- Apr 24, 2016
- 7,256
DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender
- Thread starter danb
- Start date
What I think the above PRO features in yellow and green.
Yellow:
Microsoft Defender has a built-in tamper protection. Because DUI requires changing the M$ Defender settings, you probably need to disable tamper protection of M$D. The Pro feature compensates this loss in security, by offering a more granular tamper protection than the built-in M$D tamper protection.
Green:
The Anti_Malware and Anti-Exploit Contextual engine probably is VoodooShield's exploit protection. This means that vulnerable processes (like your browser or e-mail)are are not allowed to run programs. This is like extending the ASR rule block child processes of OFFICE programs to other vulnerable processes.
Dynamical Security Postures is probably the smart anti-execution lock of VoodooShield. Some processes are automatically whitelisted because their parent process is a safe process or because they are on the cloud white list. When your browser or e-mail is running, non-whitelisted processes are probably not allowed to run.
Because Dan is planning to offer DUI-PRO besides VoodooShield I don't know whether or not the Voodoo AI rating is taken into account, but he also said that they overlap, so the AI-rating might also be used in above features in the smart protection.
But let's see what Dan has to say about it.
I am running DUI-PRO along with Simple Windows Hardening. DUI-Pro is not Configure Defender + Simple Windows Hardening, but more like Configure Defender combined with OS-Armor.
@danb
When I de-installed DUI-PRO the Microsoft Defender Virus & Threat detection settings were not turned on again in the "Security at a glance console".
Last edited by a moderator:
i CAN'T WAIT TO SEE HOW THE BLOCK lolBINS WORKS 
Would powershell be a LOLbin?
Would powershell be a LOLbin?
- Jan 29, 2017
- 1,201
I've looked and looked, but I don't see "Tamper Protection". Where is it?
Stelica
Level 2
- Sep 27, 2021
- 97
Look in the home tab in the upper right corner under wellcome info - is written "Tamper Protection enabled".
if you click on it you will see the windows defender settings where "Tamper Protection" is enabled
Last edited:
- Jan 29, 2017
- 1,201
Missed that. Was looking for a on-off toggle on DUI. Thanks ... also, kudos to @Back3
fredvries
Level 1
- Oct 16, 2021
- 15
I tried to install DefenderUI Pro and its driver installed endlessly. I had to resort to the Task Manager to end the install. Is this behaviour the result of me not having bought the Pro-licence or is it something more sinister?
After ending the install DefenderUI Pro seems to be installed properly.
After ending the install DefenderUI Pro seems to be installed properly.
Stelica
Level 2
- Sep 27, 2021
- 97
I installed the DefenderUI Pro after exit DUI free and everything went well. It asked me to allow HiBit Uninstaller and I allowed it, of course!
Last edited:
- Jan 29, 2017
- 1,201
I launched Chrome browser for the first time in a few months... DUI asked me 12 times if I wanted to run chrome.exe. Each time I allowed it. Finally, it appeared on my Desktop.
Err... make that 13 times. I just got another allow request, while posting this message from Edge.
FYI... Interactive mode
Err... make that 13 times. I just got another allow request, while posting this message from Edge.
FYI... Interactive mode
Stelica
Level 2
- Sep 27, 2021
- 97
I launched also chrome (I used it frequently) and it didn't ask me anything (recommended mode). But when I launched Sandboxie, it asked me to allow sandboxie crypto for each browser - firefox, edge and chrome!
- Aug 19, 2017
- 278
Dan I do miss a Disable/Install option like VS. Hard to keep DUI Pro b quite when installing, it goes berserk with prompts.
Last edited:
- May 31, 2017
- 1,719
Guys, there are going to be blocks, that is the whole point of the beta test… at least we know the mechanism is working . These new features are only a couple of weeks old, so it is going to take some time to finish writing the rules.
Several people have asked about how DefenderUI Pro is different from SWH and OSArmor. I have said for a very long time now that I am not a huge fan of globally and blindly blocking anything. It simply breaks way too much stuff and the user is left wondering why his computer is not working properly. SWH is quite limited in scope and only blocks certain attacks, for example there is no anti-exploit or vulnerable process mechanism that I have found. OSArmor includes most or all of the potential attacks, but a lot of the options are disabled because enabling these options would interfere with normal operation.
The whole point of DefenderUI Pro is to include all possible attacks and to block what actually needs to be blocked and allow what actually needs to be allowed, in other words, smart windows hardening. Quite simply, the best of both worlds, but it is going to take a little bit of time.
I actually might change the name of the “Anti-Malware and Anti-Exploit Contextual Engine” option to Smart Window Hardening. BTW, there are a handful of other contextual engines on the market, but DefenderUI Pro has a few unique ideas that I am pretty sure have not been implemented by anyone, and I just thought of another extremely cool one today that I will implement soon.
Sure, there have been a couple of crazy block incidences, but overall it is looking great. Within a week or so we should have all of the rules figured out, so we are much closer than you think we are.
After you install the new version, please reset the whitelist in the DefenderGuard tab. There was a small bug that created a lot of blocks.
I will catch up on the rest of the posts I missed asap, but for now, here is the latest version…
DefenderUIPro 0.92 beta
SHA-256: 27157d2db0bece25d981f8671f7ce01b80788a7cc9345475f0a6ab0bb1d52ca8
. These new features are only a couple of weeks old, so it is going to take some time to finish writing the rules.Several people have asked about how DefenderUI Pro is different from SWH and OSArmor. I have said for a very long time now that I am not a huge fan of globally and blindly blocking anything. It simply breaks way too much stuff and the user is left wondering why his computer is not working properly. SWH is quite limited in scope and only blocks certain attacks, for example there is no anti-exploit or vulnerable process mechanism that I have found. OSArmor includes most or all of the potential attacks, but a lot of the options are disabled because enabling these options would interfere with normal operation.
The whole point of DefenderUI Pro is to include all possible attacks and to block what actually needs to be blocked and allow what actually needs to be allowed, in other words, smart windows hardening. Quite simply, the best of both worlds, but it is going to take a little bit of time.
I actually might change the name of the “Anti-Malware and Anti-Exploit Contextual Engine” option to Smart Window Hardening
. BTW, there are a handful of other contextual engines on the market, but DefenderUI Pro has a few unique ideas that I am pretty sure have not been implemented by anyone, and I just thought of another extremely cool one today that I will implement soon.Sure, there have been a couple of crazy block incidences, but overall it is looking great. Within a week or so we should have all of the rules figured out, so we are much closer than you think we are.
After you install the new version, please reset the whitelist in the DefenderGuard tab. There was a small bug that created a lot of blocks.
I will catch up on the rest of the posts I missed asap, but for now, here is the latest version…
DefenderUIPro 0.92 beta
SHA-256: 27157d2db0bece25d981f8671f7ce01b80788a7cc9345475f0a6ab0bb1d52ca8
- Aug 19, 2017
- 278
Thanks, 0.92 over the top with no issue. Just wanting to let you know about the blocks because I had to exit Dui to perform both Macrium Reflect installations and system backups. The word berserk was to pull your legs a bit. As far as Disable/Install it was a feature request if you and others think it useful.Guys, there are going to be blocks, that is the whole point of the beta test… at least we know the mechanism is working
DefenderUIPro 0.92 beta
SHA-256: 27157d2db0bece25d981f8671f7ce01b80788a7cc9345475f0a6ab0bb1d52ca8
Stelica
Level 2
- Sep 27, 2021
- 97
Hello Dan,
Do you think to remove prevent malware from ever infecting this system option because DUI Pro and VS are incompatible?
Also if you can, change Tamper protection activat with Protecție împotriva alterării activată for romanian language. Thank you!
Do you think to remove prevent malware from ever infecting this system option because DUI Pro and VS are incompatible?
Also if you can, change Tamper protection activat with Protecție împotriva alterării activată for romanian language. Thank you!
Last edited:
Have installed 0.92 and reset the whitelist. Recommended mode. Had to allow Hibit Uninstaller portable and Microsoft Medicagent. That's all.
Last edited:
Stelica
Level 2
- Sep 27, 2021
- 97
Just like you, but I had to allow sandboxie crypto twice!
- Apr 24, 2016
- 7,256
Stelica
Level 2
- Sep 27, 2021
- 97
DefenderUI Pro asked to allow filecoauth.exe. I approved it. I found this information - FileCoAuth.exe is not essential for the Windows OS and causes relatively few problems. FileCoAuth.exe is located in a subfolder of the user's profile folder (for instance C:\Users\USERNAME\AppData\Local\Microsoft\OneDrive\).
I think that windows security offers more informations such as account protection, application and browser control, device security, etc.
Last edited:
Stelica
Level 2
- Sep 27, 2021
- 97
And sorry, I forgot this - In basic change cloud check timeout with expirarea verificării în cloud. Thank you!
Similar threads
