Advice Request Does Windows Defender does HTTPS scanning?

[Nikos751]

Hello to all after a long long time!
I remember that Windows Defender (Windows 10, 11) does not scan https connections like many other vendors do by default (eset, kaspersky etc). It is still like that?

 

[Andy Ful]

Hello to all after a long long time!
I remember that Windows Defender (Windows 10, 11) does not scan https connections like many other vendors do by default (eset, kaspersky etc). It is still like that?

Yes and No.
On default settings, Microsoft Defender SmartScreen can do this, but you have to use Edge, or Chrome with WDBP extension.
If you download files via any web browser then the file URL is stored in the MOTW and this URL is scanned against SmartScreen. But, this does not work if you download files via the external download manager. Furthermore, when using Firefox this scan is done only on file execution.

You can also enable Microsoft Defender Network Protection by using PowerShell or 3rd party tool. This will trigger protection similar to most AVs.

 

[Nikos751]

Yes and No.
On default settings, Microsoft Defender SmartScreen can do this, but you have to use Edge or Chrome.
If you download files via any web browser then the file URL is stored in the MOTW and this URL is scanned against SmartScreen. But, this does not work if you download files via the external download manager.

You can also enable Microsoft Defender Network Protection by using PowerShell or 3rd party tool.

thanks! So, in default settings, defender cannot really read or intercept data in secure connections, only urls that have caused file downloads (motw)

 

[Andy Ful]

thanks! So, in default settings, defender cannot really read or intercept data in secure connections, only urls that have caused file downloads (motw)

Defender free on default settings, intentionally does not read or intercept data in any Internet connection (secure or not), except the features mentioned in my previous post.
There is a NIS service that can read and intercept data in the local network (enabled by default). If I correctly remember NIS is focused on the prevention of exploiting the vulnerabilities in network protocols.

 

[Nikos751]

Defender free on default settings, intentionally does not read or intercept data in any Internet connection (secure or not), except the features mentioned in my previous post.
There is a NIS service that can read and intercept data in the local network (enabled by default). If I correctly remember NIS is focused on the prevention of exploiting the vulnerabilities in network protocols.

Thank you Andy!