ConfigureDefender utility for Windows 10

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,236
The website also says this: No subscription is required for Microsoft Defender Preview. In the future, Microsoft Defender will require a Microsoft 365 Family or Personal subscription.

Does this mean there will a free and paid version for Windows Security/Defender? If so, time to start looking for another option. I cancelled my 365 subscription a couple of months ago. Excel/Word were excellent but I thought Outlook was a buggy complicated mess and One Drive occasionally did weird things like downloading folders it shouldn't have been or even deleting folders. Had a 21 gb music folder just disappear on my computer one day.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Does this mean there will a free and paid version for Windows Security/Defender? If so, time to start looking for another option.
I think with the paid version you will be able to protect devices on multiple platforms with one subscription like Android, Mac, iOS along with Windows.
On smartphones and I suppose on MacOS it's not free. Microsoft Defender is an integrated part of Windows, so I don't think they'll make this one paid.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
I had an absolutely ridiculous false positive from MD today. I had some screenshots of a poem on my phone that I had to print for someone. I made a 7zip file containing those images, uploaded to a site from my phone. Then I opened that site in my PC to download the zip. But MD blocked the download with "Trojan:Script/Ulthar.A!ml" detection.
Weird. I was using Edge to download. Then tried to download it via EagleGet Portable download manager and MD blocked it again.

z.pngx.png
I got curious, and this time created a 7zip file with password infected and uploaded to a different site from my phone and tried to download that on the PC. MD blocked it again with same detection even though it was password protected🤦‍♂️
c.png
MD's machine learning is becoming quite aggressive about zip files. It also detects password protected malicious zip files, which makes it frustrating to test malware. Sometimes the malware included in those zips aren't even detected by MD so I don't understand the logic.
But in today's experience, the zip files weren't even malicious. It contained harmless 5 image files. MD was running at default except PUA on, cloud timeout to 60 seconds and network protection.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I tried connecting my outlook.com mail account (username@live.com) to the MS Outlook desktop app. I have Microsoft 365.
I ran into a problem, apparently with ASR rules.

By default, Outlook desktop uses the Microsoft exchange protocol to sync with outlook.com accounts. I tried to do it that way, and although the initial setup worked, it required restarting the Outlook desktop app, at which point Outlook complained that it could not retrieve the necessary information, and failed to sync. Upon a second restart, it failed to start. This was reproducible. But nothing in H_C logs.

I then tried setting the account up manually, with the IMAP protocol. This worked, but if you do it this way, you only get your mail synced, but your online Microsoft calendar will not sync.

I then tried the default Microsoft exchange way, but with ASR rules off, and Microsoft Defender at default settings. It worked.

Then I reenabled ASR rules and other high settings for Defender, and Microsoft exchange continues to sync correctly.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hi,

Thank you!
It does not look like the info from the ConfigureDefender <Defender Security Log>. The info about any event must have the below format:

Event[...]: ...
Time Created : ...
ProviderName : Microsoft-Windows-Windows Defender
Id : ...
Message : ...

What Windows version do you use?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I tried connecting my outlook.com mail account (username@live.com) to the MS Outlook desktop app. I have Microsoft 365.
I ran into a problem, apparently with ASR rules.

By default, Outlook desktop uses the Microsoft exchange protocol to sync with outlook.com accounts. I tried to do it that way, and although the initial setup worked, it required restarting the Outlook desktop app, at which point Outlook complained that it could not retrieve the necessary information, and failed to sync. Upon a second restart, it failed to start. This was reproducible.

I then tried setting the account up manually, with the IMAP protocol. This worked, but if you do it this way, you only get your mail synced, but your online Microsoft calendar will not sync.

I then tried the default Microsoft exchange way, but with ASR rules off, and Microsoft Defender at default settings. It worked.

Then I reenabled ASR rules and other high settings for Defender, and Microsoft exchange continues to sync correctly.
Any blocked events in the Log?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Interesting.
I suspect that the HIGH settings could block some configuration processes. So, after finishing the configuration on default settings everything could work flawlessly also in HIGH settings.
Anyway, there are no blocked events in the log, so it is also possible that the issue was accidentally time-correlated, but the real source was not the ASR rules. I cannot say for sure what happened, but your way of solving the problem is recommendable. (y) :)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Interesting.
I suspect that the HIGH settings could block some configuration processes. So, after finishing the configuration on default settings everything could work flawlessly also in HIGH settings.
Anyway, there are no blocked events in the log, so it is also possible that the issue was accidentally time-correlated, but the real source was not the ASR rules. I cannot say for sure what happened, but your way of solving the problem is recommendable. (y) :)
It might be "network protection," just guessing. I remember a case in the past where it blocked a Microsoft service, ironically enough...
 

Stelica

Level 2
Sep 27, 2021
97
It does not look like the info from the ConfigureDefender <Defender Security Log>. The info about any event must have the below format:

Event[...]: ...
Time Created : ...
ProviderName : Microsoft-Windows-Windows Defender
Id : ...
Message : ...

What Windows version do you use?
Sorry, it's not the security log is info about Defender!
Windows 10 Pro 21H2
 
Last edited:

PD20

New Member
Oct 12, 2019
11
How would the use of Defender Configure and Simple Windows Hardening influence Microsoft Defender's performance /protection against being bypassed as discussed in another MT thread? Thanks
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top