ConfigureDefender utility for Windows 10/11

Vasudev

Level 33
Verified
Nov 8, 2014
2,247
@Andy Ful Is there any option to save settings of Cofiguredefender(CD)? I am confused on how to use it. BTW, CD enabled NIS protection which is a good thing. But most of time, some smartscreen settings to reverted to Block instead of User which I already set using Win security center.
On my Win 10 Pro machine, ASR rules were resetting to OFF when CD was running. On my Win 10 Home w/ Gpedit.msc regedit worked fine.
I did delete Local gpedit rules using winaero tweaker and did manually by booting into Linux as well.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
@Andy Ful Is there any option to save settings of Cofiguredefender(CD)? I am confused on how to use it. ...
The settings are written to the registry in the real-time. Yet, some other security can prevent PowerShell to do it. You can use the <Refresh> green button to see if the chosen settings were applied correctly. If there is a difference in the displayed settings before and after <Refresh>, then something is interfering with PowerShell.
If you have set Defender settings via GPO (Windows Pro) then you have to set those settings to "Not configured" by using gpedit.msc . Let me know If you will have problem with it.
Please, read also the information in the second part of the HELP - I put there some information about GPO and Registry keys.(y)
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,247
The settings are written to the registry in the real-time. Yet, some other security can prevent PowerShell to do it. You can use the <Refresh> green button to see if the chosen settings were applied correctly. If there is a difference in the displayed settings before and after <Refresh>, then something is interfering with PowerShell.
If you have set Defender settings via GPO (Windows Pro) then you have to set those settings to "Not configured" by using gpedit.msc . Let me know If you will have problem with it.
Please, read also the information in the second part of the HELP - I put there some information about GPO and Registry keys.(y)
I'm used to clicking Save and then memorizing each settings. My mem. muscle might be an issue. Then again, how to export current Configuredefender settings so that its easy to restore settings upon clean installing Windows 10?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
I'm used to clicking Save and then memorizing each settings. My mem. muscle might be an issue. Then again, how to export current Configuredefender settings so that its easy to restore settings upon clean installing Windows 10?
There is no such option. You have to choose one of the predefined options, and next you can adjust the settings to your needs. I recommend using <Defender high settings>.(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
I could not get this to install in shadow mode with Appguard off.

EDIT: Was able to pull GUI by running as admin.
ConfigureDefender cannot work with Shadow Defender in the shadow mode, because many Defender options require restarting the system.
It can work with AppGuard when powershell.exe is not protected by Guarded Apps feature. After finishing Defender configuration, the PowerShell protection can be activated again.
The above is true for every PowerShell restrictions - they have to be temporarily turned off to make Defender configuration.
 
Last edited:

Vasudev

Level 33
Verified
Nov 8, 2014
2,247
There is no such option. You have to choose one of the predefined options, and next you can adjust the settings to your needs. I recommend using <Defender high settings>.(y)
But that turns on controlled folder access that doesn't play nice with RTSS and MSI AB and few others even after whitelisting them in WD.
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
But that turns on controlled folder access that doesn't play nice with RTSS and MSI AB and few others even after whitelisting them in WD.
<Defender high settings> apply Controlled Folder Access in Audit mode - only warnings are displayed that something would be blocked when CFA would be enabled (but it is not). You can simply change CFA setting to Disabled to avoid CFA warnings.
 
F

ForgottenSeer 69673

ConfigureDefender cannot work with Shadow Defender in the shadow mode, because many Defender options require restarting the system.
It can work with AppGuard when powershell.exe is not protected by Guarded Apps feature. After finishing Defender configuration, the PowerShell protection can be activated again.
The above is true for every PowerShell restrictions - they have to be temporarily turned off to make Defender configuration.

can not get any restart. I have Defender high settings enabled. Appguard is disabled. What setting has to be changed to generate a restart? I am new to using this.
Thanks
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
can not get any restart...
I meant the full shutdown and a cold restart = reboot computer = Restart option from the power menu.
Many computers use the Fast Startup mode after Shut Down = Windows signs out of all user sessions, and next saves that state to the hibernation file.
When Fast Start is done many Defender settings are still not activated, also Shadow Defender did not restore your system back to its original state.
 
Last edited:

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
Scan all downloaded files and attachments
Sorry if the question has already been asked.
What does this setting do? Set WD to scan the files before they are even saved to the PC, while, if I disable it, files will be scanned only when the download is completed and the whole file is on the local PC?
Thanks :)
 
F

ForgottenSeer 69673

When Fast Start is done many Defender settings are still not activated, also Shadow Defender did not restore your system back to its original state.

Yes, I had the Shadow Defender issue a long time ago and have fast start up turned off. I have a batch file to turn it on and one to turn it off and yes, it take forever for my pc to fully boot up.
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Sorry if the question has already been asked.
What does this setting do? Set WD to scan the files before they are even saved to the PC, while, if I disable it, files will be scanned only when the download is completed and the whole file is on the local PC?
Thanks :)
If disabled, then after downloading the file it will not be automatically scanned by WD.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,623
@Andy Ful - Today I noticed that exclusions I removed from CFA and ASR kept reappearing. Might this be happening because I am not currently using WD? Or might it be a bug? Or, simple user ignorance? :unsure::unsure: :unsure:

BTW: When I use WD, I sometimes access it via Windows Security. When accessing this way using SUA, I only see added folders in CFA from SUA, and when in Admin. Account I see all folders. I suppose this makes sense, but I had not noticed this before.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
@Andy Ful - Today I noticed that exclusions I removed from CFA and ASR kept reappearing. Might this be happening because I am not currently using WD? Or might it be a bug? Or, simple user ignorance? :unsure::unsure::unsure:

BTW: When I use WD, I sometimes access it via Windows Security. When accessing this way using SUA, I only see added folders in CFA from SUA, and when in Admin. Account I see all folders. I suppose this makes sense, but I had not noticed this before.
Some exclusions in ASR, are automatically applied when you press <Child Protection> button or set the rule 'Block executable files from running unless they meet a prevalence, age, or trusted list criteria' to ON. Those rules are deleted when applying <Defender default settings> or <Defender high settings>.

208787


ConfigureDefender does not automatically add/remove the CFA rules.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
...
BTW: When I use WD, I sometimes access it via Windows Security. When accessing this way using SUA, I only see added folders in CFA from SUA, and when in Admin. Account I see all folders. I suppose this makes sense, but I had not noticed this before.
The default folders (Destop, Documents, Favorities, Music, Pictures, Video) are displayed only for the current account and for the Public account. All entries added manually (files and folders from any user profile) are displayed for all accounts. All manually added entries are stored in the Registry:
  1. HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications
  2. HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders
You should see the same manually added entries either on SUA or on Admin account.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,247
I tested ConfigureDefender in Windows 10 Insider Build 18841. The Tamper Protection prevents disabling two options:
  1. Behavior Monitoring.
  2. Scan all downloaded files and attachments.
Other options work as usual.(y)
Have you tried clicking Child protection and Configure Defender automatically switches to Max security mode after closing or hitting Refresh. I'm using Home edition.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Have you tried clicking Child protection and Configure Defender automatically switches to Max security mode after closing or hitting Refresh. I'm using Home edition.
Child protection = Max settings + SmartScreen set to Block + Hide Security Center.
Defender default settings < Defender high settings < Child Protection.
I recommend using 'Defender high settings'.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,247
Child protection = Max settings + SmartScreen set to Block + Hide Security Center.
Defender default settings < Defender high settings < Child Protection.
I recommend using 'Defender high settings'.
Ok... so that was the feature! I thought it was whitelisted system files and its children from being detected as malware. Child Protection = Max web safety and protection for Kids or paranoid users.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top