Vasudev

Level 28
Verified
So you are using the early Insider version which will be finally pushed in the next year. We have to wait until it will be more mature, and then we will see if it is a bug or M$ decided to block more configuration changes (also with PowerShell) when Tamper Protection is active.(y)
No, I'm using v1903.30
 
  • Like
Reactions: Andy Ful and shmu26

Andy Ful

Level 40
Content Creator
Trusted
Verified
No, I'm using v1903.30
I tested ConfigureDefender in Windows 10 Insider Build 18841. I expected that it should be 19H2 but in fact, it is 20H1. So, I tested the build which is planned to be pushed in the next year. On this build, either H_C and ConfigureDefender works well, but two options in Configuredefender, mentioned by me, are protected by WD Tamper Protection.
 

oldschool

Level 26
Verified
@Freki123 - I enabled ConfigureDefender "Default" profile and cloud protection is enabled and displays in Windows Security. This is included in the MS default setting, which leaves only Controlled Folder Access disabled. CD's "Default", "High" and "Child Protection" are pre-configured options. Users may choose a custom configuration by enabling or changing individual features after selecting any of the three ConfigureDefender protection levels.

We will update the "Help" section and include your suggestion to provide more clarity for users, especially average users. :)(y)
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
"In Microsoft Defender ATP, the secure score is the path to achieving this. Through the top recommendations, we suggest a prioritized list for securing your devices, with a relative ranking of the overall impact to your security posture. We are also exploring ways to provide useful comparisons using this framework."
212386


Introducing the security configuration framework: A prioritized guide to hardening Windows 10 - Microsoft Security

The top four recommendations can be applied on Windows 10 Home via ConfigureDefender (or PowerShell cmdlets) and Windows Updates.
 

Vasudev

Level 28
Verified
"In Microsoft Defender ATP, the secure score is the path to achieving this. Through the top recommendations, we suggest a prioritized list for securing your devices, with a relative ranking of the overall impact to your security posture. We are also exploring ways to provide useful comparisons using this framework."
View attachment 212386

Introducing the security configuration framework: A prioritized guide to hardening Windows 10 - Microsoft Security

The top four recommendations can be applied on Windows 10 Home via ConfigureDefender (or PowerShell cmdlets) and Windows Updates.
Haha...
Faulty OS updates and putting the SoA in an unbootable will invalidate all scores.
Does configuredefender needs updating? I'm at version 2.0.0.0 and product version 33.0.xx.xx
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
Haha...
Faulty OS updates and putting the SoA in an unbootable will invalidate all scores.
Does configuredefender needs updating? I'm at version 2.0.0.0 and product version 33.0.xx.xx
Windows Updates are equally revelant for all security solutions with any AV. Yet, by using WD the user has greater chances to avoid update problems.:giggle:
For now, Microsoft did not introduce the new features, so the update will be the cosmetic one.
 

Freki123

Level 5
CofigureDefender doesn't respond and UI appears stuck! When you hover the tray icon you'll see Script Paused message.
Im on windows 10 64 bit 1809 both on laptop (home) and main pc.No fast ring of any kind active. My main pc is ryzen 2600 with a ssd and when i change for exampe from wd "default settings" to wd "high security settings" in configure defender it still needs about 2-3++ seconds before i can leave via the "close" button.
Test: Change settings form "default settings" to wd "high security settings" or the other way around and instantly hammer the close button. You still have to wait for (whatever is going on in the background with powershell or whatever to finish).
On my slower laptop it takes more time for sure.
Maybe a progress bar or a reminder that changes are done in the background that take time (for the impatient users would be nice).
Or just give the "done" button a timer before it can be pressed. So you know you have to wait before you can leave since stuff is done under the hood.
Never thought about it till i read Vasudev. I just wondered why after changing stuff i coudn't get out when i pressed "close".
I remember seeing the "script paused" message on my lapop also atleast once.
 
Last edited:

Andy Ful

Level 40
Content Creator
Trusted
Verified
...
Test: Change settings form "default settings" to wd "high security settings" or the other way around and instantly hammer the close button. You still have to wait for (whatever is going on in the background with powershell or whatever to finish).
On my slower laptop it takes more time for sure.
Maybe a progress bar or a reminder that changes are done in the background that take time (for the impatient users would be nice).
...
212387


Added the splash alert when applying time-consuming changes.(y)
 

Vasudev

Level 28
Verified
View attachment 212387

Added the splash alert when applying time-consuming changes.(y)
Hey, yours look way different than Configure defender I use? Maybe I'm lagging without any updates?

Im on windows 10 64 bit 1809 both on laptop (home) and main pc.No fast ring of any kind active. My main pc is ryzen 2600 with a ssd and when i change for exampe from wd "default settings" to wd "high security settings" in configure defender it still needs about 2-3++ seconds before i can leave via the "close" button.
Test: Change settings form "default settings" to wd "high security settings" or the other way around and instantly hammer the close button. You still have to wait for (whatever is going on in the background with powershell or whatever to finish).
On my slower laptop it takes more time for sure.
Maybe a progress bar or a reminder that changes are done in the background that take time (for the impatient users would be nice).
Or just give the "done" button a timer before it can be pressed. So you know you have to wait before you can leave since stuff is done under the hood.
Never thought about it till i read Vasudev. I just wondered why after changing stuff i coudn't get out when i pressed "close".
I remember seeing the "script paused" message on my lapop also atleast once.
You need to disable Tamper protection to apply on 19h1 and above.
I have the same issue like yours.
Try updating to latest v1903 MP engine for x64: http://download.windowsupdate.com/d/msdownload/update/software/defu/2019/04/updateplatform_3a5ced97c9ece5b58b50eae4481302c0815f03eb.exe
For other arch x86 and ARM64
 

Freki123

Level 5
@Andy Ful Perfect. Now all people will know changes are performed and patience is needed :)
@Vasudev For me it was about the unresponsive ui that you mentioned and since i had the same experience i wanted to chim in on that part.
Thanks for the links but i will take the windows "feature" updates as slow as i can and try to only get security updates. I Just wanted to give andy as much information as i could (since i never knew what would be relevant for a dev). I will stay with 1809 till windows forces a newer version on me :D (Or they develop a killer feature i coudn't life without).
 

Vasudev

Level 28
Verified
@Andy Ful Perfect. Now all people will know changes are performed and patience is needed :)
@Vasudev For me it was about the unresponsive ui that you mentioned and since i had the same experience i wanted to chim in on that part.
Thanks for the links but i will take the windows "feature" updates as slow as i can and try to only get security updates. I Just wanted to give andy as much information as i could (since i never knew what would be relevant for a dev). I will stay with 1809 till windows forces a newer version on me :D (Or they develop a killer feature i coudn't life without).
The linked are posted for updated WD with all features included for all W10 editions except Tamper protect and other newer tech. Usually its forced fed via WU. It'll upgrade your engine and protection updates to latest upstream WD build w/ updated 0 day detection and BAFS features.
 

shmu26

Level 78
Content Creator
Trusted
Verified
"In Microsoft Defender ATP, the secure score is the path to achieving this. Through the top recommendations, we suggest a prioritized list for securing your devices, with a relative ranking of the overall impact to your security posture. We are also exploring ways to provide useful comparisons using this framework."
View attachment 212386

Introducing the security configuration framework: A prioritized guide to hardening Windows 10 - Microsoft Security

The top four recommendations can be applied on Windows 10 Home via ConfigureDefender (or PowerShell cmdlets) and Windows Updates.
@Andy Ful what is your opinion of these security priorities, as far as home users are concerned? I mean, if you would publish an ad hoc version of the same for home users, what would the outline look like? The first two entries -- update the OS and enable ASR -- sound good to my ears. But after that, I dunno.
They also failed to detail which ASR rules are the more critical ones, and then they mentioned credential guard as a separate entry, and that is confusing.
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
@Andy Ful what is your opinion of these security priorities, as far as home users are concerned? I mean, if you would publish an ad hoc version of the same for home users, what would the outline look like? The first two entries -- update the OS and enable ASR -- sound good to my ears. But after that, I dunno.
They also failed to detail which ASR rules are the more critical ones, and then they mentioned credential guard as a separate entry, and that is confusing.
Only top four entries are available for home users. Controlled Folder Access is important (if one does not use default-deny setup) to protect Desktop and data folders.
"Fix antivirus reporting..." is related to inform the user that WD is set improperly and can help to apply WD default settings + PUA protection + update WD security intelligence.
 

shmu26

Level 78
Content Creator
Trusted
Verified
I have Network protection enabled, and it sporadically blocks a Windows store app called Microsoft To-Do.
Fortunately, the block does not seem to interfere with the functionality of the app. All it does is give me a good laugh. I assume that is the expected behavior of the user. Lol.

Your IT administrator has caused Windows Defender Exploit Guard to block a potentially dangerous network connection.
Detection time: 2019-04-15T10:10:14.744Z
User: S-1-5-21-3454378019-2768118530-1397810189-1001
Destination: http://185.151.204.12
Process Name: C:\Program Files\WindowsApps\Microsoft.Todos_1.54.2992.0_x64__8wekyb3d8bbwe\Todo.exe
 

Vasudev

Level 28
Verified
I have Network protection enabled, and it sporadically blocks a Windows store app called Microsoft To-Do.
Fortunately, the block does not seem to interfere with the functionality of the app. All it does is give me a good laugh. I assume that is the expected behavior of the user. Lol.

Your IT administrator has caused Windows Defender Exploit Guard to block a potentially dangerous network connection.
Detection time: 2019-04-15T10:10:14.744Z
User: S-1-5-21-3454378019-2768118530-1397810189-1001
Destination: http://185.151.204.12
Process Name: C:\Program Files\WindowsApps\Microsoft.Todos_1.54.2992.0_x64__8wekyb3d8bbwe\Todo.exe
Looks like Exploit guard is correct. Haha... Just use Google Todo app, feels much better and syncs properly w/o worrying about App being EOL or made open source when MSFT lose interest.
 

shmu26

Level 78
Content Creator
Trusted
Verified
Looks like Exploit guard is correct. Haha... Just use Google Todo app, feels much better and syncs properly w/o worrying about App being EOL or made open source when MSFT lose interest.
Indeed, also Google blocks this url. Pretty strange that a Microsoft-made app is accessing such an url.