Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="Andy Ful" data-source="post: 935128" data-attributes="member: 32260"><p>The whitelisting made by the Microsoft analyst strongly suggests that AMSI-paired ML detections are just like other behavior-based detections, as @[USER=86910]struppigel[/USER] suggested (I will make an additional test to confirm this). From your own test, it follows that whitelisting one script (antimalware detection) does not whitelist the modified scripts. From my tests, it follows that whitelisting one of AMSI-paired ML detections for the same script does not automatically whitelist another possible AMSI-paired ML detection.</p><p>Furthermore, your scripts are also blocked by ASR rules. ASR exclusions also do not automatically whitelist modified scripts.</p><p></p><p>Anyway.</p><p>It is true that many commercial (paid) AVs can provide a more flexible way of anti-ransomware protection than Defender on default settings + Controlled Folder Access. So, if you need more flexibility you can use one of them or learn to use Windows built-in security.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 935128, member: 32260"] The whitelisting made by the Microsoft analyst strongly suggests that AMSI-paired ML detections are just like other behavior-based detections, as @[USER=86910]struppigel[/USER] suggested (I will make an additional test to confirm this). From your own test, it follows that whitelisting one script (antimalware detection) does not whitelist the modified scripts. From my tests, it follows that whitelisting one of AMSI-paired ML detections for the same script does not automatically whitelist another possible AMSI-paired ML detection. Furthermore, your scripts are also blocked by ASR rules. ASR exclusions also do not automatically whitelist modified scripts. Anyway. It is true that many commercial (paid) AVs can provide a more flexible way of anti-ransomware protection than Defender on default settings + Controlled Folder Access. So, if you need more flexibility you can use one of them or learn to use Windows built-in security. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
