ConfigureDefender utility for Windows 10

JiSingh12

Level 3
Verified
Sep 1, 2018
136
Probably yes. But normally you should not see those alerts when opening PowerPoint or a new Word document. Such alerts suggest that you use in Word a custom template, 3rd party Add-in, or similar feature that needs VBA. I am not sure why Powerpoint triggers the ASR rule. There can be several reasons for such behavior. Can you post the GUID of this ASR rule? You can also look at ConfigureDefender Security Log for the name of this ASR rule.

Edit.
I assume that your computer is clean. In the worst scenario, such alerts can be also triggered when the computer is infected. But, then you should see other symptoms, so there is no need to worry.
Got it.

Computer is clean according to HMP and Malwarebytes so yeah all good on that front.
Powerpoint pop-up was caused by a 3rd party add-in, Office Timeline - ID: D4F940AB-401B-4EFC-AADC-AD5F3C50688A. But I have uninstalled this program now.

The word problem is not in the ConfigureDefender or SWH logs.
So must be something else so no worries will figure it out!

Thanks Andy :)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
The word problem is not in the ConfigureDefender or SWH logs.
So must be something else so no worries will figure it out!

Thanks Andy :)

The alert about VBA is related to the SWH setting "Documents Anti-Exploit". It applies the well known Windows policy that disables all VBA code in MS Office. This setting blocks all macros in documents and templates. It can also block running ActiveX/COM DLLs, Add-ins, and OLE features that depend on VBA.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Does everyone need advanced Defender settings?

The short answer for most people (home users) will be: NO.
This question is reasonable because the Defender default protection (with Edge SmartScreen) for home users is currently very similar to the protection of popular home AVs (on default settings).
Using the advanced Defender settings is similar to using advanced ATP settings in other AVs. Some people may like it and some probably do not need it.

Anyway, using advanced Defender settings at home can be seriously considered in some cases, for example:

  1. The computer is used both in-home and work.
  2. The ASR rules for MS Office can be recommendable when MS Office is installed.
  3. Using other ASR rules is a good idea to protect happy clickers and children.
  4. The Cloud Protection Level set to Highest is (also) a very good anti-ransomware protection.
  5. The settings in the "Admin: Smartscreen" section in ConfigureDefender (for IE and legacy Edge) can be useful for people who still use the older versions of Windows 10.(y)
 
Last edited:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Im currently enjoying vivaldi browser instead of edge while using defender..is the smartscreen only thing im missing here? As you said before on some thread that bafs wont work on firefox, but will work on other chromium browsers like vivaldi as example

Im often using CIS with the vivaldi, brave, opera because theyre the browsers that wont support something like avast/ avg web filtering....but i dont think im going CIS now just because of vivaldi
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I was asked to make ConfigureDefender work also on Windows Server. After some tests, I decided to do it. The upcoming version of ConfigureDefender will work for Windows 10 build 1809 or Windows Server 2019, and higher versions. (y):)
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Hello Andy! On my PC, some unsigned apps take longer to load when Configure Defender is set at High. It's not a new thing.
On default settings, things are much faster. Enabling PUP/Network Protection don't have any impact. It must be something else that has the most impact. I know the best thing for me would be to enable one advanced feature each day to figure it out. But wanted to ask you in case you have an answer for it already.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hello Andy! On my PC, some unsigned apps take longer to load when Configure Defender is set at High. It's not a new thing.
On default settings, things are much faster. Enabling PUP/Network Protection don't have any impact. It must be something else that has the most impact. I know the best thing for me would be to enable one advanced feature each day to figure it out. But wanted to ask you in case you have an answer for it already.
Did you try to whitelist them in the ASR?
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Hello Andy! On my PC, some unsigned apps take longer to load when Configure Defender is set at High. It's not a new thing.
On default settings, things are much faster. Enabling PUP/Network Protection don't have any impact. It must be something else that has the most impact. I know the best thing for me would be to enable one advanced feature each day to figure it out. But wanted to ask you in case you have an answer for it already.
Could be the cloud protection level. Microsoft mentions that setting it to High Plus (labelled highest in CD) may affect system performance:
  • Not configured: Default state.
  • High: Applies a strong level of detection.
  • High plus: Uses the High level and applies extra protection measures (might affect client performance).
  • Zero tolerance: Blocks all unknown executables.
Haven't got any evidence to prove it's the cause; just spitballing. Try lowering the level to high and seeing if it makes any difference.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
There are a few features that are used when connecting the cloud backend:
  1. Cloud Protection Level - triggers advanced analysis.
  2. Cloud Check Time Limit.
  3. ASR rule "Use advanced protection against ransomware".
Another ASR rule that can have an impact on some applications is "Block credential stealing from the Windows local security authority subsystem (lsass.exe)"
 

Mjolnir

Level 2
Verified
Jul 4, 2019
69
ASR rule "Use advanced protection against ransomware" - is this the same thing as enabling controlled folder access or is there more to it?
 
  • Like
Reactions: Andy Ful

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
or is there more to it
in addition to CFA and completely different.
This rule provides an extra layer of protection against ransomware. It uses both client and cloud heuristics to determine whether a file resembles ransomware. This rule does not block files that have one or more of the following characteristics:

  • The file has already been found to be unharmful in the Microsoft cloud.
  • The file is a valid signed file.
  • The file is prevalent enough to not be considered as ransomware.
The rule tends to err on the side of caution to prevent ransomware.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
ASR rule "Use advanced protection against ransomware" - is this the same thing as enabling controlled folder access or is there more to it?

  1. ASR rule examines the execution of concrete files against ransomware methods and can block/kill ransomware processes.
  2. CFA can protect the concrete locations on disks (folders, disc sectors) against unauthorized processes. It does not detect/block/kill the ransomware processes, so other locations can be encrypted by ransomware.
 

Mjolnir

Level 2
Verified
Jul 4, 2019
69
When I go to settings in Edge browser there is a gray banner on the top that says "browser is managed by your organization", this is on a Win 10 home system. Is this caused from using Configure Defender? - I see the banner after returning the settings back to default and using the administrator account.
 
  • Like
Reactions: Andy Ful

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
When I go to settings in Edge browser there is a gray banner on the top that says "browser is managed by your organization", this is on a Win 10 home system. Is this caused from using Configure Defender? - I see the banner after returning the settings back to default and using the administrator account.
No, do you use a tool like O&O ShutUp 10++, or SpywareBlaster,?
Those tools can cause it.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Thank you so much Gandalf! - you are absolutely correct. I completely forgot about running O&O ShutUp.
I use it too and have all the Edge (old and new) settings on off.
For this and because you aways search when something is not working in Edge, what settings in O&O SU10 are responsible.
I now prefer to change the privacy settings in Edge itself.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
When I go to settings in Edge browser there is a gray banner on the top that says "browser is managed by your organization", this is on a Win 10 home system. Is this caused from using Configure Defender?
No.(y)
 
  • Like
Reactions: oldschool

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
When using Outlook and accessing my calendar Outlook gets unresponsive when fetching the weather forecast for my location with ConfigureDefender on High.
What (ASR rule?) could be causing this?
It's not happening with ConfigureDefender at Default.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top