New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
aldist said:
Update2
LOL, the context menu in the tray has scrolling! :) Maybe because I have 11pt font instead of 9pt?
And it has a normal Exit. But the scroll buttons are small, it's hard to hit, and why scrolling where you could do without it? Scrolling is obviously unnecessary here.
When you exit the program, DefenderUIService continues to work, so DefenderGuard will continue to protect?
Click to expand...
Yeah, it was the text size that was messing up the context menu, thank you for finding that! This is now fixed in both the free and pro versions.

Yeah, the service does a few things. We could shut it down, but it is so incredibly light that it really does not hurt just to leave it running. DefenderUI was not designed to be a portable tweak tool app, it was designed to be a UI replacement. Portable apps are cool, but they are just not my specialty.
 
  • Like
  • +Reputation
  • Applause
Reactions: simmerskool, aldist and Gandalf_The_Grey
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Hey guys,

Here is the next beta version of DefenderUI Pro. It is extremely stable and pretty much bug free, but if you guys find anything please let me know. There is one thing that is not quite working yet. For some reason when WDAC Lockdown tries to launch an app after it is allowed by the user that requires admin, it does not start. It is odd because the file is whitelisted properly, and you can manually run the file, but it will not auto launch. Anyway, that will be fixed soon. Other than that, it should be in great shape.

DefenderUIPro 1.19
SHA-256: 3125fb0dd21bd5d184cbda09b218651349c6c8ae4287b9567aae5d6e04e4bc2d


Thank you guys!
 
  • Like
  • +Reputation
Reactions: Oldie1950, Zartarra, simmerskool and 3 others
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Hey Guys,

We are getting super close to being pretty much bug free in DefenderUI Pro and WDAC Lockdown. There was a bug in both products when they updated themselves, but it is fixed now.

Just to be sure, please manually download the following versions and make sure WDAC is not in Enforced / On mode, then manually upgrade to 1.22, you can install over the top.

After this version, everything should be handled automatically with the automatic update, even if you are in Enforced Mode.

DefenderUIPro 1.22
SHA-256: 4606f658f3e40dd19bd834359ef6bdedc5e861302f8c19ef75bcf45d88031af9

WDAC Lockdown 1.22
SHA-256: 9960333b3e4fa657e7abbd02fcf56646576cc2221abf1fe40e31f615de425137

Thank you guys!


Dan
 
  • Like
  • +Reputation
Reactions: kC77, simmerskool, Zartarra and 3 others
N

NormanF

Level 8
Verified
Jan 11, 2018
387
danb said:
Hey Guys,

Here is the initial beta of DefenderUI Pro. If anyone is running CyberLock and wants to try this beta, you can always uninstall CyberLock, and just choose to not remove the settings and logs, then uninstall DefenderUI Pro later and reinstall CyberLock. I am curious to see if anyone thinks we should add the WDAC Lockdown feature to CyberLock. It really is not necessary, but it would not hurt to add WDAC Lockdown to CyberLock.

I am still not a huge fan of WDAC, but a lot of people swear by it, so I figured we would make a user-friendly, automated version of it. A good kernel mode driver like the one DefenderUI Pro and CyberLock uses is much more flexible, and allows developers to do tons of things they could never do with WDAC.

The WDAC Lockdown factory default policies were generated from the Microsoft WDAC Wizard are stored here: C:\Program Files\DefenderUI\Policies. Then there are also user customizable policies that are stored here: C:\ProgramData\DefenderUI\Policies. If any of the factory default policies are modified, then the user customizable policies are automatically deployed. But if there are not user customizable policies, then the factory default policies are deployed.

The WDAC Lockdown feature also includes a modified version of the Microsoft WDAC Wizard, and this modified version makes it super simple to create and modify policies for WDAC Lockdown.
If you do use the WDAC Lockdown feature, it would be best to start in Training mode for a day or so. There are only four folders that are automatically whitelisted by the factory default policies.

C:\Program Files\
C:\Program Files (x86)\
C:\WindowsApps\
C:\XboxGames\

We could have whitelisted other folders as well, but as you are aware, that can be dangerous. Besides, with the new WDAC Lockdown usability features, anything that needs to be whitelisted is automatically whitelisted, and that way we do not have to whitelist entire potentially dangerous directories. We might end up tweaking the factory policies a little, but it is probably best to stick with the policies that are recommended by Microsoft.

There are probably a few things that we need to tweak or fix, so if you guys find anything please let me know!

DefenderUIPro 1.18
SHA-256: 7dc488692ccafcca67777a5d72be2b4d6c5eb75f607fe1127200c65622fe198c


Have a great weekend!

Dan
Click to expand...

Since I'm running Microsoft Defender for Business over the top, no surprise all of the usual MD settings are greyed out. Of course, the administrator would be me!
 
  • Like
Reactions: danb
N

NormanF

Level 8
Verified
Jan 11, 2018
387
danb said:
Hey Guys,

We are getting super close to being pretty much bug free in DefenderUI Pro and WDAC Lockdown. There was a bug in both products when they updated themselves, but it is fixed now.

Just to be sure, please manually download the following versions and make sure WDAC is not in Enforced / On mode, then manually upgrade to 1.22, you can install over the top.

After this version, everything should be handled automatically with the automatic update, even if you are in Enforced Mode.

DefenderUIPro 1.22
SHA-256: 4606f658f3e40dd19bd834359ef6bdedc5e861302f8c19ef75bcf45d88031af9

WDAC Lockdown 1.22
SHA-256: 9960333b3e4fa657e7abbd02fcf56646576cc2221abf1fe40e31f615de425137

Thank you guys!


Dan
Click to expand...

Is there something like a simplified data module to see your security strengths and weaknesses on your device? Like the SIEM enterprises use but scaled down for small business/home use? Nobody wants to wade through oceans of data to spot what's bad and what people should improve on to get the best security outlook. Maybe as a paid add on product?
 
  • Like
Reactions: danb and simmerskool
S

shadek

Level 1
Aug 20, 2017
13
Hi! Using DefenderUIPro 1.23. Having this issue with the tray icon constantly rotating with its arrows. It's been like this for hours:

1717521177529.png


Is there something going on under the hood or is it just stuck?
 
  • Like
Reactions: simmerskool and danb
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
NormanF said:
Is there something like a simplified data module to see your security strengths and weaknesses on your device? Like the SIEM enterprises use but scaled down for small business/home use? Nobody wants to wade through oceans of data to spot what's bad and what people should improve on to get the best security outlook. Maybe as a paid add on product?
Click to expand...
Thank you for the suggestion, sounds interesting. Can you please provide some details?
 
  • +Reputation
Reactions: simmerskool
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
shadek said:
Hi again! I tried changing WDAC by right-clicking systray. The systray icon just keeps spinning again.
Click to expand...
Hmmm, that is odd, there must be a bug somewhere. Can you please look in the Windows Event Viewer for DefenderUI events that might contain details on the error? Thank you!
 
  • +Reputation
Reactions: simmerskool
N

NormanF

Level 8
Verified
Jan 11, 2018
387
danb said:
Thank you for the suggestion, sounds interesting. Can you please provide some details?
Click to expand...

I'm thinking like a visual graph of incidents, alerts and a list of possible actions to secure a PC.

I've tried a few SIEM software and they all suffer from the same drawback: too much data and no way to make sense of it.

Not appropriate for a home/SMB environment. It should be easy to understand and easy to act on.

Nothing complicated, which defeats the purpose of having software that warns you of threats and how to remediate them.
 
  • Applause
  • Like
Reactions: danb and simmerskool

Similar threads

Shadowra
    • Like
    • Thanks
    • +Reputation
App Review Microsoft Defender Antivirus feat DefenderUI (Interactive Mode)
Replies
11
Views
2,643
Video Reviews - Security and Privacy
Shadowra
Shadowra
silversurfer
    • Like
    • Thanks
Opera GX is now available on the Microsoft Store
Replies
0
Views
1,141
Opera
silversurfer
silversurfer
Antus67
    • Like
    • Wow
Microsoft Windows: What you need to know about what's coming next
Replies
0
Views
1,633
Windows 10
Antus67
Antus67

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top