New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
But the hardening isn't implemented yet, right? All i see is some kind of exploit protection engine. I like the SRP of SWH and they are not available in DUI Pro as far as I know.
Yes, @Gandalf_The_Grey is correct, DefenderUI Pro is basically DefenderUI Free with Windows Hardening, and it is already implemented.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Games in Xbox App still can't launch
That's a bummer, I have been focusing on this block but cannot seem to figure out what exactly is being blocked.

Can you please send me a list of Xbox games that are being blocked and I will install them and fix this once and for all?
 
  • Like
Reactions: Stelica

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
An other block appears when I want to clean temporary files - dismhost.exe. I had to allow it. (Dynamic Security Posture enabled)
Information - dismhost.exe executes as a process with the local user's privileges typically within the context of its parent cleanmgr.exe.
This is supposed to be fixed, we will see how it goes... I will keep an eye on it.
 
  • Thanks
Reactions: Stelica

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
It's a bit vague.
Hope @danb can tell us more what his plans are with DUI Pro.
The new DefenderUI Pro features are Windows hardening features that block scripts, LOLBins, vulnerable processes, etc. The goal is to create a holistic engine that blocks all of these items, and to not block what should not be blocked as much as possible. As I was saying, a lot of hardening tools exclude a lot of file types because it creates too many unnecessary blocks. In addition, DefenderUI Pro also monitors executable files.

So it is kind of like a light anti-executable with anti-exploit, script, LOLBin and vulnerable process capabilities.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
View attachment 261313

What I think the above PRO features in yellow and green.

Yellow:
Microsoft Defender has a built-in tamper protection. Because DUI requires changing the M$ Defender settings, you probably need to disable tamper protection of M$D. The Pro feature compensates this loss in security, by offering a more granular tamper protection than the built-in M$D tamper protection.

Green:
The Anti_Malware and Anti-Exploit Contextual engine probably is VoodooShield's exploit protection. This means that vulnerable processes (like your browser or e-mail)are are not allowed to run programs. This is like extending the ASR rule block child processes of OFFICE programs to other vulnerable processes.

Dynamical Security Postures is probably the smart anti-execution lock of VoodooShield. Some processes are automatically whitelisted because their parent process is a safe process or because they are on the cloud white list. When your browser or e-mail is running, non-whitelisted processes are probably not allowed to run.

Because Dan is planning to offer DUI-PRO besides VoodooShield I don't know whether or not the Voodoo AI rating is taken into account, but he also said that they overlap, so the AI-rating might also be used in above features in the smart protection.

But let's see what Dan has to say about it.
I am running DUI-PRO along with Simple Windows Hardening. DUI-Pro is not Configure Defender + Simple Windows Hardening, but more like Configure Defender combined with OS-Armor.

@danb
When I de-installed DUI-PRO the Microsoft Defender Virus & Threat detection settings were not turned on again in the "Security at a glance console".
Yeah, that is a pretty accurate summary. The WLC scan included VoodooAi.

The uninstaller will not make any changes to the MD Settings. I am curious what settings were not turned on again because it seems to be working for me, but I will test it again.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I tried to install DefenderUI Pro and its driver installed endlessly. I had to resort to the Task Manager to end the install. Is this behaviour the result of me not having bought the Pro-licence or is it something more sinister?
After ending the install DefenderUI Pro seems to be installed properly.
Very odd. No, there is nothing sinister going on here ;). Especially since DefenderUI Pro is not even available for purchase.

I wonder if some other security software was blocking something? Just a guess.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I launched Chrome browser for the first time in a few months... DUI asked me 12 times if I wanted to run chrome.exe. Each time I allowed it. Finally, it appeared on my Desktop.

Err... make that 13 times. I just got another allow request, while posting this message from Edge.

FYI... Interactive mode
This should be fixed ;).
 
  • Like
Reactions: codswollip

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I launched also chrome (I used it frequently) and it didn't ask me anything (recommended mode). But when I launched Sandboxie, it asked me to allow sandboxie crypto for each browser - firefox, edge and chrome!
Sandboxie should be fixed as well ;).
 
  • Thanks
Reactions: Stelica

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
And sorry, I forgot this - In basic change cloud check timeout with expirarea verificării în cloud. Thank you!
Cool, thank you, the changes are included in the 0.95 beta version I am going to post soon.
 
  • Thanks
Reactions: Stelica

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Dan I do miss a Disable/Install option like VS. Hard to keep DUI Pro b quite when installing, it goes berserk with prompts.
Yeah, we are going to have a way to disable the DefenderUI Realtime Protection (the new Pro features). I just have not figured out whether to include this with the MD Realtime Protection disabling or not.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
What Windows Defender UI Free or windows defender settings are adjusted with the "dynamic security postures" setting is enable?
Or is a Voodooshield technology locking down the computer?

Will the pro version be free? it will have a lifetime license? price?
Yeah, the Dynamic Security Postures feature basically works the same as it does in VS and basically locks down the computer when the user is browsing the web or checking email. None of the MD settings (or other DefenderUI features for that matter) are adjusted with this feature.

The Pro version is going to be free for quite some time, I have not even thought about all of that yet ;).
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Would be nice if it worked like voodooshield, we could have pro version where you run new anti-malware and exploit shield on so called default settings wich you cant configure. And on the pro version you would have free hands to change configuration to meet your likes

But im ok with the free and pro versions , i like configure defender over free dui, but dui has that interface application where i can really see that settings are applied and working like i want. Whenever i see DUI the icon on startup it brings peacefulness
I see what you mean, but there are only going to be a handful of Pro settings. Really, DefenderUI Free is for users who want to use a different Windows hardening app (or not use one at all), where as DefenderUI Pro includes the hardening features.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
We could re-translate these sentences as:
- Scan niet op witte lijst voorkomende bestanden voor ze automatisch toe te laten
- Dynamische Beveiligingsinstelling (vergrendel automatisch de computer indien deze gevaar loopt)

- Blokkeer misbruik van geëxploiteerde gesigneerde stuurprogramma's
- Blokkeer stelen van referenties van Windows Local Security Authority Process subsystem (lsass.exe)
- Blokkeer het runnen van uitvoerbare bestanden, tenzij ze voldoen aan criteria van prevalentie, leeftijd of die van de veilige lijst
Thank you, please keep this here and I will fix this in a future version.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Interesting, with this third party app in screenshot CMD works fine without the need to disable DUI Pro.

View attachment 261347
Yeah, this is a good example of context / process execution flow. Since this app was whitelisted and probably in a "safe" user space, it is allowed to do certain things that system items (for example), are not able to do. In other words, safe whitelisted apps should be able to run scrips and vulnerable processes, whereas other items should not be able to.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb
I noticed that if I made the settings for the user, they are not the same for the administrator or vice versa. I had to make the settings for each user.
Yeah, each user has their own settings. This is so you can restrict certain users even more if you wish.
 
  • Thanks
Reactions: Stelica

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top