Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="Andy Ful" data-source="post: 935115" data-attributes="member: 32260"><p><h4>@[USER=91050]LaurentG[/USER],</h4><p>My conclusions are totally different.</p><ol> <li data-xf-list-type="ol">AV can detect these scripts as malicious and most AVs cannot.</li> <li data-xf-list-type="ol">AV does not detect the whitelisted script as malicious and still detects the modified scripts as malicious.</li> </ol><p>The above points are welcome when protecting against malicious scripts. If VirusTotal detections were correct (and confirmed for many samples) then Defender would be more secure than most AVs. Of course, the VirusTotal detections are not the same as on the client machines, so we cannot say on the basis of such a test that Defender can protect better than most AVs.</p><p></p><p>Defender is known for strong and restrictive protection against scripting, so there can be some problems not from the security point of view but for usability. Some legal scripts (like yours) can be false positives. Most AVs are not so restrictive, so they do not block your scripts. Some of them use very restrictive methods only for obfuscated scripts.</p><p></p><p>Edit.</p><p>The differences in the protection of popular AVs are negligible in the home environment. Any test made by the home user (despite the result) cannot prove anything interesting due to a small number of samples. If you would like to see something interesting then you should test several thousands of samples per week.</p><p>So, do no focus on Defender, you can choose any popular AV that you like.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p><p>[URL unfurl="true"]https://malwaretips.com/threads/the-best-home-av-protection-2019-2020.106485/[/URL]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 935115, member: 32260"] [HEADING=3]@[USER=91050]LaurentG[/USER],[/HEADING] My conclusions are totally different. [LIST=1] [*]AV can detect these scripts as malicious and most AVs cannot. [*]AV does not detect the whitelisted script as malicious and still detects the modified scripts as malicious. [/LIST] The above points are welcome when protecting against malicious scripts. If VirusTotal detections were correct (and confirmed for many samples) then Defender would be more secure than most AVs. Of course, the VirusTotal detections are not the same as on the client machines, so we cannot say on the basis of such a test that Defender can protect better than most AVs. Defender is known for strong and restrictive protection against scripting, so there can be some problems not from the security point of view but for usability. Some legal scripts (like yours) can be false positives. Most AVs are not so restrictive, so they do not block your scripts. Some of them use very restrictive methods only for obfuscated scripts. Edit. The differences in the protection of popular AVs are negligible in the home environment. Any test made by the home user (despite the result) cannot prove anything interesting due to a small number of samples. If you would like to see something interesting then you should test several thousands of samples per week. So, do no focus on Defender, you can choose any popular AV that you like.:)(y) [URL unfurl="true"]https://malwaretips.com/threads/the-best-home-av-protection-2019-2020.106485/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
