ConfigureDefender utility for Windows 10

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
It cannot even if Defender is the main AV - there is no such option in ConfigureDefender.
I understand it is not in DefenderUI either. I only ask because after I installed ESET it had automatically disabled Defender periodic scanning (other 3d-party av do too), and for reasons I do not clearly recall, I manually enabled Defender periodic scanning. Then realized I did not really need or want those Defender periodic scans with ESET, but discovered that MS had moved & somewhat hid the disable switch, took me unnecessary time to find it and turn OFF Defender periodic scanning. :censored:
 

tisko4

New Member
Oct 23, 2022
8
i have defender+configure defender (high) , if i enable ransomware protection and firewall incoming connections will affect the settings of configuredefender? just a consern , thanks

Screenshot 2023-01-24 113443.jpg
Screenshot 2023-01-24 113550.jpg
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
i have defender+configure defender (high) , if i enable ransomware protection and firewall incoming connections will affect the settings of configuredefender? just a consern , thanks

View attachment 272374View attachment 272375
Firewall settings and Microsoft Defender settings are different, so changing one does not change another.
If you change the Ransomware Protection from Security Center, then this setting will also change in ConfigureDefender, and vice versa.
 

tisko4

New Member
Oct 23, 2022
8
Firewall settings and Microsoft Defender settings are different, so changing one does not change another.
If you change the Ransomware Protection from Security Center, then this setting will also change in ConfigureDefender, and vice versa.
can i ask, do you suggest configure defender (high) + ransomware protection (enable) + firewall setting (enable ) for better protection ? worth ? thanks
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
can i ask, do you suggest configure defender (high) + ransomware protection (enable) + firewall setting (enable ) for better protection ? worth ? thanks
It will increase the protection level. Is it worth the effort? This will highly depend on your activities and habits.
The only way is to try the setup in practice. (y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Andy just enjoying, just a question, does the core isolation enabled bring any benefit to a home user? Because mine was activated, now it is deactivated, it might be incompatibility with some driver. Thanks! :)
Yes, it increases security against low-level attacks (especially via vulnerable drivers). Such attacks are usually performed when the environment is already compromised on the administrative level by another malware or when the attacker has got physical access to the machine.
Unfortunately, Core Isolation can break some legal drivers used on home users' computers, so the benefit is limited.
It is especially beneficial in the business environment, which is far more vulnerable to low-level attacks.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
KnowBe4 Simulator Ransomware test

Part 1:
all attack scenarios detected/blocked.
ConfigureDefender set to HIGH + ASR prevalence rule (Block executable files from running unless they meet a prevalence, age, or trusted list criteria)

1679960769264.png



Part 2: 7 attack scenarios bypassed Defender.
ConfigureDefender set to HIGH (without enabled ASR prevalence rule):

1679961171001.png


---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

KnowBe4 Simulator uses loaders (*.cxp files) executed via WMI, that can load payloads (*.dlm, *.exe, *.bin, ...).
All files are created by the simulator and are different in each test.
The ASR prevalence rule can block such attacks. Many of them are also detected by Defender at the pre-execution level (behavior-based detections: Trojan:Win32/Wacatac.B!ml, Program:Win32/Wacapew.C!ml).
This is not a real-world test and cannot be used to show the true capabilities of AV. I used it to show the effectiveness of the ASR prevalence rule. Of course, all samples could be also blocked by enabling the ASR rule related to WMI commands. Other ASR rules did not block anything due to the special form of KnowBe4 tests.

Edit.
A similar test for other AVs was done on MT:
https://malwaretips.com/threads/ransomware-simulator-vs-10-avs.113267/#post-984441
Generally, most AVs scored poorly (with some exceptions). But, this can follow from a special testing procedure (uncommon in the wild).
 
Last edited:

Tiamati

Level 12
Verified
Top Poster
Well-known
Nov 8, 2016
574
@Andy Ful i'm not sure if here is the correct thread to discuss this, but i'd like your opinion about the argument I've read that using Windows Defender would be superior to other AV solutions as "noone knows Windows better than Microsoft".

In other words, the idea is based on the argument that using other AV private solutions would only add more vulnerabilities to your system as it needs to have privilege rights to work properly. And most companies would not integrate their solutions so well as Microsoft can.

If you think i should open a new thread to that, just let me know. Thank you.
 
F

ForgottenSeer 97327

In theory this claim is true, in practise it is not, because

Windows OS has so many lines of code that different developers are working on different programs and modules.

For efficiency reasons one developer does not contact another developer working on other programs. In stead those developers use the official documentation.

in theory internal documentation is more detailed than official documentation, but Microsoft also has strong policies on compatibility and false positives, which probably prohibits using all capabilities in default mode.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Andy Ful i'm not sure if here is the correct thread to discuss this, but i'd like your opinion about the argument I've read that using Windows Defender would be superior to other AV solutions as "noone knows Windows better than Microsoft".

In other words, the idea is based on the argument that using other AV private solutions would only add more vulnerabilities to your system as it needs to have privilege rights to work properly. And most companies would not integrate their solutions so well as Microsoft can.

If you think i should open a new thread to that, just let me know. Thank you.
The problem of 3rd party AV vulnerabilities is interesting, but not for home users. Nowadays, it has become even less important because Defender is the most popular AV at home (and most targeted).
You are right, such a discussion would require a separate thread.
 
F

ForgottenSeer 98186

@Andy Ful i'm not sure if here is the correct thread to discuss this, but i'd like your opinion about the argument I've read that using Windows Defender would be superior to other AV solutions as "noone knows Windows better than Microsoft".

In other words, the idea is based on the argument that using other AV private solutions would only add more vulnerabilities to your system as it needs to have privilege rights to work properly. And most companies would not integrate their solutions so well as Microsoft can.

If you think i should open a new thread to that, just let me know. Thank you.
The main advocates of sticking to Microsoft Defender is Google's Project Zero - particularly Tavis Ormandy. That team has found throughout their vulnerability research that Microsoft's developers mostly get it right when coding Defender.

Certain aspects of Defender are developed and maintained by subcontractors and\or sub-divisions not located in the USA. For example, Eastern Europe, Turkey and India.

The answer to the question "What is best AV?" is dependent upon what type of malware or exploit a user gets smacked with. At the end of the day, all the AV lab and Youtube test results do not matter. These all provide speculative results. The only thing that matters is how an AV handles any attack or infection that the user experiences personally.

As far as integration into Windows OS, it is correct that Microsoft does it better than any 3rd party AV. Does that translate into better protections? Perhaps in some corner cases that none of us are likely to encounter. Therefore, does it really matter?

Hardened Microsoft Defender and hardening the OS provide better overall protection with the caveat that the user has a certain level of understanding and ability to manage their own security.
 
Last edited by a moderator:

Tiamati

Level 12
Verified
Top Poster
Well-known
Nov 8, 2016
574
Ok guys. Tyvm for your help. I believe you were able to solve my doubts. I'm currently running hardened windows 10 with MD set to high by Hard configurator.

I used bitdefender and Kaspersky for a long time but I decided to give a MD a chance after reading @Andy Ful reports and because of the argumented o mentioned earlier. It has 2 years I'm using MD with no big problems. I recently had a problem with a cloned credit card but I believe i was victim of skimming, as after running 5 second opinion av scanners, I could find nothing. (Emsisoft , Hitman, Malwarebytes, eset, trendc.)

I can open a new thread, but I think a moderator could move this answers do a new topic , to help other people with your answers. And to allow more discussion


Tyvm . Peace.
 
F

ForgottenSeer 100397

I ran ConfigureDefender to see how it worked. Does ConfigureDefender recommend enabling "App & browser control" with the High Profile? Because the module failed to turn on. I attempted it three times and rebooted the system each time.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I ran ConfigureDefender to see how it worked. Does ConfigureDefender recommend enabling "App & browser control" with the High Profile? Because the module failed to turn on. I attempted it three times and rebooted the system each time.
The HIGH Protection Level of Configuredefender does not have any impact on the settings in the "App & browser control" (from Security Center), except for enabling PUA protection (Reputation-based protection >> Potentially unwanted app blocking >> Block apps).
Please check if this option is ticked. If it is, and "App & browser control" is still not turned ON, then it means that another option in "App & browser control" is not enabled (independent of Configuredefender).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top