New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

Digmor Crusher

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,410
Dan, what I am suggesting is that I can change the settings to whatever I like, in any profile, currently I cannot do that as they are blacked out. Whether they change when I switch security profiles doesn't matter as I could just change them back again to the settings I prefer.

Basically most AV's have an option to choose what to do when a threat is detected such as block, quarantine, delete etc, I want to be able to do this in defenderUI no matter what profile I am in. Hope this makes sense.
 
  • Like
Reactions: danb
1chaoticadult

1chaoticadult

Level 2
Verified
Jul 29, 2013
52
Digmor Crusher said:
Dan, what I am suggesting is that I can change the settings to whatever I like, in any profile, currently I cannot do that as they are blacked out. Whether they change when I switch security profiles doesn't matter as I could just change them back again to the settings I prefer.

Basically most AV's have an option to choose what to do when a threat is detected such as block, quarantine, delete etc, I want to be able to do this in defenderUI no matter what profile I am in. Hope this makes sense.
Click to expand...
You have to turn Microsoft Defender's tamper protection off to use threat default action options in DefenderUI.
 
  • Like
Reactions: Nevi, roger_m, danb and 2 others
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
Jan Willy said:
I was considering to start using Defender UI, but now it's for me a no go. I'll stick with ConfigureDefender.
Click to expand...
This is true for ALL software that configures defender, and has the option to configure. It is a limitation of Microsoft Defender, not DefenderUI.
 
  • Thanks
  • Like
Reactions: Jonny Quest and Jan Willy
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
Don't forget that DefenderUI has more options/features than ConfigureDefender and only for changing the threat default actions you need to disable tamper protection.

See screenshot's here:

DefenderUI

defenderui.com defenderui.com
So, I'm happy to use DefenderUI with tamper protection enabled.
Using DefenderUI Pro (= DefenderUI + lite version of VS) right now.
But I would also be happy with using ConfigureDefender.
ConfigureDefender and DefenderUI are both great tools, just use the one you are most comfortable with (y)
 
Last edited:
  • Like
Reactions: Jonny Quest, sypqys, Nevi and 4 others
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
472
danb said:
This is true for ALL software that configures defender, and has the option to configure. It is a limitation of Microsoft Defender, not DefenderUI.
Click to expand...
I think there should be some info in DUI about what the Default action is in the - Threat default action, section.
 
  • Like
Reactions: danb
Stelica

Stelica

Level 2
Sep 27, 2021
97
Gandalf_The_Grey said:
Don't forget that DefenderUI has more options/features than ConfigureDefender and only for changing the threat default actions you need to disable tamper protection.

See screenshot's here:

DefenderUI

defenderui.com defenderui.com
So, I'm happy to use DefenderUI with tamper protection enabled.
Using DefenderUI Pro (= DefenderUI + lite version of VS) right now.
But I would also be happy with using ConfigureDefender.
ConfigureDefender and DefenderUI are both great tools, just use the one you are most comfortable with (y)
Click to expand...
Dan said that there are several features for which tamper protection must be disabled :)

From Dan the post #395:

„The only features that do require Tamper Protection to be disabled are: Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning and Threat Default Actions. So there are the only features that are not available, and this applies to all profiles”.
 
  • Like
Reactions: Jonny Quest, Nevi, danb and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
Stelica said:
Dan said that there are several features for which tamper protection must be disabled :)

From Dan the post #395:

„The only features that do require Tamper Protection to be disabled are: Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning and Threat Default Actions. So there are the only features that are not available, and this applies to all profiles”.
Click to expand...
Hope Dan can clarify this, because for me only the the buttons under "threat default actions" are greyed out and not working with tamper protection on 🤔
 
  • Like
Reactions: danb and Stelica
Jan Willy

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
605
Perhaps I do cause more confusion, but ConfigureDefender Help shows next information about disabling Tamper Protection.

1661342683839.jpeg


So, also CD requires in some cases disabling Tamper Protection. Concerning these points it's the same as in DefenderUI. I will consider again if I'm going to use Defender UI.
 
Last edited:
  • Like
  • +Reputation
Reactions: sypqys, Nevi, harlan4096 and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,255
No I think it's clear now, at least for me:

Threat default actions in DefenderUI is only adaptable with tamper protection off.

If you want to disable Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning you also have to disable tamper protection (like with ConfigureDefender). But why would you want to do that is another question...
 
  • Like
Reactions: Nevi, danb, Jan Willy and 1 other person
Stelica

Stelica

Level 2
Sep 27, 2021
97
I want to report two new blocks when I switch from user to administrator: cmd and onedrivesetup. In 1.07 version these blocks were not there. The only block was the HiBit Uninstaller but it is logical because it is not signed.
P.S. Regarding the previous discussion, i keep tamper protection disabled.

Thank you!
 
  • Like
Reactions: Nevi, danb and Gandalf_The_Grey
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
Jan Willy said:
Except ConfigureDefender. See e.g. ConfigureDefender utility for Windows 10 post # 1503. Nevertheless, I like your programs.

Edit: see my post # 593.
Click to expand...
Thank you, I appreciate that!

I do not believe CD has the 4 options for Threat Default Actions.

BTW, there are other apps that can control defender, and they are ALL bound to the exact same restrictions. We actually could try to find hacks to avoid these restrictions, but then we run the risk of being labeled malware.

Here are a couple of other apps that configure Defender as well... and they are bound to the same restrictions as well.

1) Citrix

Defender device policy | Citrix Endpoint Management

Windows Defender is malware protection included with Windows 10 and Windows 11. You can use the Endpoint Management device policy, Defender, to configure the Microsoft Defender policy for Windows 10 and Windows 11 desktop and tablet devices.
docs.citrix.com docs.citrix.com

2) HardenTools (this only configures some of MD's options, and I believe it also uses SRP, which it looks like is going bye-bye in future versions of Windows).
github.com

GitHub - securitywithoutborders/hardentools: Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.

Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features. - GitHub - securitywithoutborders/hardentools: Hardentools simply reduces...
github.com github.com
 
  • Like
Reactions: Zartarra, Nevi, harlan4096 and 1 other person
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
It looks like you guys have everything sorted out, but please let me know if I can answer anything.

Also, that is odd that 1.07 Pro had a couple of false positives, it should have had the exact same or slightly less. Can you guys please email me any false positives you might encounter?

Thank you!
 
  • Like
Reactions: Nevi, EASTER, Stelica and 2 others
F

ForgottenSeer 69673

I was just messing around as I do and of course am confused again. I tried two things. First, I downloaded a signed MSI file from Malwarebazzar. I right clicked it and scanned with MS Defender. Nothing found. I then right clicked and scanned it with DefenderUI and A mini popup came at bottom of screen ( WhiteListCloud )telling me the file was signed and locked up my machine. There was no timeout in the mini popout. After rebooting and reinstalling DefenderUI, ( because I was in Shadow mode ) when the crash happened, I downloaded a unsigned EXE and tried to right click and scan with DefenderUI. This time the WhiteListClout mini popup showed up and had the timeout so all went well.

So two separate things happened here but I also would like to know what happened to the Whitelist Cloud info? Can it be looked at somewhere from within the program?
 
  • Like
Reactions: danb
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
ticklemefeet said:
I was just messing around as I do and of course am confused again. I tried two things. First, I downloaded a signed MSI file from Malwarebazzar. I right clicked it and scanned with MS Defender. Nothing found. I then right clicked and scanned it with DefenderUI and A mini popup came at bottom of screen ( WhiteListCloud )telling me the file was signed and locked up my machine. There was no timeout in the mini popout. After rebooting and reinstalling DefenderUI, ( because I was in Shadow mode ) when the crash happened, I downloaded a unsigned EXE and tried to right click and scan with DefenderUI. This time the WhiteListClout mini popup showed up and had the timeout so all went well.

So two separate things happened here but I also would like to know what happened to the Whitelist Cloud info? Can it be looked at somewhere from within the program?
Click to expand...
That is impossible to say for sure. Does DefenderUI Pro usually work well in Shadow mode? If the machine would have not locked up, you could have gone into the Windows Event Viewer to see what might have happened. I am not sure what you mean by the whitelist cloud info, please let me know and we will figure something out, thank you!
 
  • Like
Reactions: Nevi, EASTER and Gandalf_The_Grey
Stelica

Stelica

Level 2
Sep 27, 2021
97
Gandalf_The_Grey said:
No I think it's clear now, at least for me:

Threat default actions in DefenderUI is only adaptable with tamper protection off.

If you want to disable Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning you also have to disable tamper protection (like with ConfigureDefender). But why would you want to do that is another question...
Click to expand...
You're right! I checked and tamper protection must be disabled only to activate toggle the buttons for certain settings or to activate threat default actions. Thank you!
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey

Similar threads

Shadowra
    • Like
    • Thanks
    • +Reputation
App Review Microsoft Defender Antivirus feat DefenderUI (Interactive Mode)
Replies
11
Views
2,878
Video Reviews - Security and Privacy
Shadowra
Shadowra
silversurfer
    • Like
    • Thanks
Opera GX is now available on the Microsoft Store
Replies
0
Views
1,286
Opera
silversurfer
silversurfer
fdsearchandrescue
  • Locked
malware problem out of control Its fast 10G of new data less then an hr
Replies
1
Views
2,527
Windows Malware Removal Help & Support
Ink
I

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top