New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Update2
LOL, the context menu in the tray has scrolling! :) Maybe because I have 11pt font instead of 9pt?
And it has a normal Exit. But the scroll buttons are small, it's hard to hit, and why scrolling where you could do without it? Scrolling is obviously unnecessary here.
When you exit the program, DefenderUIService continues to work, so DefenderGuard will continue to protect?
Yeah, it was the text size that was messing up the context menu, thank you for finding that! This is now fixed in both the free and pro versions.

Yeah, the service does a few things. We could shut it down, but it is so incredibly light that it really does not hurt just to leave it running. DefenderUI was not designed to be a portable tweak tool app, it was designed to be a UI replacement. Portable apps are cool, but they are just not my specialty.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Hey guys,

Here is the next beta version of DefenderUI Pro. It is extremely stable and pretty much bug free, but if you guys find anything please let me know. There is one thing that is not quite working yet. For some reason when WDAC Lockdown tries to launch an app after it is allowed by the user that requires admin, it does not start. It is odd because the file is whitelisted properly, and you can manually run the file, but it will not auto launch. Anyway, that will be fixed soon. Other than that, it should be in great shape.

DefenderUIPro 1.19
SHA-256: 3125fb0dd21bd5d184cbda09b218651349c6c8ae4287b9567aae5d6e04e4bc2d


Thank you guys!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Hey Guys,

We are getting super close to being pretty much bug free in DefenderUI Pro and WDAC Lockdown. There was a bug in both products when they updated themselves, but it is fixed now.

Just to be sure, please manually download the following versions and make sure WDAC is not in Enforced / On mode, then manually upgrade to 1.22, you can install over the top.

After this version, everything should be handled automatically with the automatic update, even if you are in Enforced Mode.

DefenderUIPro 1.22
SHA-256: 4606f658f3e40dd19bd834359ef6bdedc5e861302f8c19ef75bcf45d88031af9

WDAC Lockdown 1.22
SHA-256: 9960333b3e4fa657e7abbd02fcf56646576cc2221abf1fe40e31f615de425137

Thank you guys!


Dan
 

NormanF

Level 9
Verified
Jan 11, 2018
400
Hey Guys,

Here is the initial beta of DefenderUI Pro. If anyone is running CyberLock and wants to try this beta, you can always uninstall CyberLock, and just choose to not remove the settings and logs, then uninstall DefenderUI Pro later and reinstall CyberLock. I am curious to see if anyone thinks we should add the WDAC Lockdown feature to CyberLock. It really is not necessary, but it would not hurt to add WDAC Lockdown to CyberLock.

I am still not a huge fan of WDAC, but a lot of people swear by it, so I figured we would make a user-friendly, automated version of it. A good kernel mode driver like the one DefenderUI Pro and CyberLock uses is much more flexible, and allows developers to do tons of things they could never do with WDAC.

The WDAC Lockdown factory default policies were generated from the Microsoft WDAC Wizard are stored here: C:\Program Files\DefenderUI\Policies. Then there are also user customizable policies that are stored here: C:\ProgramData\DefenderUI\Policies. If any of the factory default policies are modified, then the user customizable policies are automatically deployed. But if there are not user customizable policies, then the factory default policies are deployed.

The WDAC Lockdown feature also includes a modified version of the Microsoft WDAC Wizard, and this modified version makes it super simple to create and modify policies for WDAC Lockdown.
If you do use the WDAC Lockdown feature, it would be best to start in Training mode for a day or so. There are only four folders that are automatically whitelisted by the factory default policies.

C:\Program Files\
C:\Program Files (x86)\
C:\WindowsApps\
C:\XboxGames\

We could have whitelisted other folders as well, but as you are aware, that can be dangerous. Besides, with the new WDAC Lockdown usability features, anything that needs to be whitelisted is automatically whitelisted, and that way we do not have to whitelist entire potentially dangerous directories. We might end up tweaking the factory policies a little, but it is probably best to stick with the policies that are recommended by Microsoft.

There are probably a few things that we need to tweak or fix, so if you guys find anything please let me know!

DefenderUIPro 1.18
SHA-256: 7dc488692ccafcca67777a5d72be2b4d6c5eb75f607fe1127200c65622fe198c


Have a great weekend!

Dan

Since I'm running Microsoft Defender for Business over the top, no surprise all of the usual MD settings are greyed out. Of course, the administrator would be me!
 
  • Like
Reactions: danb

NormanF

Level 9
Verified
Jan 11, 2018
400
Hey Guys,

We are getting super close to being pretty much bug free in DefenderUI Pro and WDAC Lockdown. There was a bug in both products when they updated themselves, but it is fixed now.

Just to be sure, please manually download the following versions and make sure WDAC is not in Enforced / On mode, then manually upgrade to 1.22, you can install over the top.

After this version, everything should be handled automatically with the automatic update, even if you are in Enforced Mode.

DefenderUIPro 1.22
SHA-256: 4606f658f3e40dd19bd834359ef6bdedc5e861302f8c19ef75bcf45d88031af9

WDAC Lockdown 1.22
SHA-256: 9960333b3e4fa657e7abbd02fcf56646576cc2221abf1fe40e31f615de425137

Thank you guys!


Dan

Is there something like a simplified data module to see your security strengths and weaknesses on your device? Like the SIEM enterprises use but scaled down for small business/home use? Nobody wants to wade through oceans of data to spot what's bad and what people should improve on to get the best security outlook. Maybe as a paid add on product?
 

shadek

Level 1
Aug 20, 2017
17
Hi! Using DefenderUIPro 1.23. Having this issue with the tray icon constantly rotating with its arrows. It's been like this for hours:

1717521177529.png


Is there something going on under the hood or is it just stuck?
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Is there something like a simplified data module to see your security strengths and weaknesses on your device? Like the SIEM enterprises use but scaled down for small business/home use? Nobody wants to wade through oceans of data to spot what's bad and what people should improve on to get the best security outlook. Maybe as a paid add on product?
Thank you for the suggestion, sounds interesting. Can you please provide some details?
 
  • +Reputation
Reactions: simmerskool

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Hi again! I tried changing WDAC by right-clicking systray. The systray icon just keeps spinning again.
Hmmm, that is odd, there must be a bug somewhere. Can you please look in the Windows Event Viewer for DefenderUI events that might contain details on the error? Thank you!
 
  • +Reputation
Reactions: simmerskool

NormanF

Level 9
Verified
Jan 11, 2018
400
Thank you for the suggestion, sounds interesting. Can you please provide some details?

I'm thinking like a visual graph of incidents, alerts and a list of possible actions to secure a PC.

I've tried a few SIEM software and they all suffer from the same drawback: too much data and no way to make sense of it.

Not appropriate for a home/SMB environment. It should be easy to understand and easy to act on.

Nothing complicated, which defeats the purpose of having software that warns you of threats and how to remediate them.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top