Update ConfigureDefender utility for Windows 10

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,162
@Lenny_Fox,
In reply to your question (from another thread) about the maliciousness of TXT files.

If the system is already infected, then some TXT files can be malicious on that system. For example, the malware can simply change the file extension association, so Explorer will treat TXT files as BAT, VBS, or HTA, etc.
If the malware is properly removed from the system, then the default association is restored and the TXT file alone cannot be executed directly from the Explorer.

Thanks to @struppigel for the suggestion of sending the file to VirusTotal and only a link to MT. The user who has an API key with access to VirusTotal Intelligence can use this link to download and investigate the file without sending it to MT. Sending malicious files to MT is usually prevented, but if successful then this might decrease the reputation of MT website.:sick:
 
Last edited:

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,162
Its kind of impressive how such tool can live for year without any problems

Will give it a go later today i think , thanks for update

It is only a configurator, so the chances of conflicts are much smaller compared to 3rd party real-time protections. Anyway, some advanced settings can produce problems with false positives, especially in the Business environment.

1627807588052.png



In the Home environment, the HIGH settings can rarely be an issue.
 
Last edited:

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,162
A few days ago, I tested the possibility of installing the Chrome OS (CloudReady) on my old laptop. This required preparing a special USB stick by using Chromebook Recovery Utility (web browser extension). I tried to do it from my desktop Windows machine and noticed that sector modifications on the USB stick were blocked by Controlled Folder Access (Block Disk Modifications Only).
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,162
KIS has a firewall with application control. Would I have to add some kind of application control to get comparable protection?
Do you want to increase KIS protection or Defender protection? What config is your model to compare with?:unsure:
 
  • Like
Reactions: Nevi

Back3

Level 9
Apr 14, 2019
419
Do you want to increase KIS protection or Defender protection? What config is your model to compare with?:unsure:
I have Microsoft Defender with Configure Defender High on my PC. To get a comparable protection to KIS, would I have to add some kind of application control like H_C or just tweak CD....or both.... If I set CD to Interactive mode, is it a mild form of application control?
 
Last edited:

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,172
I have Microsoft Defender with Configure Defender High on my PC. To get a comparable protection to KIS, would I have to add some kind of application control like H_C or just tweak CD....or both.... If I set CD to Interactive mode, is it a mild form of application control?

Microsoft Defender at high settings via CD is comparable to KIS at default settings and H_C is probably superior to KIS at "maximum" settings.
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,162
I have Microsoft Defender with Configure Defender High on my PC. To get a comparable protection to KIS, would I have to add some kind of application control like H_C or just tweak CD....or both.... If I set CD to Interactive mode, is it a mild form of application control?
In the Home environment:
MD HIGH ~ KIS default.
MD INTERACTIVE ~ moderately tweaked KIS
MD + H_C Recommended ~ KIS (@Harlan settings) > SWH + MD INTERACTIVE > moderately tweaked KIS

Please consider that the above comparison is not science, but only my opinion. Furthermore, it cannot be extended to the Business environment.
The "comparable protection" means here that chances of infection are similarly small. It does not mean that both products have comparable features.

For most MT members, the ConfigureDefender HIGH settings and reasonable caution are recommended. The Default settings and some more caution are OK too.
The ConfigureDefender INTERACTIVE settings are stronger (for PE files) as compared to HIGH settings, due to the ASR prevalence rule.

SWH + MD INTERACTIVE is an interesting setup if one is patient enough to manage more blocked events.:)(y)
 

SeriousHoax

Level 38
Verified
Mar 16, 2019
2,739
@Andy Ful Can you clarify the warn mode for us?
Here's what I found in MS document.
With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. When a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes.
What is meant by the word "content" in this case? Is it the particular blocked content or the whole ASR rule will be unblocked for 24 hours if I select allow.
 
Top