Advice Request Does Windows Defender does HTTPS scanning?

Nikos751 · Jan 22, 2022

Hello to all after a long long time!
I remember that Windows Defender (Windows 10, 11) does not scan https connections like many other vendors do by default (eset, kaspersky etc). It is still like that?

Andy Ful · Jan 22, 2022

Nikos751 said:
Hello to all after a long long time!
I remember that Windows Defender (Windows 10, 11) does not scan https connections like many other vendors do by default (eset, kaspersky etc). It is still like that?

Yes and No.
On default settings, Microsoft Defender SmartScreen can do this, but you have to use Edge, or Chrome with WDBP extension.
If you download files via any web browser then the file URL is stored in the MOTW and this URL is scanned against SmartScreen. But, this does not work if you download files via the external download manager. Furthermore, when using Firefox this scan is done only on file execution.

You can also enable Microsoft Defender Network Protection by using PowerShell or 3rd party tool. This will trigger protection similar to most AVs.

Nikos751 · Jan 22, 2022

Andy Ful said:
Yes and No.
On default settings, Microsoft Defender SmartScreen can do this, but you have to use Edge or Chrome.
If you download files via any web browser then the file URL is stored in the MOTW and this URL is scanned against SmartScreen. But, this does not work if you download files via the external download manager.

You can also enable Microsoft Defender Network Protection by using PowerShell or 3rd party tool.

thanks! So, in default settings, defender cannot really read or intercept data in secure connections, only urls that have caused file downloads (motw)

Andy Ful · Jan 22, 2022

Nikos751 said:
thanks! So, in default settings, defender cannot really read or intercept data in secure connections, only urls that have caused file downloads (motw)

Defender free on default settings, intentionally does not read or intercept data in any Internet connection (secure or not), except the features mentioned in my previous post.
There is a NIS service that can read and intercept data in the local network (enabled by default). If I correctly remember NIS is focused on the prevention of exploiting the vulnerabilities in network protocols.

Nikos751 · Jan 30, 2022

Andy Ful said:
Defender free on default settings, intentionally does not read or intercept data in any Internet connection (secure or not), except the features mentioned in my previous post.
There is a NIS service that can read and intercept data in the local network (enabled by default). If I correctly remember NIS is focused on the prevention of exploiting the vulnerabilities in network protocols.

Thank you Andy!

Search

Advice Request Does Windows Defender does HTTPS scanning?

Nikos751

Level 20

Andy Ful

From Hard_Configurator Tools

Nikos751

Level 20

Andy Ful

From Hard_Configurator Tools

Nikos751

Level 20

Similar threads