New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
As you could see from my second example it can happen anyway, because the execution of the application is not blocked, but only some of its actions. SmartScreen and VirusTotal detections are irrelevant in such a case.
I totally agree, I am just saying "so far, so good" ;).
Yes, probably. Properly made DUI is a good idea in the hands of a good developer. (y)
You must add a feature to not activate Defender when the user installed 3rd party AV.
Thank you, same to you! Once I am finished, there should be several features that make Microsoft Defender more robust and foolproof.

Yes, I have not figured out how to handle that yet, but I have some ideas. It might just be best to ask the user uninstall DefenderUI if another AV is registered as the primary AV. Or if there are enough features once I am finished, maybe we can have a different mode and it will only show the relevant features. It is hard to say at this point ;).
 

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625
@danb maybe I missed it but I hope you included an option to add exceptions to MD plus an option to handle protection history, and quarantine.

Regardless, thanks for doing what Microsoft should have done with the MD GUI at its inception.

I think once you release the stable version, imo more people may return to MD when their AV/IS licenses expire. Great job Dan!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb maybe I missed it but I hope you included an option to add exceptions to MD plus an option to handle protection history, and quarantine.

Regardless, thanks for doing what Microsoft should have done with the MD GUI at its inception.

I think once you release the stable version, imo more people may return to MD when their AV/IS licenses expire. Great job Dan!
Yes, exactly... any feature that is a typical component of 3rd party AV's will be included in DefenderUI, unless for some odd reason it is not possible to add a particular item. There are actually TONS of things we can add, I think you guys are going to be surprised.

Also, I need to clarify on the Windows Settings shortcuts that I am looking for. What I am looking for is below, except there are several items not included in the list. I highly doubt these commands are available, this is probably a comprehensive list of the commands that are available, but I figured I would ask just in case.


I also forgot to mention, the other reason I do not think we will have an issue with DefenderUI being flagged by anyone is because one of our partners has been doing something somewhat similar for probably a year or so now.


But it mainly updates the maritime vessel's definitions and is not a UI like DefenderUI, so they will probably want to add DefenderUI to their product line as well. One of the A9X guys is actually on MT, but I forgot which one ;).
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Hey guys, do you like with or without icons? If icons, are these icons okay, or should I look for something different?

BTW, I am getting close, but there is still quite a bit more to do. I had no idea there would be this much involved. And this might be one of those projects that we will be adding new features to for quite some time ;).

If anything we should be able to release a PoC this in 2-3 days so you guys can check it out and make suggestions. Thank you!


Without icons.PNG
With icons.png
 

marcopaone

Level 7
Verified
Well-known
Jul 15, 2016
321
Hey guys, do you like with or without icons? If icons, are these icons okay, or should I look for something different?

BTW, I am getting close, but there is still quite a bit more to do. I had no idea there would be this much involved. And this might be one of those projects that we will be adding new features to for quite some time ;).

If anything we should be able to release a PoC this in 2-3 days so you guys can check it out and make suggestions. Thank you!


View attachment 260173View attachment 260174
With icons!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Sorry for the delay, here is a quick preview. There is still a lot to do, but at this point is should be smooth sailing. So maybe a week or two and we should have a finished product. Well, it will never be finished, we will always add stuff, but you know what I mean ;).

 

Nevi

Level 11
Verified
Top Poster
Well-known
Apr 7, 2016
500

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
First remarks:
During install I'm prompted by VoodooShield if I want to allow the install.
Reported it as false positive but can't find the block in the user log.
When selecting a profile, I'm asked to disable tamper protection.
Is that necessary?
The advanced tab is empty.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
First remarks:
During install I'm prompted by VoodooShield if I want to allow the install.
Reported it as false positive but can't find the block in the user log.
When selecting a profile, I'm asked to disable tamper protection.
Is that necessary?
The advanced tab is empty.
That's odd as well, and have not experienced a VS FP since starting this project.

FP.PNG


Yes, to enable all of the DefenderUI features, you have to disable TP. Malware blows right past TP anyway.

The Advanced Tab will not be empty soon ;).
 

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
436
Sorry for the delay, here is a quick preview. There is still a lot to do, but at this point is should be smooth sailing. So maybe a week or two and we should have a finished product. Well, it will never be finished, we will always add stuff, but you know what I mean ;).


Nice, looking forward to it`s future.

2 things:
when installing there could be some info mentioning that the "alternatives" can be changed later.

I am using Sledgehammer by David Xanatos to handle W.updates so it can`t force some installs. That means that it is blocked except the updates for MD that it takes cares of a couple of times a day. Is this soft compatible with S-hammer or does it interupt it`s function?

Edit: i just noticed that when clicking on the icon in sys.tray, i have mine at the top, it´ s box opened at the bottom.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
That's odd as well, and have not experienced a VS FP since starting this project.

View attachment 260242

Yes, to enable all of the DefenderUI features, you have to disable TP. Malware blows right past TP anyway.

The Advanced Tab will not be empty soon ;).
Maybe the block occurs because I'm using AutoPilot Mode?
This is the blocked command line:
"c:\windows\system32\taskkill.exe" /f /im defenderui.exe
Do you need/want the logs?
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Some further testing:
Home tab:
Scan options do not work: "Scan coming soon".
Manage Exclusions and Notification Settings do nothing.
Windows Update works as designed.
Basic tab:
Enabled controlled folder acces, profile becomes custom.
The options Block history, Protected folders and Allow app do nothing.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top