I did the exact same things 2/3 weeks ago but I still have 7zip for the handy hash detection tool available on right click and even inside archives.29/05/2020
- Replaced 7zip with Bandizip, cause I use WD and WD protects better with MOTW
- Blocked web32.exe with Windows Firewall (block Bandizip ads)
7 zip is faster then windows in extraction and can extract more file types plus has so many options I need .Do you guys use these Zip apps because you test malware, or are there other reasons? I just let Windows extract my files, but I don't use them often so I have no need.
When considering the Bonus tests, I think that the idea is related to the proactive (non-signature) part of protection, even when the cloud backend is used. Such tests can be done for WD on files with MOTW. You can use RunBySmartscreen to run the sample and next ignore the SmartScreen alert. Many samples will be first detected by WD BAFS feature and for such samples, the Bonus tests cannot be done. But, If you will see the alert that WD blocks the file for 20 s, then it means that WD behavior detection against the cloud backend was started.Most of the behavior detections are made in the cloud backend. That is true for most AVs, so the offline behavior blocking is usually weaker.
- Trash software, I just use it when a website doesn't works on another browser.
I see this happening for new exe files everytime. So, it's related to the cloud backend behavior blocker! Great. It often triggers before any direct execution attempt is made. Yesterday, I downloaded a malware which had a .bin extension upon extraction but it was an exe malware. So, I renamed it to .exe and immediately received that 20 sec (60 sec in my case) timeout notification and 10 sec later it was detected and removed by WD.But, If you will see the alert that WD blocks the file for 20 s, then it means that WD behavior detection against the cloud backend was started.
We probably should not use the term "Behavior blocker". WD and other advanced AVs do not use a separate module which could be called a "Behavior blocker". They use behavior monitoring (locally and in the cloud) together with advanced heuristics and file reputation - the output of all of this makes behavior-based detection. If the file is running, then the detection is extended to parent and child processes (postexecution detection). The closer to the "Behavior blocker" would be WD ASR rules or Kaspersky's HIPS.
I see this happening for new exe files everytime. So, it's related to the cloud backend behavior blocker! Great. It often triggers before any direct execution attempt is made. Yesterday, I downloaded a malware which had a .bin extension upon extraction but it was an exe malware. So, I renamed it to .exe and immediately received that 20 sec (60 sec in my case) timeout notification and 10 sec later it was detected and removed by WD.
- Cleanly installed my homebrew updated LTSC ISO, after boot I ran a script to install MS Store and installed basic UWP apps like photos, movies, camera, calculator, voice recorder, etc).
- Latest Nvidia and Intel drivers
- Latest Office 365 provided by my uni
- Installed Redistributable C++ AIO
- Removed Chrome, Brave and Vivaldi
(IDLE) RAM consumption, 2004 idled at 3.1GB
View attachment 242335
Windows Update went painlessly since my ISO already contained all the cumulative updates, so it just downloaded drivers, Intel microcode, MRT and WD updates.
ConfigureDefender worked without problems
EDIT: I forgot to say that I set telemetry level to 0 in gpedit which according to MS only sends information that’s required for Malicious Software Removal Tool, and Windows Defender. (source)
View attachment 242342
Don't forget to integrate all the updates in the ISO, it's a PITA to manually update an OS from 2018Thanks I will try using it with a custom shell.
Yes, that's how I got my ISO didn't noticed if Winsxs cleanup was also free anyway I'm currently doing that manually with dism in my laptop.The free version doesn't let you add updates though. Does it?