ConfigureDefender utility for Windows 10/11

Digmor Crusher said:
Had a look but I have no idea what these logs mean. But thanks for the idea. Unless Andy knows what's going on I'll have to try to figure it out by uninstalling Cyberlock and/or allowing Defender scanning again.
Click to expand...
I pointed you to the wrong log. You want to check Developer.ServiceLog.Log. Check that and if you can't ID the culprit, then uninstalling VS is the way to eliminate it as the problem or not.
 
  • Like
Reactions: [correlate], Digmor Crusher, Andy Ful and 1 other person
Digmor Crusher said:
Had a look but I have no idea what these logs mean. But thanks for the idea. Unless Andy knows what's going on I'll have to try to figure it out by uninstalling Cyberlock and/or allowing Defender scanning again.
Click to expand...
which version cyberlock, I've had one or 2 minor issues, sent CL log to Dan, he says he spotted it, and 7.62 coming soon.
 
  • Like
Reactions: [correlate], Digmor Crusher and Andy Ful
Digmor Crusher said:
I thought it may have something to do with Defender updates also as the Cyberlock log shows Windows downloading and installing a delta patch at the same time as the CD event. I've changed the setting in Task scheduler to allow the scan and no change, I still get the Defender event. I get this popup when starting the computer, not sure why it says I'm using another av program.
View attachment 279814
Click to expand...

Even if you installed another AV, Defender can still perform periodic scanning. You can disable it from Security Center.
1700522013921.png
 
  • +Reputation
  • Like
Reactions: [correlate], oldschool, ErzCrz and 1 other person
oldschool said:
I pointed you to the wrong log. You want to check Developer.ServiceLog.Log. Check that and if you can't ID the culprit, then uninstalling VS is the way to eliminate it as the problem or not.
Click to expand...
Yes, I looked there too, nothing looked funky but I really have no idea what to look for.
 
  • Like
Reactions: [correlate], simmerskool and oldschool
Digmor Crusher said:
Yes, I looked there too, nothing looked funky but I really have no idea what to look for.
Click to expand...
In which case, uninstall VS and restart machine to check for alerts or errors. Or restore the scheduled task for Defender you disabled.
 
Last edited:
  • Like
Reactions: [correlate], simmerskool and Digmor Crusher
oldschool said:
In which case, uninstall VS and restart machine to check for alerts or errors. Or restore the scheduled task for Defender you disabled.
Click to expand...
I restored the task, makes no difference. I uninstalled CS, and viola, no alerts anymore. So it seems like CS was the culprit, very strange indeed.
 
  • Like
Reactions: [correlate], simmerskool and Andy Ful
Digmor Crusher said:
Nope, I posted about an issue I was having with CL a few months ago in its thread and he didn't reply so I'm not going to bother this time.
Click to expand...
depending on forum dynamics, I think he does not check MT every day, and he may miss a post, but my experience emailing support, he has always quickly responded, and then responds back after he has investigated. I emailed him my log.log several days ago, he said he figured out issue from my log, and thinks that fix will be incorporated into 7.62. (that's why I asked...)
 
  • Like
Reactions: [correlate]
simmerskool said:
depending on forum dynamics, I think he does not check MT every day, and he may miss a post, but my experience emailing support, he has always quickly responded, and then responds back after he has investigated. I emailed him my log.log several days ago, he said he figured out issue from my log, and thinks that fix will be incorporated into 7.62. (that's why I asked...)
Click to expand...
Yah, he's usually very good at responding to issues or requests. I'm not going to post though as I've uninstalled CL for now.
 
  • Sad
  • Like
Reactions: [correlate] and simmerskool
Saw two new ASR rules which are currently in Preview:

Block rebooting machine in Safe Mode (preview)​

learn.microsoft.com

Attack surface reduction rules reference - Microsoft Defender for Endpoint

Lists details about Microsoft Defender for Endpoint attack surface reduction rules on a per-rule basis.
learn.microsoft.com

Block use of copied or impersonated system tools (preview)​

learn.microsoft.com

Attack surface reduction rules reference - Microsoft Defender for Endpoint

Lists details about Microsoft Defender for Endpoint attack surface reduction rules on a per-rule basis.
learn.microsoft.com
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: [correlate], kylprq, simmerskool and 4 others
Kongo said:
So does it basically block all files that have the same name as legitimate system files? Or does it go deeper? :unsure:

e.g. explorer.exe
Click to expand...
I was also wondering that. I think our MD expert @Andy Ful will be able to tell when he is able to test it or if there is any detailed info available about it online.
 
  • Like
Reactions: [correlate], simmerskool, oldschool and 2 others

You may also like...