Advice Request Does Windows Defender does HTTPS scanning?

Please provide comments and solutions that are helpful to the author of this topic.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
Hello to all after a long long time!
I remember that Windows Defender (Windows 10, 11) does not scan https connections like many other vendors do by default (eset, kaspersky etc). It is still like that?

Yes and No.
On default settings, Microsoft Defender SmartScreen can do this, but you have to use Edge, or Chrome with WDBP extension.
If you download files via any web browser then the file URL is stored in the MOTW and this URL is scanned against SmartScreen. But, this does not work if you download files via the external download manager. Furthermore, when using Firefox this scan is done only on file execution.

You can also enable Microsoft Defender Network Protection by using PowerShell or 3rd party tool. This will trigger protection similar to most AVs.(y)
 

Nikos751

Level 20
Thread author
Verified
Malware Tester
Feb 1, 2013
971
Yes and No.
On default settings, Microsoft Defender SmartScreen can do this, but you have to use Edge or Chrome.
If you download files via any web browser then the file URL is stored in the MOTW and this URL is scanned against SmartScreen. But, this does not work if you download files via the external download manager.

You can also enable Microsoft Defender Network Protection by using PowerShell or 3rd party tool.(y)
thanks! So, in default settings, defender cannot really read or intercept data in secure connections, only urls that have caused file downloads (motw)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,538
thanks! So, in default settings, defender cannot really read or intercept data in secure connections, only urls that have caused file downloads (motw)

Defender free on default settings, intentionally does not read or intercept data in any Internet connection (secure or not), except the features mentioned in my previous post.
There is a NIS service that can read and intercept data in the local network (enabled by default). If I correctly remember NIS is focused on the prevention of exploiting the vulnerabilities in network protocols.
 
Last edited:

Nikos751

Level 20
Thread author
Verified
Malware Tester
Feb 1, 2013
971
Defender free on default settings, intentionally does not read or intercept data in any Internet connection (secure or not), except the features mentioned in my previous post.
There is a NIS service that can read and intercept data in the local network (enabled by default). If I correctly remember NIS is focused on the prevention of exploiting the vulnerabilities in network protocols.
Thank you Andy!
 
  • Like
Reactions: Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top