- Mar 29, 2018
- 7,613
Because Leo still doesn't understand how WD works!This test was not about WD maximum security, because the files were executed without MOTWs (from the local network).
Because Leo still doesn't understand how WD works!This test was not about WD maximum security, because the files were executed without MOTWs (from the local network).
He uses a special framework (for all AVs) which is convenient because it allows testing quickly many malicious samples from the local network. Anyway, such a testing framework has some downsides because a lot of the samples are run on the same Windows session.Because Leo still doesn't understand how WD works!
I understand both things. The point is that his WD tests have demonstrated either his ignorance or his true motives.He uses a special framework (for all AVs) which is convenient because it allows testing quickly many malicious samples from the local network. Anyway, such a testing framework has some downsides because a lot of the samples are run on the same Windows session
He is not a WD expert and he obviously does not share a good opinion about WD. I do not think that he wants intentionally bash WD, because this particular test would contradict such intentions. A few of his tests I saw could rather suggest that he really believed that WD is not as good as most of popular commercial AVs. This can partially follow from his tests and his testing framework. It can be also true that he slowly changes his mind.I understand both things. The point is that his WD tests have demonstrated either his ignorance or his true motives.
I read somewhere that WD will deploy BAFS "High" setting by default.Anyway, I think that WD on default settings can score slightly worse in Malware Protection tests due to the lack of BAFS protection.
Did you make an upgrade from Windows 7 or 8.1 recently?Today I tried to launch ConfigureDefender v3.0.0.1 and I get...
I then tried to launch SimpleWindowsHardening v1.0.0.2 and got the same notice, however the second time I launched SWH it wanted to reboot my PC. After doing that SWH loaded... but still no CD launch.
Coincidentally, 30 minutes earlier I attempted to launch a .bat file and it was blocked, so presumably SWH was active, even though I could not launch it.
Only running Windows Defender.
Win10 Home x64 v2004.
I've been on Win10 for quite some time...Did you make an upgrade from Windows 7 or 8.1 recently?
What is the value of the Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentBuildNumber
The values are OK. No idea what is the source of your issue. The application gets the wrong info about your Windows version. I wonder if someone else has a similar problem with Windows 10?I've been on Win10 for quite some time...
This issue has occurred in the past with both apps. For now, I'll step away from these tools, as I worry that one day I may be locked out from reversing custom entries and changes outside Windows defaults. Thanks for your help. Best going forward.No idea what is the source of your issue.
Thanks for reporting - it is an interesting issue. Fortunately, the scenario when one could not run Configuredefender or SWH after making configuration never happened. Anyway, it would be a good idea to release the PowerShell script which can apply default WD settings (just in case).This issue has occurred in the past with both apps. For now, I'll step away from these tools, as I worry that one day I may be locked out from reversing custom entries and changes outside Windows defaults. Thanks for your help. Best going forward.
The problems were also reported by people on Windows 7 (with several AVs) and these problems were also random, sometimes the game worked and sometimes not (on the same computer with the same settings). Some problems can be greater with CFA because it protects not only the folders but also some system protected disk areas.Sharing one Windows Defender related problem here that I had today.
So today I enabled Controlled folder access on WD and few minutes later opened Epic Games Launcher to play Red Dead Redemption 2. Launcher.exe of Rockstar launcher was blocked by CFA so whitelisted that and restarted the launcher again. The game ran without anymore blocking from CFA but after opening I was getting an in game error, cannot connect to Rockstar, error 1014. Then restarted my system and ran the game again. Same error. Searched online and found many people facing similar issue on GTA V and Red Dead 2. One of the suggestion available on Reddit is to turn off real time protection of WD which seems to have worked for everyone on that thread.
Next, I didn't turn off Real time protection but turned off CFA, ran the game and it ran fine without any problem. I don't know what CFA is doing to prevent the game from connecting to server. There was no blocking notification, no log in Configure Defender, Firewall hardening. Really weird. Whether it's an issue from Microsoft's side or Rockstar's, I got no clue.
Sharing it here in case someone face this or other similar weird error with CFA turned on.
Quick question if you choose to answer. What would provide better protection, Configure Defender on High with Simple Windows Hardening or Configure Defender on High with Wise Vector? Thanks.Wisevector Stop-X is an interesting nomination. It is not invasive to the system, so its compatibility with the system is probably close to WD. It is very light and the detection is better than any other free AV on default settings. It does not have Internet Protection, so should be used with Edge browser or another web browser with good extensions (anti-phishing, Ad-blocker).
I think that stronger protection can be realized only with highly tweaked Comodo or WD (MAX settings).
It does not have Banking & Payments Protection (feature mentioned in OP), but I do not know any free AV that has such a feature. Wisevector Stop-X does not have Network Protection, but most free AVs do not have such a feature too - these free AVs that have it, do not have Botnet protection anyway.
One con that can be important for average users is too big false positives rate (similar to highly tweaked Comodo or WD on MAX settings).
The first applies stronger prevention against scripting and fileless malware that are the most prevalent malware in the wild. Wise Vector has very aggressive detection (many false positives), so it is probable that it can detect slightly more 0-day EXE malware as compared to WD HIGH preset.Quick question if you choose to answer. What would provide better protection, Configure Defender on High with Simple Windows Hardening or Configure Defender on High with Wise Vector? Thanks.
Hello @Andy FulConfigureDefender utility for Windows 10.
Developer website:
GitHub - AndyFul/ConfigureDefender: Utility for configuring Windows 10 built-in Defender antivirus settings.
Utility for configuring Windows 10 built-in Defender antivirus settings. - AndyFul/ConfigureDefendergithub.com
The dedicated ConfigureDefender webpage on Hard_Configurator website (thanks to @askalan):
ConfigureDefender utility is a GUI application to view and configure important Defender settings on Windows 10. It mostly uses PowerShell cmdlets (with a few exceptions). Furthermore, the user can apply one of three predefined settings: default, high, and child protection. Some settings require restarting the computer.
The child protection is mostly set to block anything suspicious via Attack Surface Reduction, Controlled Folder Access, SmartScreen (set to block), and 0-tolerance cloud level - also Defender Security Center is hidden.
ConfigureDefender utility is a part of the Hard_Configurator project, but it can be used as a standalone application.
.
Some important remarks on the possible ways used to configure Defender (for advanced users).
.
Windows Defender settings are stored in the Windows Registry and most of them are not available from Windows Defender Security Center. They can be managed via:
a) Group Policy Management Console (gpedit.msc, not available in Windows Home edition),
b) Direct Registry editing (manual, *.reg files, scripts).
c) PowerShell cmdlets (set-mppreference, add-mppreference, remove-mppreference, only Windows 8.1+).
.
Normally, Windows Defender stores most settings under the key (owned by SYSTEM):
HKLM\SOFTWARE\Microsoft\Windows Defender
They can be changed when using Defender Security Center or PowerShell cmdlets.
.
Administrators can use Group Policy Management Console to override those settings. Group Policy settings are stored under another key (owned by ADMINISTRATORS):
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
Group Policy settings do not delete the normal Defender settings.
.
Direct Registry editing is usually made, under the second key (the first requires System Rights).
Applying Defender settings by Direct Registry editing under the key:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
is not recommended, on Windows editions which support Group Policy Management Console (for example PRO and Enterprise editions), because of some cons:
a) Those settings are not recognized by the Group Policy Management Console.
b) They can temporarily overwrite the Group Policy Management Console setup in the Registry, because they share the same Registry keys. Those changes are not permanent, because Group Policy configuration is not overwritten.
c) After some hours, those settings are automatically and silently back-overwritten by the Group Policy Refresh feature.
d) Those settings cannot be changed via the Defender Security Center (or PowerShell cmdlets), even if they are visible there (like folders and applications related to Controlled Folder Access).
.
In Windows 8.1+ Home edition, one can configure Defender settings (outside of the Defender Security Center), when using PowerShell cmdlets or via the manual Registry editing.
This may confuse some users, so ConfigureDefender utility can remove the settings made via Direct Registry editing under the key: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender .
That is required because those settings would override ConfigureDefender settings.
.
ConfigureDefender utility may be used also on Windows 10 Professional and Enterprise editions, if Administrator did not apply Defender policies via Group Policy Management Console. Normally all those policies are set to 'Not configured'. So, if Administrator applied Defender policies, then they must be set first to 'Not configured' before using ConfigureDefender.
.
Those settings can be found in the Group Policy Management Console:
Computer configuration >> Policies >> Administrative templates >> Windows components >> Windows Defender Antivirus.
The tabs: MAPS, MpEngine, Real-time Protection, Reporting, Scan, Spynet, and Windows Defender Exploit Guard, should be examined.
.
The below list shows which settings are available in ConfigureDefender for different Windows versions:
.
At least Windows 10:
Real-time Monitoring, Behavior Monitoring, Scan all downloaded files and attachments, Reporting Level (MAPS membership level), Average CPU Load while scanning, Automatic Sample Submission, PUA Protection, Cloud Protection Level (Default), Cloud Check Time Limit.
At least Windows 10, version 1607 (Anniversary Update):
Block At First Seen.
At least Windows 10, version 1703 (Anniversary Update):
Cloud Protection Level (High level for Windows Pro and Enterprise), Cloud Check Time Limit (Extended to 60s).
At least Windows 10, version 1709 (Creators Fall Update):
Attack Surface Reduction, Cloud Protection Level (extended Levels for Windows Pro and Enterprise), Controlled Folder Access, Network Protection.
Edit
Post edited - new link to ConfigureDefender added.
Thanks. It is obsolete after the renovation of the H_C website this year. I will ask MT staff to allow corrections.Hello @Andy Ful
This link https://hard-configurator.com/configuredefender.html is obsolete
View attachment 249605