New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Hey guys,

There was one more rule that needed to be added for Windows Updates, so here is the latest. If dismhost is still being blocked, please let me know how you trigger the block so I can reproduce it on my system. Other than that I think we are close.

DefenderUIPro 0.98 beta
SHA-256: dbc91b2f0dc2bcc954cd3edcfe7cccd1fec183832c9b08730a44e8193c78868f

BTW, the Microsoft Update debacle did not appear to be fixed today so I played around with it a little and found that if you delete the contents of the C:\ProgramData\Package Cache directory, then check for updates, it seems to have fixed the issue.

Thank you!
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
@danb Could you elaborate on how DefenderGuard works?

As far as I'm aware, malware can disable Defender by either adding entries like DisableScanOnRealtimeEnable/BehaviorMonitoring, etc. to the registry, by deleting the registry entries that allow Defender to function, or by adding itself to Defender's exclusions (if any of these have already been mitigated by Tamper Protection then please excuse my ignorance).

I'm curious to know how DefenderGuard works in reactivating Defender, and if/how it would do so if any of these scenarios occurred.
 
Last edited:

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
@danb Excuse my inaccurate use of terms here... as temporarily, I have DUI uninstalled.

When I "disable all" I get a pop-up instructing me to change a Windows Security setting. The wording is quite unclear as to what/why/when I do this... or undo this.

Can you explain what this is about, and why I must manually change a security setting when selecting "disable all" and exactly what is the difference between the "yes" and "no" buttons on that pop-up? Each time I've done this, I have zero ideal of what I'm doing, and its effect on my PC security. Thank you.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
For me Windows update works (Windows 10 Pro). After I reset the whitelist I had to allow dismhost.exe. It appears when I want to clean temporary files (disk cleaning). Thank you!
When I try to reproduce the block with Windows Disk Cleanup, it does not trigger dismhost for some reason. I am pretty sure that rule is correct, but I can for sure fix it if I can reproduce the block. Is there anything special that you do when you launch disk cleanup? Thank you!
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Hey guys,

There was one more rule that needed to be added for Windows Updates, so here is the latest. If dismhost is still being blocked, please let me know how you trigger the block so I can reproduce it on my system. Other than that I think we are close.

DefenderUIPro 0.98 beta
SHA-256: dbc91b2f0dc2bcc954cd3edcfe7cccd1fec183832c9b08730a44e8193c78868f

BTW, the Microsoft Update debacle did not appear to be fixed today so I played around with it a little and found that if you delete the contents of the C:\ProgramData\Package Cache directory, then check for updates, it seems to have fixed the issue.

Thank you!

DUI Pro 0.98 beta (Dynamic Security Postures: enabled). Here all works smooth, no slowdowns or any issues, I haven't noticed blocks so far (y)
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb Could you elaborate on how DefenderGuard works?

As far as I'm aware, malware can disable Defender by either adding entries like DisableScanOnRealtimeEnable/BehaviorMonitoring, etc. to the registry, by deleting the registry entries that allow Defender to function, or by adding itself to Defender's exclusions (if any of these have already been mitigated by Tamper Protection then please excuse my ignorance).

I'm curious to know how DefenderGuard works in reactivating Defender, and if/how it would do so if any of these scenarios occurred.
DefenderGuard, as you guys can guess, is a component to further protect MD. One of the main features that I always wanted in MD was one that auto reactivated MD when the user disables it, so that is why the feature was initially developed. It currently does not monitor the registry for changes to MD, but DG is a work in progress and we can always add whatever new features and protections as we go. Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb Excuse my inaccurate use of terms here... as temporarily, I have DUI uninstalled.

When I "disable all" I get a pop-up instructing me to change a Windows Security setting. The wording is quite unclear as to what/why/when I do this... or undo this.

Can you explain what this is about, and why I must manually change a security setting when selecting "disable all" and exactly what is the difference between the "yes" and "no" buttons on that pop-up? Each time I've done this, I have zero ideal of what I'm doing, and its effect on my PC security. Thank you.
Yes, when Tamper Protection is enabled there are a handful of features in DefenderUI that will not work, and MD Real-time protection is one of these features. So since MD Real-time protection is disabled, then Disable All is disabled as well. And this prompt is basically asking you if you want DefenderUI to take you to the place in MD where you can disable Tamper Protection. So if you click No, then nothing happens, but if you click Yes, DefenderUI will take you to the place in MD where you can disable Tamper Protection. Thank you!
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Thanks for that explanation @danb ... I have a somewhat related question... an issue with my PC, not your app... When attempting to clean install .98, I get this...

1gauks9.png


Since I'm running Win10 Home x64 20H2, I'm curious where the installer program looks, so perhaps I can fix this once and for all (it has happened with other installations). Apologies for the semi-OT post.
 
  • Wow
Reactions: show-Zi

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Yes, when Tamper Protection is enabled there are a handful of features in DefenderUI that will not work, and MD Real-time protection is one of these features.
I'm still confused. After installing .98, I set the application to "Aggressive Profile". Doing so did not require me to disable Tamper Protection.

Which features in DefenderUI am I missing with the "aggressive" setting that would require me to disable WD Tamper Protection? Thanks!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Thanks for that explanation @danb ... I have a somewhat related question... an issue with my PC, not your app... When attempting to clean install .98, I get this...

1gauks9.png


Since I'm running Win10 Home x64 20H2, I'm curious where the installer program looks, so perhaps I can fix this once and for all (it has happened with other installations). Apologies for the semi-OT post.
It's hard to say for sure because that is a flag that is set by Inno Setup (the software a lot of developers use to build their installers). I googled to see if I could find where Inno Setup looks in the registry, but could not find anything.

I will PM you a different installer that does not specify the build number, it just specifies Windows 10 and above. So that might do the trick, I guess we will see ;).

I was unable to send a pm, so here is a link: InstallDefenderUIProTest.exe
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I'm still confused. After installing .98, I set the application to "Aggressive Profile". Doing so did not require me to disable Tamper Protection.

Which features in DefenderUI am I missing with the "aggressive" setting that would require me to disable WD Tamper Protection? Thanks!
Yes, most of the features in DefenderUI do not require Tamper Protection to be disabled. The only features that do require Tamper Protection to be disabled are: Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning and Threat Default Actions. So there are the only features that are not available, and this applies to all profiles. Thank you!
 
  • Like
Reactions: show-Zi and Azure

Stelica

Level 2
Sep 27, 2021
97
Regarding dismhost it occurs when I request disk cleaning, system files cleaning (for example when I want to delete old restore points)
But I did not understand the issue discussed about tamper protection. I have DUI Pro in the recommended mode, tamper protection enabled and the only feature which does not work with tamper protection enabled is Threat Default action. Thank you!
 
Last edited:

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Yes, most of the features in DefenderUI do not require Tamper Protection to be disabled. The only features that do require Tamper Protection to be disabled are: Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning and Threat Default Actions.

Thanks. So a followup. On my system, Tamper Protection is enabled. However, on DefenderUI, all the features you listed, except for Threat Default Actions, show as enabled (I assume they are active when shown in blue). So maybe they aren't affected by Tamper Protection? Or there is something I've yet to grasp?

For example,
7HAIQHt.png


I was unable to send a pm, so here is a link: InstallDefenderUIProTest.exe

Thanks. That installer ran fine, but also, I was able to trigger the standard installer after rebooting. So I'll have to puzzle this out.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Another positive report at Wilders:
DefenderUI Pro version 0.98 bêta fixed my slowdown problems on both my machines. Thanks to Dan
:)
:)
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Thanks. So a followup. On my system, Tamper Protection is enabled. However, on DefenderUI, all the features you listed, except for Threat Default Actions, show as enabled (I assume they are active when shown in blue). So maybe they aren't affected by Tamper Protection? Or there is something I've yet to grasp?

For example,
7HAIQHt.png




Thanks. That installer ran fine, but also, I was able to trigger the standard installer after rebooting. So I'll have to puzzle this out.
We can go either way on this, and whatever makes the most sense to the end user is great with me. The reason Threat Default Actions are greyed out when Tamper Protection is enabled is because the Threat Default Actions settings are completely unavailable when Tamper Protection is enabled. Whereas with Scan Scripts, for example, the toggle button displays the current setting, but when the user clicks the toggle button, they get a prompt to let them know that it is not adjustable when Tamper Protection is enabled. So basically, it works exactly like it does in CD, except DefenderUI also has a prompt to let you know that the settings has not been changed, and that you have to disable Tamper Protection in order to adjust these settings.

BTW, the features that require Tamper Protection to be disabled (Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning and Threat Default Actions) are not a limitation of CD or DefenderUI. This limitation applies to all software that configures Defender's settings.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top