ConfigureDefender utility for Windows 10

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
WD is still weak at signature based detection, they are late at creating signatures but their investment in the cloud is being paid of.
They do not haste with signatures to keep a low rate of false positives in Enterprises. Many computers in Enterprises are connected to Intranet and have not got an Internet connection.
False positives in such a network can be more dangerous than malware. The computers which have the Internet connection are more vulnerable so they have to be protected by more aggressive and fast detection of WD cloud.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
They do not haste with signatures to keep a low rate of false positives in Enterprises. Many computers in Enterprises are connected to Intranet and have not got an Internet connection.
False positives in such a network can be more dangerous than malware. The computers which have the Internet connection are more vulnerable so they have to be protected by more aggressive and fast detection of WD cloud.
Interesting.
 
  • Like
Reactions: oldschool

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Hi, Andy Ful
Any idea about this? I've seen this twice today for the very first time
de.PNG
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hi, Andy Ful
Any idea about this? I've seen this twice today for the very first time
View attachment 225197
There can be many sources of this alert. It is probably a false positive, when you use 3rd party application which uses a service to do something on disk. In rare cases, it can be also a malware hiding under svchost.
If you can find out the application which uses a service to something in Video folder, then you can probably exclude this folder in that application.
Do you use SCPToolkit?
 
Last edited:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
There can be many sources of this alert. It is probably a false positive, when you use 3rd party application which uses a service to do something on disk. In rare cases, it can be also a malware hiding under svchost.
Hmm probably a false positive as there shouldn't be any malware on my system. But I'll do some scanning.
Here's another strange one related to Ccleaner about accessing protected memory. Notified the last two time I opened CCleaner but never before. CCleaner hasn't been updated either.
de.PNG
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hmm probably a false positive as there shouldn't be any malware on my system. But I'll do some scanning.
Here's another strange one related to Ccleaner about accessing protected memory. Notified the last two time I opened CCleaner but never before. CCleaner hasn't been updated either.
View attachment 225202
That is normal for such applications. Similar issues were observed when using Hard Disk Sentinel. Just exclude CCleaner64.exe in Controlled Folder Access.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
@Andy Ful or other members, can you please comment on this Wilders' post, especially the last phrase?:unsure: Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs
If malware can never run, then you don't need any security tools. But you should always cover all kinds of scenarios. What if you get tricked into running malware? Then AV and behavior blocker should come into action. And I don't believe that Win Def has got any behavior blocker, so once malware is allowed to run, it's indeed game over, but feel free to correct me.

Edit: added italics.
 
Last edited:

notabot

Level 15
Verified
Oct 31, 2018
703

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
The guy believes in something. He does not say that he knows how WD works and what is the reason for his beliefs. He does not say that we must share his beliefs. Everyone has the right to have personal beliefs which do not hurt others.:giggle:(y)

Yes, I realize this but I was asking for a more detailed or expanded description of WD behavior-blocking features. I ask for my own education and not to debate or defeat the OP.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
The guy believes in something. He does not say that he knows how WD works and what is the reason for his beliefs. He does not say that we must share his beliefs. Everyone has the right to have personal beliefs which do not hurt others.:giggle:(y)
He has many strong opinions, some popular, some not so much. It fosters discussion. :ROFLMAO:
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
ASR is behaviour blocking, exploit Guard rules is also behaviour blocking, I'd like to see a more expanded ruleset ( hence my other thread on behaviour blockers ) but it's not like WD doesn't have any.
Yes, I realize this but I was asking for a more detailed or expanded description of WD behavior-blocking features. I ask for my own education and not to debate or defeat the OP.
Like most modern AVs, WD has behavior blocking capabilities included in Machine Learning models (locally and in the cloud). The ASR, Exploit Guard, Controlled Folder Access and other WD features are just extensions of it.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The term 'Behavior Blocker' is not clear nowadays. So it is hard to comment if someone uses it.
I posted about it in the thread:

Many vendors use the term behavior-based detections, behavior-based heuristics, etc..
For example, behavior-based features are used by Windows Defender (behavior-based ML, AMSI ML), Trend Micro (OfficeScan), Symantec (Sonar), Kaspersky (System Watcher), F-Secure (DeepGuard), Eset (DNA), BitDefender (Advanced Threat Defense), Avast (Behavior Shield).
 

notabot

Level 15
Verified
Oct 31, 2018
703
Like most modern AVs, WD has behavior blocking capabilities included in Machine Learning models (locally and in the cloud). The ASR, Exploit Guard, Controlled Folder Access and other WD features are just extensions of it.

Isn't machine learning part of ATP only ? or you've found a way unlock yet another enterprise feature for home/pro users (at least locally) :unsure:
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top