New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

[Kongo]

Hey @Tutman ,

I personally think that you rely too much on security software. There are quite a few people that are not running an AV at all and never get infected. With being careful online, doing regular software and OS updates and by using some kind of browser protection you can achieve so much without an antivirus at all. Computer security doesn't only consist of installing a bunch of securty software and the thinking that they can handle any threat out there. My advice would be that you try minimize the risk of being infected in the first place by blocking possible ways through which you could get infected. For example does Simple Windows Hardening block the use of PowerShell scripts which shouldn't be a problem for the average user as it's barely used but it prevents one way of getting infected. Try a DNS service like NextDNS as mentioned above which blocks malicious and phishing sites, harden your system with tools like Simple Windows Hardening that further reduce your attack surface and use an antivirus of choice that you trust. More security software does not mean that you get more protection! The most important thing is to kind of lock down the main entry point of malware which is most likely the browser on your system. Thats why I recommend NextDNS as it doesn't only block sites that are known as malicious but it also blocks domains that can be potentially malicious because of malicious attributes.

Some example protections of NextDNS:

Spoiler: NextDNS

So what I basically tried to say is that you should focus on more than just your security software.

 

[codswollip]

'swatted', please explain

'swatted' at DuckDuckGo

DuckDuckGo. Privacy, Simplified.

duckduckgo.com

 

[Tutman]

'swatted', please explain

Swatting entails generating an emergency law enforcement response against a target victim under false pretenses. ... Swatters do this by making phone calls to emergency lines like 911 and falsely reporting a violent emergency situation, such as a shooting or hostage situation.

In my case they posted on craiglist and emails to the police and all my family and friends.

 

[Tutman]

@Tutman If you don't have an old lifetime license for GW I'd rather spend the money on a full (e.g. Kaspersky) Internet security license and tweak the settings more paranoid (if wanted). Yes on GW you see that e.g svchost is clean but how do you know it's not abused by another process (Lolbin or such) ? My knowledge would be not good enough for that.
To be on topic: Like Gandalf said if you are not using MS Defender as main AV better try Voodooshield because the other ones are created to "beef up" MS Defender.

On glasswire I can look at every svhost connection and it shows where it is connecting to.

 

[Tutman]

Hey @Tutman ,

I personally think that you rely too much on security software. There are quite a few people that are not running an AV at all and never get infected. With being careful online, doing regular software and OS updates and by using some kind of browser protection you can achieve so much without an antivirus at all. Computer security doesn't only consist of installing a bunch of securty software and the thinking that they can handle any threat out there. My advice would be that you try minimize the risk of being infected in the first place by blocking possible ways through which you could get infected. For example does Simple Windows Hardening block the use of PowerShell scripts which shouldn't be a problem for the average user as it's barely used but it prevents one way of getting infected. Try a DNS service like NextDNS as mentioned above which blocks malicious and phishing sites, harden your system with tools like Simple Windows Hardening that further reduce your attack surface and use an antivirus of choice that you trust. More security software does not mean that you get more protection! The most important thing is to kind of lock down the main entry point of malware which is most likely the browser on your system. Thats why I recommend NextDNS as it doesn't only block sites that are known as malicious but it also blocks domains that can be potentially malicious because of malicious attributes.

Some example protections of NextDNS:


So what I basically tried to say is that you should focus on more than just your security software.

Well my first mistake a few years ago was removing the older version of OSA when it went to paid. It still worked and I don't think I replaced it with anything similar until recently which I now use SWH and it has already been blocking a few powershell attempts late last year! And I shall keep @WiseVector running for the foreseeable future as it caught an injector attempt with powershell if I had only been more cautious and kept using it at the time. (Picture included!) And my main AV alerting about NOTHING
and multilple AV scanners after this found nothing also! And yes switching my DNS would be a very good idea. Thanks!

 

[Kongo]

Well my first mistake a few years ago was removing the older version of OSA when it went to paid. It still worked and I don't think I replaced it with anything similar until recently which I now use SWH and it has already been blocking a few powershell attempts late last year! And I shall keep @WiseVector running for the foreseeable future as it caught an injector attempt with powershell if I had only been more cautious and kept using it at the time. (Picture included!) And my main AV alerting about NOTHING
and multilple AV scanners after this found nothing also! And yes switching my DNS would be a very good idea. Thanks!

But then I wonder what kind of tasks you are performing on your PC. You don't just get infected randomly... Do you use an outdated OS or do you get a lot of mails with attachments that you don't check before opening?

Also, many AV engines have problems with malicious scripts, thats why SWH is a great addition to any antivirus.

Did you ever use Kaspersky before? You can't go wrong with it and I am pretty sure you wouldn't need any other additional security software to run alongside it.

 

[Tutman]

But then I wonder what kind of tasks you are performing on your PC. You don't just get infected randomly... Do you use an outdated OS or do you get a lot of mails with attachments that you don't check before opening?

Also, many AV engines have problems with malicious scripts, thats why SWH is a great addition to any antivirus.

Did you ever use Kaspersky before? You can't go wrong with it and I am pretty sure you wouldn't need any other additional security software to run alongside it.

Possibly unsecure web site and yes I have used Kaspersky before.

 

[ForgottenSeer 92963]

@danb

Hi Dan, hope all is well. You posted that you would explain how the contextual engine worked of DefenderDUI Pro (and VS) as soon as you had ironed out all the first release issues. Since VS is at V7 and DUI at 1.01 I hope you will post the explication soon. I am very curious what you have made to provide an additional layer of protection.

I have installed DUI Pro again, it seems to work flawlessly causing minimal startup delay (can measure it but don't notice it) of Edge and MS Office, so seems a job wel done, thanks!

/K

Spoiler: Dynamic Security Postures IN ACTION

 

[ScandinavianFish]

Possibly unsecure web site and yes I have used Kaspersky before.

Try Hard_Configurator, it lets you block powershell and other vulnerable system features, just make sure to go into Whitelist By Path and add Allow EXE and TMP and Allow MSI, in order to save you the headache of having to manually whitelist stuff.

And as was previously said to you, dont completely rely on security software, you need to step in with common sense once in a while, you should also use an adblocker like uBlock Origin, and most importantly, keep your system and applications up to date.

 

[ForgottenSeer 92963]

@Tutman

It looks like the WiseVector warning for Powershell 7 is a false positive. The XML file which triggers WV is on a UAC protected folder. So you probably installed Powershell 7 yourself. Could you open the XML file in note pad and post its content in
Software Troubleshooting

This thread is for DefenderUI and MalwareTips has a special forum for assistance. Please use that forum in stead of hijacking DefenderDUI thread.

I agree with @SecureKongo install SimpleWindowsHardening and scripts will be blocked from running in user space. Combine it with Microsoft Defender and enable all ASR rules through DefenderDUI pro to get the best protection against scriptors possible. When the free version of GlassWire allows you to check on outgoing connections by checking the executables on VirusTotal, you have more than sufficient protection.

 

[Tutman]

Try Hard_Configurator, it lets you block powershell and other vulnerable system features, just make sure to go into Whitelist By Path and add Allow EXE and TMP and Allow MSI, in order to save you the headache of having to manually whitelist stuff.

And as was previously said to you, dont completely rely on security software, you need to step in with common sense once in a while, you should also use an adblocker like uBlock Origin, and most importantly, keep your system and applications up to date.

Yes I have Hard configurator. And I have Ad guard and bitdefender traffic light.

 

[Tutman]

@Tutman

It looks like the WiseVector warning for Powershell 7 is a false positive. The XML file which triggers WV is on a UAC protected folder. So you probably installed Powershell 7 yourself. Could you open the XML file in note pad and post its content in
Software Troubleshooting

This thread is for DefenderUI and MalwareTips has a special forum for assistance. Please use that forum in stead of hijacking DefenderDUI thread.

I agree with @SecureKongo install SimpleWindowsHardening and scripts will be blocked from running in user space. Combine it with Microsoft Defender and enable all ASR rules through DefenderDUI pro to get the best protection against scriptors possible. When the free version of GlassWire allows you to check on outgoing connections by checking the executables on VirusTotal, you have more than sufficient protection.

I had gotten the alert before and did notify Wisevector. I was trying to upgrade powershell and was still getting the message. It was not a false alert. I am not asking for assistance or troubleshooting.. That message was from last year. I also have blessing from @danb to post here off topic. I am not hijacking the forum. I had stopped but was just replying to questions on here about what happened to me. i will not post anymore about it. Thanks!

 

[SearchLight]

Kudos to danb for creating DefenderUI Free and Pro version(currently free as well). Microsoft should pay him for doing what they should have done with MD a long time ago. Maybe people would not have avoided Defender like the plague.

Anyway, I started with DefenderUI Free, and now trying Pro. I have a couple of questions regarding the Pro version:

1) To set my own Threat Default Actions it says I have to turn Tamper Protection off but when I turn it back on, everything reverts back to Default. Is this normal or should my custom settings not change?

2) What would be the recommended TDA's? I use the following custom settings: Severe: Block, High: Remove, Moderate: Quarantine, and Low: Clean.

3) Does Pro have the same engine as VS 7.0? If so, what messages will it display upon detection of Malware, and should I turn on Dynamic Security Postures or leave it off because it may be more verbose. If I leave it off what messages will Pro display. It is obvious that that there is no scanning of programs like VS does upon initial setup so I am a little confused here.

Thanks for the clarifications.

 

[Moonhorse]

@danb Have you ever thought having business model like lifetime licenses on voodooshield pro?

There is currently k7 antivirus lifetime available, and old users might have malwarebytes lifetime keys. Voodooshield pro really beats those two mentioned before

You dont have to answer if you dont like to

I can think about having lifetime license of rehips, wich is not available (lifetime key) wich is costing more than voodooshield as compare

Sounds dumb but could such tool that promises to secure previous windows versions from malware could ever profit? Just some dumb thoughs

 

[Freki123]

He had them years ago. I think he stopped that now.

 

[SearchLight]

@danb, I am loving DefenderUI Pro v1.02 as I learn about, and use it.

I was wondering if you can make the popup of DefenderUI Pro Protection a little larger to see? It pop ups in the center of the screen but the fonts are a little small as to whether allow or block or more info? Maybe an option to position the popup i.e. center or lower right would be a nice touch.

Also, if I understand correctly due to Microsoft licensing issues you had to have Tamper Proof off for some of DefenderUI options to work. Will you be providing an alternate workaround or is DefenderUI capable of monitoring Microsoft Defender for tampering using its own security features. I ask because I am using the Recommended Profile.

Thanks again for your time and investment in such a worthwhile and much needed Microsoft Defender enhancement!

 

[JasonUK]

@danb, I am loving DefenderUI Pro v1.02 as I learn about, and use it.

1.02? Latest version I can find/download is 1.01?

 

[Gandalf_The_Grey]

This link @oldschool posted in my config gives you 1.02:

https://defenderui.com/Download/InstallDefenderUIPro.exe

 

[Gandalf_The_Grey]

DefenderUI Pro got an update to version 1.03.

Download DefenderUI Pro 1.03:

https://defenderui.com/Download/InstallDefenderUIPro.exe

Download DefenderUI Free 1.01:

https://defenderui.com/Download/InstallDefenderUI.exe

Asked @danb by mail for the changes and will let you know when I got a reply.

 

[Gandalf_The_Grey]

DefenderUI Pro got an update to version 1.03.

Asked @danb by mail for the changes and will let you know when I got a reply.

Got an answer from @danb :
Next to my little change in the Dutch translation there was a fix for a block of robocopy.exe.

Yeah, there was another small fix. Someone found a bug that caused robocopy.exe to be blocked.

Have a great week!

Thank you,

Dan