New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

[danb]

But the hardening isn't implemented yet, right? All i see is some kind of exploit protection engine. I like the SRP of SWH and they are not available in DUI Pro as far as I know.

Yes, @Gandalf_The_Grey is correct, DefenderUI Pro is basically DefenderUI Free with Windows Hardening, and it is already implemented.

 

[danb]

Games in Xbox App still can't launch

That's a bummer, I have been focusing on this block but cannot seem to figure out what exactly is being blocked.

Can you please send me a list of Xbox games that are being blocked and I will install them and fix this once and for all?

 

[danb]

An other block appears when I want to clean temporary files - dismhost.exe. I had to allow it. (Dynamic Security Posture enabled)
Information - dismhost.exe executes as a process with the local user's privileges typically within the context of its parent cleanmgr.exe.

This is supposed to be fixed, we will see how it goes... I will keep an eye on it.

 

[danb]

It's a bit vague.
Hope @danb can tell us more what his plans are with DUI Pro.

The new DefenderUI Pro features are Windows hardening features that block scripts, LOLBins, vulnerable processes, etc. The goal is to create a holistic engine that blocks all of these items, and to not block what should not be blocked as much as possible. As I was saying, a lot of hardening tools exclude a lot of file types because it creates too many unnecessary blocks. In addition, DefenderUI Pro also monitors executable files.

So it is kind of like a light anti-executable with anti-exploit, script, LOLBin and vulnerable process capabilities.

 

[danb]

View attachment 261313

What I think the above PRO features in yellow and green.

Yellow:
Microsoft Defender has a built-in tamper protection. Because DUI requires changing the M$ Defender settings, you probably need to disable tamper protection of M$D. The Pro feature compensates this loss in security, by offering a more granular tamper protection than the built-in M$D tamper protection.

Green:
The Anti_Malware and Anti-Exploit Contextual engine probably is VoodooShield's exploit protection. This means that vulnerable processes (like your browser or e-mail)are are not allowed to run programs. This is like extending the ASR rule block child processes of OFFICE programs to other vulnerable processes.

Dynamical Security Postures is probably the smart anti-execution lock of VoodooShield. Some processes are automatically whitelisted because their parent process is a safe process or because they are on the cloud white list. When your browser or e-mail is running, non-whitelisted processes are probably not allowed to run.

Because Dan is planning to offer DUI-PRO besides VoodooShield I don't know whether or not the Voodoo AI rating is taken into account, but he also said that they overlap, so the AI-rating might also be used in above features in the smart protection.

But let's see what Dan has to say about it.
I am running DUI-PRO along with Simple Windows Hardening. DUI-Pro is not Configure Defender + Simple Windows Hardening, but more like Configure Defender combined with OS-Armor.

@danb
When I de-installed DUI-PRO the Microsoft Defender Virus & Threat detection settings were not turned on again in the "Security at a glance console".

Yeah, that is a pretty accurate summary. The WLC scan included VoodooAi.

The uninstaller will not make any changes to the MD Settings. I am curious what settings were not turned on again because it seems to be working for me, but I will test it again.

 

[danb]

i CAN'T WAIT TO SEE HOW THE BLOCK lolBINS WORKS
Would powershell be a LOLbin?

Yes, powershell is monitored . The goal is to include every single script type, LOLBin and vulnerable process.

 

[danb]

I tried to install DefenderUI Pro and its driver installed endlessly. I had to resort to the Task Manager to end the install. Is this behaviour the result of me not having bought the Pro-licence or is it something more sinister?
After ending the install DefenderUI Pro seems to be installed properly.

Very odd. No, there is nothing sinister going on here . Especially since DefenderUI Pro is not even available for purchase.

I wonder if some other security software was blocking something? Just a guess.

 

[danb]

I launched Chrome browser for the first time in a few months... DUI asked me 12 times if I wanted to run chrome.exe. Each time I allowed it. Finally, it appeared on my Desktop.

Err... make that 13 times. I just got another allow request, while posting this message from Edge.

FYI... Interactive mode

This should be fixed .

 

[danb]

I launched also chrome (I used it frequently) and it didn't ask me anything (recommended mode). But when I launched Sandboxie, it asked me to allow sandboxie crypto for each browser - firefox, edge and chrome!

Sandboxie should be fixed as well .

 

[danb]

And sorry, I forgot this - In basic change cloud check timeout with expirarea verificării în cloud. Thank you!

Cool, thank you, the changes are included in the 0.95 beta version I am going to post soon.

 

[danb]

Dan I do miss a Disable/Install option like VS. Hard to keep DUI Pro b quite when installing, it goes berserk with prompts.

Yeah, we are going to have a way to disable the DefenderUI Realtime Protection (the new Pro features). I just have not figured out whether to include this with the MD Realtime Protection disabling or not.

 

[danb]

DefenderGuard section...
Words are cut in the French translation

View attachment 261320

Thank you, I will work on that soon.

 

[danb]

What Windows Defender UI Free or windows defender settings are adjusted with the "dynamic security postures" setting is enable?
Or is a Voodooshield technology locking down the computer?

Will the pro version be free? it will have a lifetime license? price?

Yeah, the Dynamic Security Postures feature basically works the same as it does in VS and basically locks down the computer when the user is browsing the web or checking email. None of the MD settings (or other DefenderUI features for that matter) are adjusted with this feature.

The Pro version is going to be free for quite some time, I have not even thought about all of that yet .

 

[danb]

Unable to open command prompt both on Search and Run. I have to exit DUI 0.92 to get access.

This is fixed .

 

[danb]

Would be nice if it worked like voodooshield, we could have pro version where you run new anti-malware and exploit shield on so called default settings wich you cant configure. And on the pro version you would have free hands to change configuration to meet your likes

But im ok with the free and pro versions , i like configure defender over free dui, but dui has that interface application where i can really see that settings are applied and working like i want. Whenever i see DUI the icon on startup it brings peacefulness

I see what you mean, but there are only going to be a handful of Pro settings. Really, DefenderUI Free is for users who want to use a different Windows hardening app (or not use one at all), where as DefenderUI Pro includes the hardening features.

 

[danb]

Does DUI Disable All works like Voodoo Disable / Install?

That is what I am trying to figure out... I think yes, that is probably the way to go. So Disable All will also disable the Windows hardening features.

 

[danb]

We could re-translate these sentences as:
- Scan niet op witte lijst voorkomende bestanden voor ze automatisch toe te laten
- Dynamische Beveiligingsinstelling (vergrendel automatisch de computer indien deze gevaar loopt)

- Blokkeer misbruik van geëxploiteerde gesigneerde stuurprogramma's
- Blokkeer stelen van referenties van Windows Local Security Authority Process subsystem (lsass.exe)
- Blokkeer het runnen van uitvoerbare bestanden, tenzij ze voldoen aan criteria van prevalentie, leeftijd of die van de veilige lijst

Thank you, please keep this here and I will fix this in a future version.

 

[danb]

@danb could you include UAC settings in the interface?

Maybe, but I am not sure MS would like that .

 

[danb]

Interesting, with this third party app in screenshot CMD works fine without the need to disable DUI Pro.

View attachment 261347

Yeah, this is a good example of context / process execution flow. Since this app was whitelisted and probably in a "safe" user space, it is allowed to do certain things that system items (for example), are not able to do. In other words, safe whitelisted apps should be able to run scrips and vulnerable processes, whereas other items should not be able to.

 

[danb]

@danb
I noticed that if I made the settings for the user, they are not the same for the administrator or vice versa. I had to make the settings for each user.

Yeah, each user has their own settings. This is so you can restrict certain users even more if you wish.