Andy Ful

Level 48
Verified
Trusted
Content Creator
...
WD is still weak at signature based detection, they are late at creating signatures but their investment in the cloud is being paid of.
They do not haste with signatures to keep a low rate of false positives in Enterprises. Many computers in Enterprises are connected to Intranet and have not got an Internet connection.
False positives in such a network can be more dangerous than malware. The computers which have the Internet connection are more vulnerable so they have to be protected by more aggressive and fast detection of WD cloud.
 

SeriousHoax

Level 10
Verified
Malware Tester
They do not haste with signatures to keep a low rate of false positives in Enterprises. Many computers in Enterprises are connected to Intranet and have not got an Internet connection.
False positives in such a network can be more dangerous than malware. The computers which have the Internet connection are more vulnerable so they have to be protected by more aggressive and fast detection of WD cloud.
Interesting.
 
  • Like
Reactions: oldschool

Andy Ful

Level 48
Verified
Trusted
Content Creator
Hi, Andy Ful
Any idea about this? I've seen this twice today for the very first time
View attachment 225197
There can be many sources of this alert. It is probably a false positive, when you use 3rd party application which uses a service to do something on disk. In rare cases, it can be also a malware hiding under svchost.
If you can find out the application which uses a service to something in Video folder, then you can probably exclude this folder in that application.
Do you use SCPToolkit?
 
Last edited:

SeriousHoax

Level 10
Verified
Malware Tester
There can be many sources of this alert. It is probably a false positive, when you use 3rd party application which uses a service to do something on disk. In rare cases, it can be also a malware hiding under svchost.
Hmm probably a false positive as there shouldn't be any malware on my system. But I'll do some scanning.
Here's another strange one related to Ccleaner about accessing protected memory. Notified the last two time I opened CCleaner but never before. CCleaner hasn't been updated either.
de.PNG
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
Hmm probably a false positive as there shouldn't be any malware on my system. But I'll do some scanning.
Here's another strange one related to Ccleaner about accessing protected memory. Notified the last two time I opened CCleaner but never before. CCleaner hasn't been updated either.
View attachment 225202
That is normal for such applications. Similar issues were observed when using Hard Disk Sentinel. Just exclude CCleaner64.exe in Controlled Folder Access.
 

oldschool

Level 36
Verified
@Andy Ful or other members, can you please comment on this Wilders' post, especially the last phrase?:emoji_thinking: Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs
If malware can never run, then you don't need any security tools. But you should always cover all kinds of scenarios. What if you get tricked into running malware? Then AV and behavior blocker should come into action. And I don't believe that Win Def has got any behavior blocker, so once malware is allowed to run, it's indeed game over, but feel free to correct me.
Edit: added italics.
 
Last edited:

Andy Ful

Level 48
Verified
Trusted
Content Creator

oldschool

Level 36
Verified
The guy believes in something. He does not say that he knows how WD works and what is the reason for his beliefs. He does not say that we must share his beliefs. Everyone has the right to have personal beliefs which do not hurt others.:giggle:(y)
Yes, I realize this but I was asking for a more detailed or expanded description of WD behavior-blocking features. I ask for my own education and not to debate or defeat the OP.
 

blackice

Level 11
Verified
The guy believes in something. He does not say that he knows how WD works and what is the reason for his beliefs. He does not say that we must share his beliefs. Everyone has the right to have personal beliefs which do not hurt others.:giggle:(y)
He has many strong opinions, some popular, some not so much. It fosters discussion. :ROFLMAO:
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
ASR is behaviour blocking, exploit Guard rules is also behaviour blocking, I'd like to see a more expanded ruleset ( hence my other thread on behaviour blockers ) but it's not like WD doesn't have any.
Yes, I realize this but I was asking for a more detailed or expanded description of WD behavior-blocking features. I ask for my own education and not to debate or defeat the OP.
Like most modern AVs, WD has behavior blocking capabilities included in Machine Learning models (locally and in the cloud). The ASR, Exploit Guard, Controlled Folder Access and other WD features are just extensions of it.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
The term 'Behavior Blocker' is not clear nowadays. So it is hard to comment if someone uses it.
I posted about it in the thread:

Many vendors use the term behavior-based detections, behavior-based heuristics, etc..
For example, behavior-based features are used by Windows Defender (behavior-based ML, AMSI ML), Trend Micro (OfficeScan), Symantec (Sonar), Kaspersky (System Watcher), F-Secure (DeepGuard), Eset (DNA), BitDefender (Advanced Threat Defense), Avast (Behavior Shield).
 

notabot

Level 12
Like most modern AVs, WD has behavior blocking capabilities included in Machine Learning models (locally and in the cloud). The ASR, Exploit Guard, Controlled Folder Access and other WD features are just extensions of it.
Isn't machine learning part of ATP only ? or you've found a way unlock yet another enterprise feature for home/pro users (at least locally) :unsure:
 

oldschool

Level 36
Verified