New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

F

ForgottenSeer 92963

1634389096866.png


What I think the above PRO features in yellow and green.

Yellow:
Microsoft Defender has a built-in tamper protection. Because DUI requires changing the M$ Defender settings, you probably need to disable tamper protection of M$D. The Pro feature compensates this loss in security, by offering a more granular tamper protection than the built-in M$D tamper protection.

Green:
The Anti_Malware and Anti-Exploit Contextual engine probably is VoodooShield's exploit protection. This means that vulnerable processes (like your browser or e-mail)are are not allowed to run programs. This is like extending the ASR rule block child processes of OFFICE programs to other vulnerable processes.

Dynamical Security Postures is probably the smart anti-execution lock of VoodooShield. Some processes are automatically whitelisted because their parent process is a safe process or because they are on the cloud white list. When your browser or e-mail is running, non-whitelisted processes are probably not allowed to run.

Because Dan is planning to offer DUI-PRO besides VoodooShield I don't know whether or not the Voodoo AI rating is taken into account, but he also said that they overlap, so the AI-rating might also be used in above features in the smart protection.

But let's see what Dan has to say about it.
I am running DUI-PRO along with Simple Windows Hardening. DUI-Pro is not Configure Defender + Simple Windows Hardening, but more like Configure Defender combined with OS-Armor.

@danb
When I de-installed DUI-PRO the Microsoft Defender Virus & Threat detection settings were not turned on again in the "Security at a glance console".
 
Last edited by a moderator:

fredvries

Level 1
Oct 16, 2021
15
I tried to install DefenderUI Pro and its driver installed endlessly. I had to resort to the Task Manager to end the install. Is this behaviour the result of me not having bought the Pro-licence or is it something more sinister?
After ending the install DefenderUI Pro seems to be installed properly.
 
  • Like
Reactions: Dave Russo and Nevi

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
I launched Chrome browser for the first time in a few months... DUI asked me 12 times if I wanted to run chrome.exe. Each time I allowed it. Finally, it appeared on my Desktop.

Err... make that 13 times. I just got another allow request, while posting this message from Edge.

FYI... Interactive mode
 

Stelica

Level 2
Sep 27, 2021
97
I launched Chrome browser for the first time in a few months... DUI asked me 12 times if I wanted to run chrome.exe. Each time I allowed it. Finally, it appeared on my Desktop.

Err... make that 13 times. I just got another allow request, while posting this message from Edge.

FYI... Interactive mode
I launched also chrome (I used it frequently) and it didn't ask me anything (recommended mode). But when I launched Sandboxie, it asked me to allow sandboxie crypto for each browser - firefox, edge and chrome!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Guys, there are going to be blocks, that is the whole point of the beta test… at least we know the mechanism is working ;). These new features are only a couple of weeks old, so it is going to take some time to finish writing the rules.

Several people have asked about how DefenderUI Pro is different from SWH and OSArmor. I have said for a very long time now that I am not a huge fan of globally and blindly blocking anything. It simply breaks way too much stuff and the user is left wondering why his computer is not working properly. SWH is quite limited in scope and only blocks certain attacks, for example there is no anti-exploit or vulnerable process mechanism that I have found. OSArmor includes most or all of the potential attacks, but a lot of the options are disabled because enabling these options would interfere with normal operation.

The whole point of DefenderUI Pro is to include all possible attacks and to block what actually needs to be blocked and allow what actually needs to be allowed, in other words, smart windows hardening. Quite simply, the best of both worlds, but it is going to take a little bit of time.

I actually might change the name of the “Anti-Malware and Anti-Exploit Contextual Engine” option to Smart Window Hardening ;). BTW, there are a handful of other contextual engines on the market, but DefenderUI Pro has a few unique ideas that I am pretty sure have not been implemented by anyone, and I just thought of another extremely cool one today that I will implement soon.

Sure, there have been a couple of crazy block incidences, but overall it is looking great. Within a week or so we should have all of the rules figured out, so we are much closer than you think we are.

After you install the new version, please reset the whitelist in the DefenderGuard tab. There was a small bug that created a lot of blocks.

I will catch up on the rest of the posts I missed asap, but for now, here is the latest version…

DefenderUIPro 0.92 beta
SHA-256: 27157d2db0bece25d981f8671f7ce01b80788a7cc9345475f0a6ab0bb1d52ca8
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
Guys, there are going to be blocks, that is the whole point of the beta test… at least we know the mechanism is working ;). These new features are only a couple of weeks old, so it is going to take some time to finish writing the rules.

DefenderUIPro 0.92 beta
SHA-256: 27157d2db0bece25d981f8671f7ce01b80788a7cc9345475f0a6ab0bb1d52ca8
Thanks, 0.92 over the top with no issue. Just wanting to let you know about the blocks because I had to exit Dui to perform both Macrium Reflect installations and system backups. The word berserk was to pull your legs a bit. As far as Disable/Install it was a feature request if you and others think it useful.
 

Stelica

Level 2
Sep 27, 2021
97
Hello Dan,
Do you think to remove prevent malware from ever infecting this system option because DUI Pro and VS are incompatible?
Also if you can, change Tamper protection activat with Protecție împotriva alterării activată for romanian language. Thank you!
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Trying out DefenderUIPro 0.92 beta.
Wondering is it wise to leave the Windows Security notification icon in startup or is all covered by DefenderUI?
 
  • Like
Reactions: Nevi

Stelica

Level 2
Sep 27, 2021
97
DefenderUI Pro asked to allow filecoauth.exe. I approved it. I found this information - FileCoAuth.exe is not essential for the Windows OS and causes relatively few problems. FileCoAuth.exe is located in a subfolder of the user's profile folder (for instance C:\Users\USERNAME\AppData\Local\Microsoft\OneDrive\).

Trying out DefenderUIPro 0.92 beta.
Wondering is it wise to leave the Windows Security notification icon in startup or is all covered by DefenderUI?
I think that windows security offers more informations such as account protection, application and browser control, device security, etc.
 
Last edited:

Stelica

Level 2
Sep 27, 2021
97
Hello Dan,
Do you think to remove prevent malware from ever infecting this system option because DUI Pro and VS are incompatible?
Also if you can, change Tamper protection activat with Protecție împotriva alterării activată for romanian language. Thank you!
And sorry, I forgot this - In basic change cloud check timeout with expirarea verificării în cloud. Thank you!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top