ConfigureDefender utility for Windows 10

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150

Brie

Level 10
Verified
Well-known
Jan 1, 2018
488
nevermind. it was my 'norton web filter' that was deleting the download. thank you all. :oops:
 
Last edited:
  • Like
Reactions: Andy Ful

Reldel1

Level 2
Verified
Jun 12, 2017
50
my windows defender blocks the download of this file. solutions?
thanks in advance. (y)
Using Admin Acct. Windows 10, go into Settings/Apps & Features and make sure Installing apps is maximum of "Warn me before installing apps from outside store". Also going into settings/Update & Security/Windows Security/App & browser control and make sure Check apps and files is set to warn, not block. Should make it possible to download and install. Hope it helps.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Using Admin Acct. Windows 10, go into Settings/Apps & Features and make sure Installing apps is maximum of "Warn me before installing apps from outside store". Also going into settings/Update & Security/Windows Security/App & browser control and make sure Check apps and files is set to warn, not block. Should make it possible to download and install. Hope it helps.

Agreed. @Brie - ConfigureDefender will make all of this very simple since you may easily control all WD settings in one place.(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
my windows defender blocks the download of this file. solutions?
thanks in advance. (y)
This can happen if the user:
  • did not bypass the SmartScreen alert by choosing 'More info',
  • cannot bypass the SmartScreen alert because of non-default SmartScreen settings,
  • has non-default settings in Apps & Features which allow installation of apps only from Microsoft Store.
ConfigureDefender is whitelisted by Windows Defender signatures but not by SmartScreen, yet. If you have non-default SmartScreen settings in the Windows Defender Security Center, then change them to Warn - this will allow you to bypass SmartScreen alert.
Check also the settings in Apps & features (available from Power Menu) as in the post of @Reldel1.
You can restore your settings after running ConfigureDefender.
 
Last edited:

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
I used BD for a while,before 4 months in windows 10, never had false positives, but every time i dowloaded a file,even small, it took ages to scan with smartscreen and the most annoying thing was that many times caused freeze.
 
  • Like
Reactions: Andy Ful and shmu26

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
You are the Man Andy! This may add a bit of push to MS to implement it or similar in WD Home. Your dedication is greatly appreciated! (y):)
Thanks. Actually, Microsoft is going to add ASR and maybe some other Defender settings to Windows Defender Security Center, in the next build. But, I doubt they noticed my little tool.(y)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
If ASR rules are enabled for MS Office, is it recommended to avoid using 3rd party anti-exploit protection for MS Office, for instance, the Exploit Mitigation in HitmanPro.Alert?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
What is "block executable content from email client and webmail" all about? I mean, what webmail are they talking about?
If I use Gmail on Chrome, for instance, what will this rule block?
Or is it only for Outlook Online, on Microsoft browsers, and it blocks executable downloads?
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
What is "block executable content from email client and webmail" all about? I mean, what webmail are they talking about?
If I use Gmail on Chrome, for instance, what will this rule block?
Or is it only for Outlook Online, on Microsoft browsers, and it blocks executable downloads?
From the Microsoft article:
"
Rule: Block executable content from email client and webmail

This rule blocks the following file types from being run or launched from an email seen in either Microsoft Outlook or webmail (such as Gmail.com or Outlook.com):

  • Executable files (such as .exe, .dll, or .scr)
  • Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
  • Script archive files

Important
Exclusions do not apply to this rule.
"
Use Attack surface reduction rules to prevent malware infection
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It looks like we will still need ConfigureDefender even after Redstone 5, because from what I read, it seems that Windows Security Center will just have one big button to toggle on and off for exploit protection, with no way to choose which particular ASR rules we want to use.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
There is an option in ConfigureDefender to activate Exploit Guard 'Network Protection'. There were some doubts if it works properly on Windows 10 Home and Pro, because the examples from the standard SmartScreen demo page (Demonstration malware website) were not blocked by 'Network Protection', and Microsoft claims that this feature is supported only on Windows 10 Enterprise (E3 and E5).
Use Windows Defender Exploit Guard to protect your network
First thing is that there is another demo page to test if 'Network Protection' is enabled:
SmartScreen Test
But still, there is the question if 'Network Protection' works in a similar way for non-Microsoft web browsers as SmartScreen for Edge and IE.
So I made the direct test on Windows 10 Pro ver. 1803:
  1. Found 20 phishing links that were blocked in Firefox by 'Network Protection' feature (FireFox native web filtering disabled).
  2. The fact of blocking the links was confirmed by checking Windows Event Log entry 1126.
  3. Any blocked link was also re-checked in Edge.
In all cases, the links were also blocked by SmartScreen in Edge.
Conclusion - 'Network Protection' uses SmartScreen and works for sure on Windows 10 Pro.

Edit.
Exploit Guard 'Network Protection' is supposed to work also outside web browsers. For example, if the malware tries to connect with the blacklisted web page, then it should be blocked, too.
I did not make the test for Windows 10 Home, but I am pretty sure that 'Network Protection' works also on the home version.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
There is an option in ConfigureDefender to activate Exploit Guard 'Network Protection'. There were some doubts if it works properly on Windows 10 Home and Pro, because the examples from the standard SmartScreen demo page (Demonstration malware website) were not blocked by 'Network Protection', and Microsoft claims that this feature is supported only on Windows 10 Enterprise (E3 and E5).
Use Windows Defender Exploit Guard to protect your network
First thing is that there is another demo page to test if 'Network Protection' is enabled:
SmartScreen Test
But still, there is the question if 'Network Protection' works in a similar way for non-Microsoft web browsers as SmartScreen for Edge and IE.
So I made the direct test on Windows 10 Pro ver. 1803:
  1. Found 20 phishing links that were blocked in Firefox by 'Network Protection' feature (FireFox native web filtering disabled).
  2. The fact of blocking the links was confirmed by checking Windows Event Log entry 1126.
  3. Any blocked link was also re-checked in Edge.
In all cases, the links were also blocked by SmartScreen in Edge.
Conclusion - 'Network Protection' uses SmartScreen and works for sure on Windows 10 Pro.

Edit.
Exploit Guard 'Network Protection' is supposed to work also outside web browsers. For example, if the malware tries to connect with the blacklisted web page, then it should be blocked, too.
I did not make the test for Windows 10 Home, but I am pretty sure that 'Network Protection' works also on the home version.
Thanks, Andy. The point you mentioned in your edit is very interesting. Url protection in the browser is nothing new, but system-wide url protection like that is something you would expect to see only in an advanced firewall, AFAIK.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Hi @Andy Ful

My Emsisoft AM just expired and I let it go. I'm lazy now to use other AV so currently using Windows Defender now.

The current Windows version is 1803 and I have HMPA too. Any issue with them?

I guess I have to read through all the pages now.

Just ran the x64 version and I think there's a bug

When the GUI is open and I press to minimize it minimizes to the lower task bar ie. there's an icon there. There's another icon in the system tray. Is this correct?

Should I close (or press the 'X') the GUI after setting to 'High' setting?

Should I just use default setting and let HMPA handles all exploit issues?

Thanks
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top