New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

[danb]

Will update reboot procedure work in VMware winVM?

It should work great... it works great with VirtualBox. I also tested it on other machines like my main multiboot system and an iMac with Windows running on Boot Camp, and it worked great on everything I tested.

BTW, I noticed a small bug in the ClearAndRepairProtectionHistory.exe file. If you run the clear and repair procedure without any Detections in the Detection.Log, then ClearAndRepairProtectionHistory.exe will crash, and you just have to restart the computer manually to get out of safe mode. It was a super simple fix and will be included in the next versions of DefenderUI. I am just waiting to see if there is anything else we need to fix, thank you!

 

[Morro]

I will, but I hope I do not have to.

 

[ForgottenSeer 97327]

Yeah, it must have been taking a snapshot or running a whitelistcloud scan. DefenderUI should use essentially zero CPU, RAM and HDD / SSD. If for some reason you notice this is not the case, please let me know, thank you!

Dan, first of all thanks for DefenderUI available I have got two questions?

1. Near zero CPU usage. Is that also applicable when I enable "Dynamic Security Postures"?

2. When cloud level is set to block, has enabling Dynamic Security Postures any security benefit?

 

[Rainwalker]

Just installed this version. My Win 11 did not boot into safe mode. I did a basic reboot. Still no safe mode.

 

[Alexhousek]

Just installed this version. My Win 11 did not boot into safe mode. I did a basic reboot. Still no safe mode.

Maybe I'm missing something, but why would it or why would you want it to boot into safe mode? Defender UI really has nothing to do with safe mode.

 

[danb]

Dan, first of all thanks for DefenderUI available I have got two questions?

1. Near zero CPU usage. Is that also applicable when I enable "Dynamic Security Postures"?

2. When cloud level is set to block, has enabling Dynamic Security Postures any security benefit?

Yes, it should be near zero CPU usage no matter the configuration.

Yes, Dynamic Security Postures will lock your computer while you are browsing the web or checking email, and no new items will be automatically allowed. Essentially, when you enable Dynamic Security Postures, DefenderUI will use a global cloud whitelist when you are not browsing the web and checking email, and will use the tiny, customized local whitelist when you are browsing the web or checking email. In other words, it will lock your computer when it is at risk. Thank you!

 

[danb]

Just installed this version. My Win 11 did not boot into safe mode. I did a basic reboot. Still no safe mode.

DefenderUI will only boot Windows into Safe Mode when you click the "Clear and repair Protection History" option. Do you mean Windows did not boot into Safe Mode after clicking this option? Thank you!

 

[Rainwalker]

DefenderUI will only boot Windows into Safe Mode when you click the "Clear and repair Protection History" option. Do you mean Windows did not boot into Safe Mode after clicking this option? Thank you!

I need to slow down a bit in my reading. Sorry Dan my bad.

 

[ForgottenSeer 97327]

Yes, it should be near zero CPU usage no matter the configuration.

Yes, Dynamic Security Postures will lock your computer while you are browsing the web or checking email, and no new items will be automatically allowed. Essentially, when you enable Dynamic Security Postures, DefenderUI will use a global cloud whitelist when you are not browsing the web and checking email, and will use the tiny, customized local whitelist when you are browsing the web or checking email. In other words, it will lock your computer when it is at risk. Thank you!

Dan,

Thanks for the clarification.

Let me repeat it, to make sure I understand you correctly: when I am not using browser or email client the (super large) Microsoft Defender cloud whitelist will be used (block level 6 = zero tolerance), when I am using a known internet facing application then dynamic security kicks-in and uses a tailor made local (tiny) whitelist. DUI only allows programs to run in userfolders with signatures already found on my pc (when DUI-pro takes a snapshot of my system) and hashes of unsigned stuff whitelisted by VS Cloud Whitelist earlier.

EDIT: when I press WINDOWS UPDATE in DefenderUI home panel, it does not jump to Windows update, but to settings (might be caused by Dutch language OS). All other links in the UTILITY section work well.

 

[Gandalf_The_Grey]

Dan,

Thanks for the clarification.

Let me repeat it, to make sure I understand you correctly: when I am not using browser or email client the (super large) Microsoft Defender cloud whitelist will be used (block level 6 = zero tolerance), when I am using a known internet facing application then dynamic security kicks-in and uses a tailor made local (tiny) whitelist. DUI only allows programs to run in userfolders with signatures already found on my pc (when DUI-pro takes a snapshot of my system) and hashes of unsigned stuff whitelisted by VS Cloud Whitelist earlier.

EDIT: when I press WINDOWS UPDATE in DefenderUI home panel, it does not jump to Windows update, but to settings (might be caused by Dutch language OS). All other links in the UTILITY section work well.

I have the same issue on a Dutch Windows 11.
Windows Update in DefenderUI goes to settings and not windows update.

 

[Morro]

EDIT: when I press WINDOWS UPDATE in DefenderUI home panel, it does not jump to Windows update, but to settings (might be caused by Dutch language OS). All other links in the UTILITY section work well.

The same problem exists for me as well with the Dutch Windows 11 Home.

 

[danb]

Dan,

Thanks for the clarification.

Let me repeat it, to make sure I understand you correctly: when I am not using browser or email client the (super large) Microsoft Defender cloud whitelist will be used (block level 6 = zero tolerance), when I am using a known internet facing application then dynamic security kicks-in and uses a tailor made local (tiny) whitelist. DUI only allows programs to run in userfolders with signatures already found on my pc (when DUI-pro takes a snapshot of my system) and hashes of unsigned stuff whitelisted by VS Cloud Whitelist earlier.

EDIT: when I press WINDOWS UPDATE in DefenderUI home panel, it does not jump to Windows update, but to settings (might be caused by Dutch language OS). All other links in the UTILITY section work well.

Sure, thank you guys as well!

Overall your description pretty much matches how these DefenderUI Pro features work, but I need to clarify a few things. When the computer is not running a browser or email client, DefenderUI Pro uses WhitelistCloud and VoodooAi, which is very similar to the MD cloud whitelist, but it is not identical. WhitelistCloud is actually slightly more aggressive than the MD cloud whitelist, and WhitelistCloud does utilize the MD cloud whitelist as one of its features in its algorithm . So it is similar, but just slightly more aggressive. When you are running a browser or email client, yes, DefenderUI Pro then utilizes the tiny, customized local whitelist that is specific to your computer. But the local whitelist is not limited to the user folders, it is actually system wide, with a few system folders being auto allowed, but still protected by our anti-exploit / vulnerable processes feature.

Thank you guys for letting me know about the Windows Update Link (@Gandalf_The_Grey and @Morro as well)! That is really odd... it is just a simple Windows command that I cannot adjust either way. I would be curious if the same issue occurs on other non-English versions of WIndows. Please let me know if this link works on other versions of Windows! Thank you guys!

 

[ForgottenSeer 97327]

Sure, thank you guys as well!

When the computer is not running a browser or email client, DefenderUI Pro uses WhitelistCloud and VoodooAi, which is very similar to the MD cloud whitelist, but it is not identical. WhitelistCloud is actually slightly more aggressive than the MD cloud whitelist, and WhitelistCloud does utilize the MD cloud whitelist as one of its features in its algorithm . So it is similar, but just slightly more aggressive. When you are running a browser or email client, yes, DefenderUI Pro then utilizes the tiny, customized local whitelist that is specific to your computer. But the local whitelist is not limited to the user folders, it is actually system wide, with a few system folders being auto allowed, but still protected by our anti-exploit / vulnerable processes feature.

Thanks again, this really helps.

Why apply these protections on UAC protected folders? For compatibility reasons you could also apply these extra protections on user folders only. Second reason is that DUI-pro is a Defender Companion, when I apply the dynamic security postures it is not a companion anymore, but a replacement of MD because DUI-pro applies a tighter more aggressive whitelist in any situation.

But in Dutch we say, don't look a given horse in the mouth (be happy with all you get for free and don't complain on the stuff you did not pay for). So I am a happy camper, Thanks for DUI and DUI-pro

 

[Morro]

But in Dutch we say, don't look a given horse in the mouth (be happy with all you get for free and don't complain on the stuff you did not pay for).

Te laat. (To Late. )

 

[Freki123]

@danb I got the following error message when I uninstalled DefenderUI 1.11.
windows 10 pro 64bit, OS build 19045.3208.
Only tweaked stuff was the activated "Memory Integrity aka Core Isolation" feature of win 10.


Edit: For the DefenderUI Pro version is there any way to see the whitelist? Because when I can reset a whitelist I would like to see what was on it in the first place.

 

[Rainwalker]

I have a registered version of Cyberlock running yet DefenderUI 1.10 is showing 'Prevent malware from ever infecting this system' is turned off. My anti-virus???

 

[danb]

Thanks again, this really helps.

Why apply these protections on UAC protected folders? For compatibility reasons you could also apply these extra protections on user folders only. Second reason is that DUI-pro is a Defender Companion, when I apply the dynamic security postures it is not a companion anymore, but a replacement of MD because DUI-pro applies a tighter more aggressive whitelist in any situation.

But in Dutch we say, don't look a given horse in the mouth (be happy with all you get for free and don't complain on the stuff you did not pay for). So I am a happy camper, Thanks for DUI and DUI-pro

Very cool, thank you as well!

I didn't explain that part properly... sorry about that. Basically, each folder should have optimal protections, no matter where the folder is on the drives (system space, user space, etc.). And the protections we applied to each folder was not just a simple process... it was years of tweaking the protections of the folders while building VS that led to which protections we should apply to each folder. I hope that makes sense .

I see what you are saying, thank you for the suggestions. If anyone has any other suggestions on how we can tweak DefenderUI, please let me know, thank you!

 

[danb]

@danb I got the following error message when I uninstalled DefenderUI 1.11.
windows 10 pro 64bit, OS build 19045.3208.
Only tweaked stuff was the activated "Memory Integrity aka Core Isolation" feature of win 10.

View attachment 277570
Edit: For the DefenderUI Pro version is there any way to see the whitelist? Because when I can reset a whitelist I would like to see what was on it in the first place.

Thank you for letting me know. I am running Windows 10 Pro and I just enabled Core Isolation, rebooted, then uninstalled DefenderUI, but could not reproduce the bug. Is there anything else on your system that could be causing this issue?

We might have a whitelist editor at some point, but if we start adding all of VS / CyberLock features, then we will just end up with another version of VS / CyberLock .

 

[danb]

I have a registered version of Cyberlock running yet DefenderUI 1.10 is showing 'Prevent malware from ever infecting this system' is turned off. My anti-virus???

This should be fixed in DefenderUI 1.11. Please let me know if it is not, thank you!

 

[Freki123]

Is there anything else on your system that could be causing this issue?
We might have a whitelist editor at some point, but if we start adding all of VS / CyberLock features, then we will just end up with another version of VS / CyberLock .

I had only Hard Configurator before but I reset the settings too windows default, rebooted, uninstalled it, rebooted again and then installed Defender UI.
After I found out it was the Defender UI Pro version I wanted to test I uninstalled Defender UI and got the error.

It's not about editing a whitelist it's about seeing whats on it. How can I check if a reset worked when I can't the the whitelist in the first place