apps & Features and make sure Installing apps is maximum of "Warn me before installing apps from outside store". Also going into settings/Update & Security/Windows Security/App & browser control and make sure Check apps and files is set to warn, not block. Should make it possible to download and install. Hope it helps.
 

oldschool

Level 10
Verified
Joined
Mar 29, 2018
Messages
486
OS
Windows 10
Antivirus
AVG
Using Admin Acct. Windows 10, go into Settings/Apps & Features and make sure Installing apps is maximum of "Warn me before installing apps from outside store". Also going into settings/Update & Security/Windows Security/App & browser control and make sure Check apps and files is set to warn, not block. Should make it possible to download and install. Hope it helps.
Agreed. @Brie - ConfigureDefender will make all of this very simple since you may easily control all WD settings in one place.(y)
 

Andy Ful

Level 29
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,808
OS
Windows 10
Antivirus
Microsoft
my windows defender blocks the download of this file. solutions?
thanks in advance. (y)
This can happen if the user:
  • did not bypass the SmartScreen alert by choosing 'More info',
  • cannot bypass the SmartScreen alert because of non-default SmartScreen settings,
  • has non-default settings in Apps & Features which allow installation of apps only from Microsoft Store.
ConfigureDefender is whitelisted by Windows Defender signatures but not by SmartScreen, yet. If you have non-default SmartScreen settings in the Windows Defender Security Center, then change them to Warn - this will allow you to bypass SmartScreen alert.
Check also the settings in Apps & features (available from Power Menu) as in the post of @Reldel1.
You can restore your settings after running ConfigureDefender.
 
Last edited:
Joined
Apr 21, 2018
Messages
167
OS
Windows 10
Antivirus
Comodo
I used BD for a while,before 4 months in windows 10, never had false positives, but every time i dowloaded a file,even small, it took ages to scan with smartscreen and the most annoying thing was that many times caused freeze.
 

Andy Ful

Level 29
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,808
OS
Windows 10
Antivirus
Microsoft
You are the Man Andy! This may add a bit of push to MS to implement it or similar in WD Home. Your dedication is greatly appreciated! (y):)
Thanks. Actually, Microsoft is going to add ASR and maybe some other Defender settings to Windows Defender Security Center, in the next build. But, I doubt they noticed my little tool.(y)
 

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,419
OS
Windows 10
What is "block executable content from email client and webmail" all about? I mean, what webmail are they talking about?
If I use Gmail on Chrome, for instance, what will this rule block?
Or is it only for Outlook Online, on Microsoft browsers, and it blocks executable downloads?
 
Likes: oldschool

Andy Ful

Level 29
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,808
OS
Windows 10
Antivirus
Microsoft
What is "block executable content from email client and webmail" all about? I mean, what webmail are they talking about?
If I use Gmail on Chrome, for instance, what will this rule block?
Or is it only for Outlook Online, on Microsoft browsers, and it blocks executable downloads?
From the Microsoft article:
"
Rule: Block executable content from email client and webmail

This rule blocks the following file types from being run or launched from an email seen in either Microsoft Outlook or webmail (such as Gmail.com or Outlook.com):

  • Executable files (such as .exe, .dll, or .scr)
  • Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
  • Script archive files

Important
Exclusions do not apply to this rule.
"
Use Attack surface reduction rules to prevent malware infection
 

Andy Ful

Level 29
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,808
OS
Windows 10
Antivirus
Microsoft

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,419
OS
Windows 10
It looks like we will still need ConfigureDefender even after Redstone 5, because from what I read, it seems that Windows Security Center will just have one big button to toggle on and off for exploit protection, with no way to choose which particular ASR rules we want to use.
 

Andy Ful

Level 29
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,808
OS
Windows 10
Antivirus
Microsoft
There is an option in ConfigureDefender to activate Exploit Guard 'Network Protection'. There were some doubts if it works properly on Windows 10 Home and Pro, because the examples from the standard SmartScreen demo page (Demonstration malware website) were not blocked by 'Network Protection', and Microsoft claims that this feature is supported only on Windows 10 Enterprise (E3 and E5).
Use Windows Defender Exploit Guard to protect your network
First thing is that there is another demo page to test if 'Network Protection' is enabled:
SmartScreen Test
But still, there is the question if 'Network Protection' works in a similar way for non-Microsoft web browsers as SmartScreen for Edge and IE.
So I made the direct test on Windows 10 Pro ver. 1803:
  1. Found 20 phishing links that were blocked in Firefox by 'Network Protection' feature (FireFox native web filtering disabled).
  2. The fact of blocking the links was confirmed by checking Windows Event Log entry 1126.
  3. Any blocked link was also re-checked in Edge.
In all cases, the links were also blocked by SmartScreen in Edge.
Conclusion - 'Network Protection' uses SmartScreen and works for sure on Windows 10 Pro.

Edit.
Exploit Guard 'Network Protection' is supposed to work also outside web browsers. For example, if the malware tries to connect with the blacklisted web page, then it should be blocked, too.
I did not make the test for Windows 10 Home, but I am pretty sure that 'Network Protection' works also on the home version.
 
Last edited:

shmu26

Level 65
Verified
Joined
Jul 3, 2015
Messages
5,419
OS
Windows 10
There is an option in ConfigureDefender to activate Exploit Guard 'Network Protection'. There were some doubts if it works properly on Windows 10 Home and Pro, because the examples from the standard SmartScreen demo page (Demonstration malware website) were not blocked by 'Network Protection', and Microsoft claims that this feature is supported only on Windows 10 Enterprise (E3 and E5).
Use Windows Defender Exploit Guard to protect your network
First thing is that there is another demo page to test if 'Network Protection' is enabled:
SmartScreen Test
But still, there is the question if 'Network Protection' works in a similar way for non-Microsoft web browsers as SmartScreen for Edge and IE.
So I made the direct test on Windows 10 Pro ver. 1803:
  1. Found 20 phishing links that were blocked in Firefox by 'Network Protection' feature (FireFox native web filtering disabled).
  2. The fact of blocking the links was confirmed by checking Windows Event Log entry 1126.
  3. Any blocked link was also re-checked in Edge.
In all cases, the links were also blocked by SmartScreen in Edge.
Conclusion - 'Network Protection' uses SmartScreen and works for sure on Windows 10 Pro.

Edit.
Exploit Guard 'Network Protection' is supposed to work also outside web browsers. For example, if the malware tries to connect with the blacklisted web page, then it should be blocked, too.
I did not make the test for Windows 10 Home, but I am pretty sure that 'Network Protection' works also on the home version.
Thanks, Andy. The point you mentioned in your edit is very interesting. Url protection in the browser is nothing new, but system-wide url protection like that is something you would expect to see only in an advanced firewall, AFAIK.
 

HarborFront

Level 40
Content Creator
Verified
Joined
Oct 9, 2016
Messages
2,982
Hi @Andy Ful

My Emsisoft AM just expired and I let it go. I'm lazy now to use other AV so currently using Windows Defender now.

The current Windows version is 1803 and I have HMPA too. Any issue with them?

I guess I have to read through all the pages now.

Just ran the x64 version and I think there's a bug

When the GUI is open and I press to minimize it minimizes to the lower task bar ie. there's an icon there. There's another icon in the system tray. Is this correct?

Should I close (or press the 'X') the GUI after setting to 'High' setting?

Should I just use default setting and let HMPA handles all exploit issues?

Thanks
 
Last edited: